When a wallet constructs a transaction, it makes dozens of small decisions: input ordering, coin selection, fee estimation, signature encoding. These choices vary systematically across implementations and can be used to identify wallets on-chain. These patterns are called wallet fingerprints.

Some fingerprints are deterministic. For example, Bitcoin Core grinds all ECDSA signatures to a low-r value, so 

. Others are probabilistic: fee rates follow characteristic distributions per wallet. Bugs become fingerprints too. Each dimension contributes independent evidence, and the evidence compounds. For a 

Fingerprints sharpen clustering, the process of grouping related outputs using behavioral heuristics. For background, see Yuval Kogman's blog post on 

. Recent work in clustering uses wallet fingerprints to bolster existing heuristics such as 

 showing meaningful improvements over naive heuristics. 

 showed that combining wallet fingerprints from adjacent transactions with value analysis improves clustering accuracy, validating the approach on ground truth data. This directly threatens Payjoin's privacy model, which relies on making the sender's and receiver's inputs indistinguishable. Fingerprints that partition the inputs restore the clustering Payjoin was designed to break.

This post applies that lens to real Payjoin transactions.

bitcoin

> *by [Armin Sabouri](https://github.com/arminsabouri)*
> 
> When a wallet constructs a transaction, it makes dozens of small decisions: input ordering, coin selection, fee estimation, signature encoding. These choices vary systematically across implementations and can be used to identify wallets on-chain. These patterns are called wallet fingerprints.
>
> Some fingerprints are deterministic. For example, Bitcoin Core grinds all ECDSA signatures to a low-r value, so [a single 72-byte signature immediately eliminates Core as the signer](https://b10c.me/blog/006-evolution-of-the-bitcoin-signature-length/#der-encoded-ecdsa-signatures). Others are probabilistic: fee rates follow characteristic distributions per wallet. Bugs become fingerprints too. Each dimension contributes independent evidence, and the evidence compounds. For a [comprehensive study of wallet fingerprints](https://ishaana.com/blog/wallet_fingerprinting/), see prior work by Ishaana Misra.
>
> Fingerprints sharpen clustering, the process of grouping related outputs using behavioral heuristics. For background, see Yuval Kogman's blog post on [the history of wallet clustering](https://spiralbtc.substack.com/p/the-scroll-3-a-brief-history-of-wallet). Recent work in clustering uses wallet fingerprints to bolster existing heuristics such as [change identification](https://link.springer.com/chapter/10.1007/978-3-031-18283-9_19) showing meaningful improvements over naive heuristics. [Kappos et al.](https://www.usenix.org/conference/usenixsecurity22/presentation/kappos) showed that combining wallet fingerprints from adjacent transactions with value analysis improves clustering accuracy, validating the approach on ground truth data. This directly threatens Payjoin's privacy model, which relies on making the sender's and receiver's inputs indistinguishable. Fingerprints that partition the inputs restore the clustering Payjoin was designed to break.
>
> This post applies that lens to real Payjoin transactions.
>
> [**...read more at payjoin.org**](https://payjoin.org/blog/2026/03/25/wallet-fingerprints-payjoin-privacy/)