Bitcoin Forum
November 19, 2024, 07:09:19 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: Reusing bitcoin addresses?  (Read 30272 times)
phoenox (OP)
Newbie
*
Offline Offline

Activity: 12
Merit: 0


View Profile
January 27, 2013, 10:37:15 PM
 #1

I have heard that you are not supposed to reuse your bitcoin addresses.  I have been looking around to but have been unable to find any good information about this.  I am interested in finding both the technical reasons for this and the practical implications.

At this point my understanding of the issue is that it is ok to reuse a recieving address(public key hash), but after you have spent any of the bitcoins then you need to generate new addresses. 

Does this mean that if someone is making regular payments to me over a long period of time, I will have to send them a new address for each payment?

I am using the Bitcoin-Qt client, if I am going to send or recieve money multiple times do I need to take special steps to ensure security, or is this all handled by the client.  I have noticed that the recieving addresses used before I spent money are still available for use, is this ok?

I am really confused about this issue, hope someone can make tis clear.

Thanks
ThickAsThieves
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500



View Profile
January 27, 2013, 10:38:21 PM
 #2

While there are reasons a person might want to "burn" addresses, it is not necessary.
Gabi
Legendary
*
Offline Offline

Activity: 1148
Merit: 1008


If you want to walk on water, get out of the boat


View Profile
January 27, 2013, 10:45:39 PM
 #3

Only reason is anonimity. Except that, there is no problem.

Akka
Legendary
*
Offline Offline

Activity: 1232
Merit: 1001



View Profile
January 27, 2013, 10:45:48 PM
 #4

There is no technical reason to not reuse addresses. Also you don't give one person each time you revive a payment a new address.

The only reason you might not want to reuse addresses is to maximise anonymity.

For example there even are services like BTCT.co that don't allow you to change you receive address once you have set one.

All previous versions of currency will no longer be supported as of this update
Otoh
Donator
Legendary
*
Offline Offline

Activity: 3108
Merit: 1166



View Profile
January 27, 2013, 10:49:15 PM
 #5

It's only relevant if you are aiming for 100% anonymity, otherwise it doesn't matter at all & you can keep using the same addresses for receiving & also sending TX np.

edit: as above

BTC = $c²     My BTC addie = 1otohotohMoQoxHuxLBveQiZcV3Pji3Tc 
Bitstamp Exchange: Referal Code
CHARITY | MY REP | PREDICTION 1 | PREDICTION 2 | PREDICTION 3
timando
Newbie
*
Offline Offline

Activity: 7
Merit: 0


View Profile
January 27, 2013, 11:31:53 PM
 #6

The main reason to use a new address is to hide the fact that it's you. The reason that the client gives a new address each time is to help you to stay anonymous. The reason you need to stay anonymous is because the entire transaction history is available to everyone. This means that people can see exactly what's going on. If you reuse addresses, it makes it a lot easier for someone to see what's going on with your bitcoins. Reusing an address has no disadvantages if you don't care about everyone seeing exactly what you do with your money (If you're the type of person who tweets about their breakfast and posts on Facebook about their every action, you have nothing to worry about)
dbasql
Full Member
***
Offline Offline

Activity: 219
Merit: 100


Ethics and Science need to shake hands


View Profile
January 28, 2013, 12:08:35 AM
 #7

It seems you may want to have several addresses if you are getting coins from multiple sources. At least then you know who and what has come in.
scrumbly
Newbie
*
Offline Offline

Activity: 7
Merit: 0


View Profile
January 28, 2013, 12:37:50 AM
 #8

Yeah, this feels like paranoia for the normal use case. If you're just fiddling around with bitcoins (and not, I dunno, laundering drug money) is it really worth all the effort and maintenance to have a new address for every transaction?
edd
Donator
Legendary
*
Offline Offline

Activity: 1414
Merit: 1002



View Profile WWW
January 28, 2013, 12:41:10 AM
 #9

Providing a new address for each transaction is a very efficient way for merchants to track payments.

Still around.
CIYAM
Legendary
*
Offline Offline

Activity: 1890
Merit: 1086


Ian Knowles - CIYAM Lead Developer


View Profile WWW
January 28, 2013, 01:01:29 AM
 #10

It is much more secure (not just more anonymous) to never re-use an address (and yes - am aware of my sig and you'll notice there a no unspent outputs on that address).

