Some doubts about transaction

[fabbit]

Hi everyone, after reading about Transaction at this link https://bitcoin.org/en/transactions-guide#introduction I have some doubts.
At the end Avoiding Key Reuse there is this:

In a transaction, the spender and receiver each reveal to each other all public keys or addresses used in the transaction. This allows either person to use the public block chain to track past and future transactions involving the other person’s same public keys or addresses.

If the same public key is reused often, as happens when people use Bitcoin addresses (hashed public keys) as static payment addresses, other people can easily track the receiving and spending habits of that person, including how many satoshis they control in known addresses.

It doesn’t have to be that way. If each public key is used exactly twice—once to receive a payment and once to spend that payment—the user can gain a significant amount of financial privacy.

I don't understand the last part about using public key only twice, in particular

once to receive a payment and once to spend that payment

I mean the public key isn't only used by the receiver to say the address towards which sending the payment? Why does the article say that the public key is used also by the sender, so by the spender?

Thanks,

[DaveF]

Hi everyone, after reading about Transaction at this link https://bitcoin.org/en/transactions-guide#introduction I have some doubts.
At the end Avoiding Key Reuse there is this:

In a transaction, the spender and receiver each reveal to each other all public keys or addresses used in the transaction. This allows either person to use the public block chain to track past and future transactions involving the other person’s same public keys or addresses.

If the same public key is reused often, as happens when people use Bitcoin addresses (hashed public keys) as static payment addresses, other people can easily track the receiving and spending habits of that person, including how many satoshis they control in known addresses.

It doesn’t have to be that way. If each public key is used exactly twice—once to receive a payment and once to spend that payment—the user can gain a significant amount of financial privacy.

I don't understand the last part about using public key only twice, in particular

once to receive a payment and once to spend that payment

I mean the public key isn't only used by the receiver to say the address towards which sending the payment? Why does the article say that the public key is used also by the sender, so by the spender?

Thanks,

You are over thinking it and there is a bit of extra complexity in the language.
Instead of public key think of address.
Look at the one in my profile: 18h1VLiRSxTqv12mLE7jrJmJyNQXfyMWuR
It's known to be related to me, but for now only has 2 transactions. 1 in and 1 out. If it was not a known to be my address tracking who it belonged to is much more difficult then say this address: 1DtbYWHP3rTkA3RjcU3c6dBZtHqfzQE683 which has 130+ transactions. So if anybody sending to or receiving from that address knows the owner they now know much more information about their spending habits and ownership of bitcoin.

-Dave

[squatter]

Hi everyone, after reading about Transaction at this link https://bitcoin.org/en/transactions-guide#introduction I have some doubts.
At the end Avoiding Key Reuse there is this:

In a transaction, the spender and receiver each reveal to each other all public keys or addresses used in the transaction. This allows either person to use the public block chain to track past and future transactions involving the other person’s same public keys or addresses.

If the same public key is reused often, as happens when people use Bitcoin addresses (hashed public keys) as static payment addresses, other people can easily track the receiving and spending habits of that person, including how many satoshis they control in known addresses.

It doesn’t have to be that way. If each public key is used exactly twice—once to receive a payment and once to spend that payment—the user can gain a significant amount of financial privacy.

I don't understand the last part about using public key only twice, in particular

once to receive a payment and once to spend that payment

I mean the public key isn't only used by the receiver to say the address towards which sending the payment? Why does the article say that the public key is used also by the sender, so by the spender?

The author is referring to the number of times a pubkey is "used" on the blockchain.

Let's say you generate a new bitcoin address and give it to me. When I send bitcoins to your address, a transaction is recorded on the blockchain. That's the first "use." When you send bitcoins from that address, a second transaction is recorded on the blockchain. That's the second "use."

Those are ideally the only two times a single address is ever "used." If you need to receive another payment, you should provide the sender a new, unused address.

[HCP]

I don't understand the last part about using public key only twice, in particular

once to receive a payment and once to spend that payment

I mean the public key isn't only used by the receiver to say the address towards which sending the payment? Why does the article say that the public key is used also by the sender, so by the spender?

