Bitcoin Forum

Its no longer news of how cyber crimes is slowly creeping in on digital currencies and to this end, Bitcoin experts advise that the usage of Bitcoin addresses should be done once as it helps to curb the risk of users giving up vital information that could prove costly in the future.
 Continuous use of this addresses can prove to be a bad idea for three reasons:

 1. It is quite harmful to one's privacy and becomes an impediment to BTC censorship resistance
 2. It can leave one open to niche attacks and one becomes vulnerable to these cyber thieves who will extract private keys from signatures after a transaction has been made.
 3. Quantum computers could extract private keys if these addresses are re used.
 Citing an instance of the Ronin network incidence in March, where $540m worth of cryptocurrency was carted away by thieves hopefully by finding a collision of randomly picked message digest of 2¹³⁰+1 input of hashes causing possible collides by examining the square root of the number of possible output. Making re-use of Bitcoin addresses risky considering the chances of possible collisions even though the entire process might be time consuming hackers might choose to patiently wait till a collision is found just like the case of Ronin network..https://www.google.com/url?q=https://support.bitcoin.com/en/articles/3542797-reusing-addresses&sa=U&ved=2ahUKEwjh___X4934AhUNVfEDHQ7dBCoQFnoECAsQAg&usg=AOvVaw1hWrSxapVVOACYyKI8RwcX

This is the only reason I know why address Reuse is not a good idea

Can you tell us how this is done?

Or maybe Ronin network just messed up and gave away their private keys to the hackers otherwise if this was possible, Don't you think so many addresses holding large amounts of Bitcoin would have been hacked by now?

2 doesn't make sense, you can't extract a private key from a signature because there isn't one there.

Your private key encrypts what is meant to be signed (which can then be decrypted by your public key - which is provided in the transaction). The only way your private key could be bruteforced would be by number 3, which is a future concern but currently isn't as long as the private keys were created properly.

AFAIK, the ronin network was compromised because it wasn't truly decentralized. There were only 9 validators, and the "hacker" got access to 5 of them. 4 from Sky Mavis system, which was used to push the withdrawal and was signed by another compromised fifth validator(Axie DAO, which had a vulnerability in their gas-free RPC node).
It has nothing to do with just "private keys" being hacked. It was an internal play 100%

As for Quantum computers, they are not at that level yet. There's no way  :D

What experts? Can you cite the sources on the basis of which you came to this conclusion?


Number one (privacy) is the only valid reason as far as I am concerned. Two and three are complete nonsense.

This is not actually possible. Many people frequently reuse addresses, including businesses that hold billions of dollars worth of coin.
QC may allow for the private keys to be calculated from the signature, but this is still far away. In fact, it may be possible for QC to calculate the private key in less time than it takes for a transaction to get confirmed, but again, this is something that is far away, probably decades, but when it is here, the lack of reusing addresses is not going to prevent your money from being lost.

1) 1/2 false. It does hurt one's privacy but it does not matter to censorship. If a service wants to block you or an address it will. They will have an easier time if you keep using the same address but all you need to do is generate a new address or a few thousand new addresses.

2) Nope it does not work this way. There are always people talking about it, but it's not something to worry about.

3) A has nothing to do with B. If quantum computers ever get to the point of being able to do something like that (probably not in our lifetimes) the entire encryption of BTC would be broken. Would not matter if it's one transaction or 1000s of transactions to and from an address. And Roniis is a side chain of an altcoin. Has nothing to do with BTC.

-Dave

This is one of those questions... Just compute the number of addresses that can ever exist and use one address per transaction. There is no need to reuse addresses multiple times. There are companies dedicated to blockchain analysis and there are already sites measuring the level of privacy of addresses/transactions and mentioning the most probable reasons for lower scores!

here is the thing

satoshi had funds on a public key, not a public key hash. but a public key(the deemed riskier of the lot)
(see his coin reward in block 9)
https://www.blockchain.com/btc/address/12cbQLTFMXRnSzktFkuoG3eHoMeFtpTu3S?page=11

he spent the funds and returned left over change of funds to the same key.. and then spent them again.. and again
meaning there are about  5-6 signatures that exist associated with that public key..

here is the thing.. no one in 12 years has been able to brute that public key..
and there are funds that still remain on it, even today. not spent since 2009

as for privacy.. even now people still dont know who satoshi is

if anyone is game/up for it.. give it a shot.. there are 18coins up for grabs on that key that has a few signatures publicly available to try to use as a brute source of info from.... have a go.. see how realistic it is to brute a re-used address.
(hint many have tried)

It is why we have changed addresses and there is advice to use changed addresses and avoid to reuse addresses.