The reason being that once you have signed a tx for any unspent output that was sent to that address (i.e. once you "spend from it" and with the standard client you can't easily control how it chooses which unspent outputs to "spend from") then you have "released" your "public key" (prior to that only the Base58 encoded RIPEMD hash of it was publicly known - also known as the "address").

Now if the ECDSA that Bitcoin uses ever becomes found to be "crackable" then the "private key" to your "address" could be feasibly be cracked and any "remaining" unspent outputs to that address could now be spent by the cracker.

With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU
phoenox (OP)
Newbie
*
Offline Offline

Activity: 12
Merit: 0


View Profile
January 29, 2013, 02:20:24 AM
 #11

Looks like there is a lot of misinformation about this.

So if you don't reuse your addresses then you will have two layers of encryption, but if you do you will only have one?  But this only applies if you reuse the address after you have spent money from it.

If i am understanding right, this is also related to why when you spend coins, the entire balance in that account is spent, but whatever change you need is sent back to you in a new address.

If I spend money twice or three times, will the client or the network automatically change the account that is being spent from every time?
CIYAM
Legendary
*
Offline Offline

Activity: 1890
Merit: 1086


Ian Knowles - CIYAM Lead Developer


View Profile WWW
January 29, 2013, 02:39:52 AM
 #12

So if you don't reuse your addresses then you will have two layers of encryption, but if you do you will only have one?  But this only applies if you reuse the address after you have spent money from it.

Pretty much correct - to spend an "unspent output" (i.e. a part of your total BTC "balance") you must include the public key for the address and a script signature (so it can be verified). At that point any other "unspent outputs" to that same address are *more vulnerable* as your public key is now known (before only a RIPEMD hash was known).

If i am understanding right, this is also related to why when you spend coins, the entire balance in that account is spent, but whatever change you need is sent back to you in a new address.

A transaction is actually a "script" that can have multiple inputs and outputs with the "inputs" being either "coinbase" (from mining) or "unspent outputs" (from transactions that were sending funds to yourself).

Each "input" must be completely spent (fees are actually the total amount of the inputs minus the total outputs so you effectively don't spend a small amount of your inputs in order to "pay a fee").

Typically your input(s) are not going to exactly match the amount you want to send and so a "change" address is added as another output to solve this.

If I spend money twice or three times, will the client or the network automatically change the account that is being spent from every time?

The network has nothing to do with it - your client will "somewhat" randomly choose which "unspent outputs" to use (with some checks to avoid you needing to pay too much in fees).

With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU
DannyHamilton
Legendary
*
Offline Offline

Activity: 3486
Merit: 4851



View Profile
January 29, 2013, 03:05:27 AM
 #13

Pretty much correct - to spend an "unspent output" (i.e. a part of your total BTC "balance") you must include the public key for the address and a script signature (so it can be verified). At that point any other "unspent outputs" to that same address are *more vulnerable* as your public key is now known (before only a RIPEMD hash was known).
Unless I'm mistaken, prior to spending any unspent outputs associated with an address, what was known was a RIPEMD hash of a SHA256 hash.

So, when you first receive an output to a previously unused address, the layers between your private key and what is publicly known are ECDSA->SHA256->RIPEMD resulting in a "bitcoin address".

Once you spend any single (or more) output that had been sent to the address, the only layer between your private key and what is publicly known is ECDSA.

This means that if a weakness is found in the future in any two of ECDSA, SHA, and RIPEMD, the bitcoins associated with addresses that are only used once are still safe from any brute force attempt.  However, once an address has been used once to spend a previous output, all current and future bitcoins associated with that address become immediately vulnerable if a weakness is discovered in ECDSA even if no weakness is discovered in SHA or RIPEMD.
0dayatciyam.org
Newbie
*
Offline Offline

Activity: 5
Merit: 0


View Profile
February 04, 2013, 12:00:07 PM
 #14

102 BTC returned in this transaction: http://blockchain.info/tx-index/42579467/4a0fe8cb78b19778a49d171642649c9ee25453ed206894c88b049d0ee7939a0f

I'd highly recommend not creating raw transactions in the future unless absolutely necessary Smiley.  $1,500 is a pretty risky mistake if it didn't land on a known pool wallet/IP.