I think you might be  misunderstanding what it is saying.

It isn't saying "receiver" and "sender"... as in two different parties (aka Alice is "receiver" and Bob is "sender") of one transaction... it is saying it is using to "receive" a given payment and then it is used (by the same party) to "spend" the payment that they had received.

Maybe this explanation might help clear it up:

1. Bob sends 0.01 BTC to AlicePubkey1 - This is use #1... AlicePubkey1 is used to "receive" a payment.
2. Alice wishes to send 0.01 BTC to Steve, so she spends the UTXO assigned to AlicePubkey1 - This is use #2... AlicePubkey1 is used to "spend" the payment from 1.

If Alice NEVER uses that same address/pubkey (aka NO address reuse) and Bob never sends to it again... that pubkey will only be recorded in those 2 transactions on the blockchain. Once to "receive", once to "spend".

[The Cryptovator]

once to receive a payment and once to spend that payment

I mean the public key isn't only used by the receiver to say the address towards which sending the payment? Why does the article say that the public key is used also by the sender, so by the spender?

You misunderstood the fact. Let's make it simple, this quote exactly want to explain you one pubkey/address should use two time. Once received payment from someone and once send payment to someone. For example you receive x amount of bitcoin from your friend, so what will you do with that coin? Someday you need it send to other or sold, right? Once you will sent it to other that means you are sender there. So during receive fund you were receiver and during sending fund from same address you are sender. And when you will use it 2 times and use new address during receive new fund then no one could trace you by your old address or pubkey.

They discouraged to reuse your address because of your privacy. Nothing else. If you are holding private keys for your addresses then that's are for you forever. You are free to use them if you have no issue with privacy.

Additionally, bitcoin address and public keys isn't same thing. Address is a hash of public key, and both will revealed when transaction will broadcasted (if you spent) to the bitcoin blockchain. So better to NOT reuse same address.

[pooya87]

think of bitcoin like this:
we have 3 things:
1. a box that is locked
2. the condition that needs to be satisfied for the locked box to open
3. the secret that can satisfy that condition and open the lock

when the sender sends coins, they are putting those coins in that lock box and set the lock to a certain condition they like. in order to set a condition in a way that only a key (#3) can open without knowing the secret itself the sender has to know something about that secret. that something is the result that is calculated with an irreversible function.
in asymmetric cryptography (ie. ECC in bitcoin) that irreversible function is point multiplication that returns a public key of that "secret" aka the "private key".

so now the sender sets that condition to this:

Code:

only the one with this public key shall open this box

now that we are thinking in terms of "conditions" and satisfying them you can set that condition to anything else. for example you can set it to a mathematical equation and set the condition to

Code:

only the one with the answer to this math question can open this box

one thing that we do nowadays is that we add another step to that condition, and that is requiring a hash. so the above condition changes to:

Code:

only the one with this public key that also has a hash equal to this (....) shall open this box

the first code snippet is called P2PK scripts where the "locking script" aka the "scriptpub" contains the public key itself. these are old and although still valid they are not used anymore.
and the final code snippet is called P2PKH scripts where the "locking script" contains the hash of the public key. that is being transferred between users in a human readable format called "addresses".
there are more scripts some of which have equivalent addresses such as P2SH, P2WPKH,... each with different type of conditions that needs to be satisfied.

[tranthidung]

It doesn’t have to be that way. If each public key is used exactly twice—once to receive a payment and once to spend that payment—the user can gain a significant amount of financial privacy.

I think the easiest explanation for you is using UTXO. I hope that I did not complicate my explanation.
Do you see the image in the link you quoted in OP?

Let's imagine that you download, install the Bitcoin Core, then run it and choose your first public key as your very first bitcoin receiving address.
I name it address A.

Then, you (user A) ask for sender (user B) to send 1 BTC to the address A. When you receive that 1 BTC in address A, it means you have 1 waiting UTXO with address A.