• Address reuse (https://en.bitcoin.it/wiki/Address_reuse)
• Change address (https://en.bitcoin.it/wiki/Change)
• Check privacy with blockchair.com: https://blockchair.com/bitcoin/privacy-o-meter (I don't recommend you to paste your address there to check, it is risky because your data will be collected by them)
  
  • Another alternative: https://blockstream.info/

Do you know that a process from Private key > Public Key > Public (Receiving) address is a one-way process.

Quantum computers are things used to spread fear about Bitcoin. It started years ago and now still can not break Bitcoin private keys. Do you really think that Bitcoin protocol won't be upgraded over time in order to be better for itself and to protect itself from potential attacks, exclusively Quantum computers.

By the strength of encryption, knowing the bitcoin address does not give access to the bitcoins associated with the address. Only the private key can be used to access bitcoins. This is why you never give your private keys to anyone else. It is like an email address. The private key is the password for your email address. Anyone can send email to your email address and it's publicly visible, but only someone who holds the email address password can send email from that account. This is called public-key encryption.

The short answer is you are wrong.
The fundamentals of asymmetric cryptography is based on the fact that you can and should reveal your public key and signature without any risk of your private keys being compromised specially if ECDSA is used. If there were any risks then it would make the whole system obsolete not just reused addresses.
The only serious issue with reused addresses is a privacy related one.

Heard of this before which its become an issue when public key is exposed where the Quantum computer can also hack the private key. I don;t really believe it but because there are many knowledgeable users recommend not reusing BTC address, it won't hurt doing so. Centralize platform though is not allowing us to generate new addresses every time.


I find the pattern already that every bear market, a topic like this comes on top in the forum. Must be the users spreading the fud.

While we've always been advised not to reuse addresses, I'm not sure if there's anybody here who's religiously doing that. I guess even the ones who are giving that reminder reused addresses themselves. And if it's true that reusing an address could lead to theft of private keys, then theft of Bitcoin would have been as common as reusing an address. It's clear it's not the case.

Whatever happened to that Ronin Network, whether or not it proved that reusing an address indeed leads to theft of private keys, it doesn't matter; Ronin network is not Bitcoin network.

I think the Author is somehow misleading, if I want to re-use a wallet address multiple times for transactions, it doesn't give me any security harm to my private keys, also we have not seen any computers who have done that currently except for Quantum computers that have been making news but it is still hypothetical, nothing has been done so far. However, address reuse is a big concern when it comes to privacy, you cannot preserve privacy by using a single address for incoming and outgoing transactions every time, the chain surveillance are watching the network, and the moment you do that, you can easily be detected as the owner of the address and the big problem is that you wouldn't be able to combine it with other UTXOs as soon as that address becomes expose to chain analysts.
So, technically, don't use an address more than once.


A node can carry out a transaction Malleabity by changing your transaction ID on the network but they don't have the strength to extract the signature from a transaction, this point is kind of too off.

Perhaps, the author is refering to the problem described here: https://web.archive.org/web/20160308014317/http://www.nilsschneider.net/2013/01/28/recovering-bitcoin-private-keys.html ?  