Very much appreciated - although I've been doing raw tx's without a problem for weeks I guess the exhaustion of working over 12 hours per day for the last week has clearly taken its toll.

I will certainly be "ultra-cautious" with all future raw tx's.


it wuld appear that security is not a thing you should talk.
uminatsu
Jr. Member
*
Offline Offline

Activity: 55
Merit: 2


View Profile
February 11, 2014, 07:17:06 PM
 #15

Regardless of future possible discovery of weaknesses in ECDSA, even by today's standards I believe it is much less secure to re-use an address whose ECDSA public key is known.

When the ECDSA public key is not yet publicly known, the bitcoin address is at least as secure as RIPEMD is secure against preimage attack, because anyone able to spend from that address need to find a RIPEMD preimage. There's no known method better than brute-force search which takes ~ 2^160 time.

When the ECDSA public key is publicly known, the bitcoin address is no more harder to crack than solving the EC discrete logarithm problem on the secp256k1 curve, for which there's known methods (such as baby-step giant-step) in ~ 2^128 time.

Pretty much correct - to spend an "unspent output" (i.e. a part of your total BTC "balance") you must include the public key for the address and a script signature (so it can be verified). At that point any other "unspent outputs" to that same address are *more vulnerable* as your public key is now known (before only a RIPEMD hash was known).
Unless I'm mistaken, prior to spending any unspent outputs associated with an address, what was known was a RIPEMD hash of a SHA256 hash.

So, when you first receive an output to a previously unused address, the layers between your private key and what is publicly known are ECDSA->SHA256->RIPEMD resulting in a "bitcoin address".

Once you spend any single (or more) output that had been sent to the address, the only layer between your private key and what is publicly known is ECDSA.

This means that if a weakness is found in the future in any two of ECDSA, SHA, and RIPEMD, the bitcoins associated with addresses that are only used once are still safe from any brute force attempt.  However, once an address has been used once to spend a previous output, all current and future bitcoins associated with that address become immediately vulnerable if a weakness is discovered in ECDSA even if no weakness is discovered in SHA or RIPEMD.
Rach3
Newbie
*
Offline Offline

Activity: 1
Merit: 0


View Profile
March 05, 2014, 10:30:28 AM
 #16

Very interesting read. So what does 2^128 'time' mean? Aren't we still talking about many many times the universe age? Even with speed increase of supercomputers considered?
Coef
Hero Member
*****
Offline Offline

Activity: 882
Merit: 1000


Exhausted


View Profile
March 05, 2014, 11:20:29 AM
 #17

Very interesting read. So what does 2^128 'time' mean? Aren't we still talking about many many times the universe age? Even with speed increase of supercomputers considered?


True, but it could be a different story if a weakness in ECDSA is found.

Another problem is anonymity.

oriel2
Newbie
*
Offline Offline

Activity: 42
Merit: 0


View Profile WWW
March 05, 2014, 01:51:54 PM
 #18

It seems you may want to have several addresses if you are getting coins from multiple sources. At least then you know who and what has come in.

On a non tech level this was true for me - I used the same address in multiple locations and got payments from someone - I hav  no way of knowing now which company / person sent the BTC to me!
vnvizow
Sr. Member
****
Offline Offline

Activity: 364
Merit: 250



View Profile
March 05, 2014, 02:04:02 PM
 #19

Normally only large businesses do that, the security an offline wallet provide is enough for personal use.
vnvizow
Sr. Member
****
Offline Offline

Activity: 364
Merit: 250



View Profile
March 29, 2014, 04:24:56 AM
 #20

comroll,

What is the purpose of this copy/paste from an earlier post in this same thread?

Regardless of future possible discovery of weaknesses in ECDSA, even by today's standards . . .

Regardless of future possible discovery of weaknesses in ECDSA, even by today's standards . . .

You did the same thing today in at least 3 other threads:
https://bitcointalk.org/index.php?topic=31145.msg5949599#msg5949599
https://bitcointalk.org/index.php?topic=420841.msg5949694#msg5949694
https://bitcointalk.org/index.php?topic=442845.msg5949825#msg5949825
Obviously he's spamming, aaaaand he's deleting his posts  Tongue
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!