# Bi and B2 Belong to Different Users

Recall that each Bloom filter is initialized with a random seed chosen uniformly at random from {0, l}^{64}. Therefore, if B_{i} and B_{2} pertain to different users, then it is highly likely that they are initialized with different random seeds. This means that the false positives generated by each filter are highly likely to correspond to different addresses. Moreover, since different users will have different Bitcoin addresses, B_{i }and B_{2} will contain different elements. Therefore, *B _{i}* П

*B*is likely to comprise only few addresses, if any. Notably, when B

_{2}_{i}and B

_{2}pertain to different users, then

*B* nB_{2} can be computed as follows:

where *N _{1}* corresponds to the number of elements inserted in

*B*[Bi n B

_{1}. E_{2}] is the expected number of elements that match B

_{2}and B

_{1}. The number of elements in B that match B

_{2}is given by

*Pf*(m

_{2})B. Then, E[B

_{1}n B

_{2}] can be computed by assuming a binomial distribution with success probability Pf (m

_{2}) and with Pf (m

_{2})B number of trials.

Note that the adversary can compute m_{1} (using (6.4)); if m_{1} > B_{1} n B_{2}, then this offers a clear distinguisher for the adversary that the two acquired Bloom filters B_{1} and B_{2} pertain to different user wallets.