As far as I understand, when the same address is reused, signatures are created with the same private key. This private key can be calculated if, and only if, the k-value (random integer) is either not-so-random (deterministic or weak entropy) or the said k-value is also reused. We are interested in the latter case because the former case doesn't require the reuse of addresses. So, if the wallet software in question is compromised, malicious, flawed, or outdated, or the user himself is trying to sign a transaction using a custom, poorly written ECDSA signature algorithm, it may result in a private key vulnerable to theft. If a wallet uses the same k-value each time it signs a transaction, an attacker can take advantage of this vulnerability and steal all the coins that still are on a reused address.

just a side note here, bitcoin.com is not the real home for bitcoin, just to know that the link there describing the advantages of their bitcoin wallet is not the real bitcoin wallet, it's just the Rorger Ver's altcoin.

Two screenshots ^{by pooya87} from the past, in early days of Roger Ver's scam efforts. There are better sites to learn about Bitcoin, read news about Bitcoin.

• Make sure you get legit bitcoin and its wallets, resources (https://bitcointalk.org/index.php?topic=5325250.0)

On the count of 1 as at above, talking about privacy, of course. The public keys were never to be private, that's why its called a public key. It was made to be opened to checks and verifications on transactions done on it but still, remains private as per the identity of whom is behind the address. Although, it puts it directly in the way of an attack to use an address way too often as the loads of coins on it makes it a target for hackers. This you can mitigate by simply generating new address as the need arises.

On the count of 2&3, there isn't a way for which, private keys or seed phrase would be extracted from the public address nor the transaction signatures as these are just a means to the authenticity of transactions done on the blocks and have no links to the keys of the addresses behind.
About quantum computers, of course they've got high processors and are relatively very smart but not up to the task of generating or guessing private keys just yet.

For now we don't see any harm of repeatedly using the same address but will we wait before something bad happens to us? I don't think he is misleading since he already state some reasons there on why it is advised to constantly change our public address right after every use however for someone that is only dealing with smaller amounts then I think they can continue using with one address.

There's nothing to be afraid of because no one will check their addresses and will be obsessed to hacked it. Hacking isn't easy so if hackers will done the act, they can just do it to the addresses that has huge balances on it as that will be worth of their time.

Addresses can be reused in different ways.
For example, I can send the same address to Person A, B, and C if they need to send me Bitcoin. The address has been re-used. At most, that's a privacy concern. But even if the address was used 3 times, the public key is never revealed if I don't spend the coins. You wouldn't be able to crack my private key with my public key (even if you could) because there is no record of it yet. Only if I spend the coins from my receiving address by signing a transaction, my public key will be recorded on the blockchain and then you can attempt to crack it. According to experts, we are decades away from such a scenario. 

i think people need to define "re-use"

receiving funds repeatedly from many people to your one address is no harm at all.. (from a brute force hack prospective)
.. its the repeat spending that has a slight miniscule(brute force hack) risk.. but still negligable*

the privacy risk of receiving funds from multiple sources to one address or spending from one address to multiple people is where each merchant/sender/receiver to or from that address, where if you offer personal info then associates that address with a name they have. and they can then pass that info on if you keep using that address if it becomes an interesting address to keep an eye on

*however the risk of someone brute forcing.. well as i said in my last post.. give it a try. try brute forcing satoshis address from his block9 reward , see how easy it really is

K values these days are generated deterministically so the chances of it being weak is practically zero. If it is weak in a certain implementation then there is a good chance that there is no need to reuse the address for the private key to be leaked like the case with blockchain.info vulnerability that they were producing the same k for everyone and you could steal the coins before they even confirmed.

In other words implementation flaws mean the said software should be avoided altogether. Whether you reuse addresses or not doesn't change the fact that your funds are at risk.

Do not trust any unreliable source. Hackers can filter the private keys and access the wallet and then steal the bitcoins. Be careful and smart enough to identify any fault.

The attacks only work if the same nonce is re-used over and over again by the wallet [most wallets plugged that vulnerability 8-10 years ago] or if there is some mathematical relationship between the two nonces e.g. K' (the second nonce) being equal to K+1 or something else equivalently simple. So don't expect to find an equation out of a linear congruential (rand(3) family of RNGs) or Mersenne Twister RNG.

All secure wallets generate a random nonce for each transaction, mitigating this vulnerability.