• User A (receiver): first Input
• User B (sender): Output *

*: The twice mentioned is explain from user B. If the amount of BTC he sent to user A is not the total bitcoin he owned in that address (I assume he does that transaction with output from only one address). For example, he own 2 BTC in that address, and send to you only 1.

Consequently, he has 1 BTC left in that address as a new UTXO. Whenever he uses that UTXO (contains 1 BTC) for next transaction, your receiving address will be recorded for the second time on the network. Because that UTXO contains transaction history relates to your address A.

I meant, people can trace back transaction history of your address A:

• Directly: from your addres A.
• Indirectly: from address B (that has at least one transaction with address A)

An off-topic information:
The balance you see in your wallet (Bitcoin Core or whatsoever bitcoin wallets), is the sum of all UTXOs from all address in your wallet.

[nc50lc]

*: The twice mentioned is explain from user B. If the amount of BTC he sent to user A is not the total bitcoin he owned in that address (I assume he does that transaction with output from only one address). For example, he own 2 BTC in that address, and send to you only 1.

Consequently, he has 1 BTC left in that address as a new UTXO. Whenever he uses that UTXO (contains 1 BTC) for next transaction, your receiving address will be recorded for the second time on the network. Because that UTXO contains transaction history relates to your address A.

Use "twice" was clearly explained as 1 time for receiving and 1 more time for sending, and never use it again.
Sending 1BTC from a 2BTC UTXO won't leave a new UTXO to the same address unless the client doesn't support "change address" or the user disables it.
Let me rephrase it: "if he did exactly 'that', he will gain more privacy"; so, if a user do the one in your scenario, he'll gain the opposite.
@fabbit That part must be relying on your understanding of the previous parts that states: when receiving, it's the hash of the public key that has to be included in the transaction and not the public key.
But yeah, "public key twice" is kinda wrong term to use for that "twice thing". Maybe it was written in consideration of P2PK script?

Perhaps someone may consider following this:

BETA: This documentation has not been extensively reviewed by Bitcoin experts and so likely contains numerous errors. Please use the Issue and Edit links on the bottom left menu to help us improve.

[fabbit]

Thanks for clarification. But another question, is p2pkh a smart contract?

[darosior]

Thanks for clarification. But another question, is p2pkh a smart contract?

The term "smart contract" should be IMO to ban (and the wiki did a good job in renaming it to distributed contract) as it has been attributed too many meanings (and nonsense).

All transactions contain "distributed contracts" (scripts), and P2PKH is the name of a standard type of these contracts.

[squatter]

Thanks for clarification. But another question, is p2pkh a smart contract?

Not really, at least not in the sense you're probably thinking. It's part of Bitcoin's scripting language. Scripts are pieces of code that execute and yield a result, but they are not self-executing. A P2PKH address allows a spender to create a standard pubkey script which pays to a pubkey hash. See here for more info on P2PKH script validation.

But yeah, "public key twice" is kinda wrong term to use for that "twice thing". Maybe it was written in consideration of P2PK script?

I think the author just incorrectly used "public key" to convey "bitcoin address."

[tranthidung]

Use "twice" was clearly explained as 1 time for receiving and 1 more time for sending, and never use it again.

I know it but thank you for the extra information, that I forgot to mention the direct case. In fact, I mentioned indirect case, that is not enough.
What you added should be the first case in my previous post, but I ignored it because I thought it is so clear to know for everyone. My bad

It is obviously that if a single user uses one address twice, one to receive, one to send bitcoins, that address will be recorded on the blockchain by those transactions, that reduces privacy.

What happens to privacy for indirect cases will depends on how initial senders manage their wallets that will affect their own privacy and receivers' privacy.

Sending 1BTC from a 2BTC UTXO won't leave a new UTXO to the same address unless the client doesn't support "change address" or the user disables it.
Let me rephrase it: "if he did exactly 'that', he will gain more privacy"; so, if a user do the one in your scenario, he'll gain the opposite.