There was a lot of talk about my mitigation for the MAP Decoder Attack on Monero by using an incoming and outgoing wallet. There was a lot of talk about how I didn't tell people to not do KYC. Of course don't do that. Duh.
Until recently I didn't see any actual technical critique of the "two wallet strategy", just a lot of complaining, pissing and moaning and ad hominem attacks. All that was pretty boring and did not warrant a response. But I just found an actual critique and so I will explain why it does not quite hold water. I believe this comes from a misunderstanding on how the two wallet strategy works, which means I could have explained it a lot better. The critique relies on multiple "If you do this thing you should not do, then X". So it is more of a worse case critique, if you make lots of bad decisions and hurt your own privacy, then the two wallet strategy will not help you. Duh.
Anyway, time to jump right in. First I will reproduce the critique in full
right here for those that do not want to use Telegram:
"The so called two-wallet strategy, actually makes your Monero easier to trace.
According to this strategy, you should have one wallet for spending and one
for receiving. What happens if you do this? In the receiving wallet you create
a pool of TXOs (txo1, txo2, txo3 etc) all owned by you. Some of these TXOs
will have been earmarked as yours by outside observers (if for example you
received money from a CEX). If you don't spend TXOs as you receive them, but
accumulate them first, then when at some point you will have to consolidate
this high number of TXOs into 1 new TXO, the flagged TXOs will signal that you
are consolidating your TXOs (even if you have many more TXOs than the ones
that have been flagged). When you do that, an observer will know that all the
money you ever received, even from TXOs that they couldn't trace as yours, is
now consolidated into the new TXO-S(end wallet). Because of the high number of
inputs flagged as yours, TXO-S is provably 100% yours. Since TXO-S is 100%
yours, and that's now in your spending wallet, an outside observer will know
where the rest of your balance is after each transaction. Because if you
always use 1 TXO to spend, and Monero user transactions have 2 outputs, then
from TXO-S your balance will move into TXO-S2 and TXO-CEX. TXO-CEX is the TXO
of the exchange (the amount you deposited), while TXO-S2 is your change TXO.
The exchange (receiver) knows exactly where the rest of your balance is. If
from TXO-S2 you deposit into another centralized party, then that centralized
party will know that, again, the change contains your remaining balance (so is
still tied to the dozens of transactions you received in your receiving wallet
weeks/months ago). In other words, if you adopt the two wallet strategy you
tie with 100% certainty your receiving transactions to your outgoing
transactions. Does that sound like privacy to you? Monero is not private, stop
using it. If you want privacy then stop believing the memes and start doing
research on how privacy tech works."
from https://t.me/techleaks24/66
Here is a list of all the assumptions this critique makes:
Assumption 1: It is possible this is true, and that hurts your privacy if so. But also you could have used something like BasicSwap or Haveno, did a p2p trade with a friend, or your buddy paid you back for lunch or you sold some of your crafts at the Farmers Market. Assuming it came from a CEX is an almost worse case scenario and assuming it came from a CEX with KYC is an absolute worst case scenario. Technology can't help you get privacy if you actively subvert it.
Assumption 2 could be true, but it's a rare event to happen. How often do you spend 100% of your wallet balance in a single transaction? Very rarely, if ever. It can very negatively affect your privacy, because of the co-spend heuristic, which basically means that if different TXOs are spent in the same transaction, then they are all owned by the same entity. This is why, for instance, there is a concept of "toxic change" that should not be spent along with other TXOs or it undoes the privacy of mixing funds.
Assumption 2 seems to be a misunderstanding of the two wallet strategy. I am not talking about moving all funds from the Receiving wallet to the Outgoing wallet. I am talking about always having some funds in both and moving funds to Outgoing when you need them. This avoids ever consolidating all your funds into one TXO.
Assumption 3 (spending exactly 1 TXO) is only true sometimes. It is only true when you have a TXO in the wallet that is larger than the total amount you are trying to send, including the transaction fee. This happens normally but it is also common to spend multiple TXOs as well. There is no way to "always use 1 TXO to spend", the amount of TXOs that you spend depend of the values of your TXOs and how much you are trying to send.
Assumption 4: While it is true that most Monero transactions have two outputs, that is not consensus rule and often that is not the case. For instance, Monerujo Pocketchange uses multiple outputs to try to make it so that users always have spendable funds, even if they just made a transaction. But most users, most of the time will be sending to one recipient and have two outputs, so this is the only assumption that is actually true most of the time. That fact does not harm the privacy of the two wallet solution because all the other assumptions only happen sometimes or are just incorrect.
Assumption 5: "Because of the high number of inputs flagged as yours, TXO-S is provably 100% yours" is dead wrong. Even if it was used as a heuristic that could sometimes be wrong, it would be wrong so often that it would make the heuristic useless. Blockchain analysis cannot tell the difference between sending a transaction to your own wallet or to someone elses wallet reliably. It can possibly do it sometimes with a lot of supporting data, but not in general. And even in that case, it would be a probabalistic heuristic, such as "there is 72% likelihood that TXO1 is owned by the same entity as TXO2". Maybe that % could be very high like 99% but often it will be much lower.
So the conclusion of the critique "if you adopt the two wallet strategy you tie with 100% certainty your receiving transactions to your outgoing transactions" is 100% false because of a combination of assumptions that only happen occasionally and a misunderstanding of what the two wallet strategy recommends. I *do* agree with the last sentence of the critique though: "If you want privacy then stop believing the memes and start doing research on how privacy tech works.". Yes, 100%.
-- Duke
June 9, 2025