To piggyback on this, also would mean that multiple industries would be compromised since they rely on the same thing Bitcoin does. Meaning, a solution would've already been found or Bitcoin being broken is the last of our worries. However, as suggested we've got a ton of time to think about quantum resistant measures which probably won't happen for a long time. I'm not sure about our lifetime, but I imagine we'll be ahead of schedule on a solution, since there's already been some half baked solutions proposed already.

Yeah, and considering how much companies usually keep of your data, I wouldn't doubt that exchanges are using this on mass. I imagine this sort of data will unfortunately become a gold mine in the near future. Hence why people should care about not willy nilly giving their information to any company or person for that matter, that asks for it.

Quantum Computers could calculate your private key with Shor's after 1 transaction because you are revealing your public key in a transaction.
They even could attack it, while it's in the mempool and replace it with a higher fee. Bitcoin has to use quantum-resistant signatures in the future.
https://csrc.nist.gov/News/2022/pqc-candidates-to-be-standardized-and-round-4


Yes, there are some new kinds of attacks regarding the random nonce.
https://eprint.iacr.org/2020/615.pdf

Maybe you don't want to sign messages on edge devices with low entropy.

for sake of humour, im making one small adjustment

a few years ago the company behind bitnodes was doing offers of awarding people sats for handing over personal info. like linking their social media and stuff.
so yea it will be a 'sat mine' linking forum usernames to social media and then to known nodes and wallet addresses.

other services awarding sats for 'learn about bitcoin' are able to give away sats because they sell that info when you sign up, other things like 'refer a friend' too as it brings a bigger picture of who you are by revealing your social connections to others

chain analysis websites earn money selling their data so if they can fill that data with tagged addresses it adds a premium to their data

many exchanges wanting this info to be able to analyse it and learn more about their customer behaviours, is worth alot of value to them.
the more an exchange knows about a customer, the more they can spot suspicious people/behaviours and send SAR(suspicious activity reports) and avoid getting fined for accidentality missing out on suspects that should have been obvious if they had the info to make a good decision to report or not

Privacy I agree and that is the main point of address reuse, and the only one. I have been using one same address for identification purpose (hence the loss of privacy) but if that made it more vulnerable to private key theft, why would it even be a feature?

I mean, hackers can just use the same attack on any address in blockchain explorer if the quantum computer argument is true then it shouldn't matter if you use the address once or twice or more.

Only way is to keep changing entire wallets if that's the case.

privacy is not preserved by avoiding address re-use.
its preserved by being a person that does not talk about their life too much..

EG there are people that use a different address for all their signature campaigns. yet they are publicly listing their address in the ad-campaign category posts of the public forum. thus immediately attaching their forum username to all of their new addresses.. becomes a pointless exercise in using different addresses

i personally have a vanity address and i use that simply for the "i dont care who sees" situations. i keep my actual hoard of coins in a separate wallet where the funds are never spent together in a same tx as my vanity address. so they are separate.

i dont list or mention the address of my separate hoard. and so i preserve the privacy of that hoard.
i do not mention my forum name when handling transactions of the hoard. thus keeping that separate too.

..
there is no point doing address-reuse avoidance. if you are still going to be using all your funds from different addresses to deposit into your same KYC'd exchange account

avoiding address re-use should be
OK address 1abcdef is only for exchange A and exchange B,C deposits where they know my birth certified name
OK address 1zxywv is only for merchant F who does not ask for my name or forum avatar/pseudonym
OK address 1pqrstu is only for merchants i found through the forum who know my forum identity

and try to keep the funds separate so they dont sweep together

in short be smart about what address you use with which service. but especially about what life story you attach to that address

Yes I do agree with this, I do believe that what happened to ronin network is insider job. and I know quantum computer capable doing lot of thing but what you have said is true

---

reuse-ing address is fine for daily transaction with account not more thang 1000$ as long you don't fall to scammer and hiding away your private key, but for privacy process using Wasabi wallet or other mixer is always be a great choice

If you use Wasabi wallet, your privacy would be less than zero because they not only track all your transactions going in and out of the CoinJoin transaction but also they report it directly to blockchain analysis companies who in turn use it to deanonymize you.