Signing a message? Expose coins

[jubalix]

Does signing a message expose coins on that address in anyway,

eg is it equivalent of sending some coins from an address and not using a change address?

and by expose I mean lessen security....

[Iranus]

If you sign a message from an address, anyone can go and search on a block explorer and find the Bitcoin in that address and transactions that have gone to or from that address.  It won't necessarily compromise your security, provided that you're quite sure the address can't be linked to you.  You won't be exposing your private key, so your Bitcoin would still be safe provided that what you use to sign the message also isn't linked to you.

[Quartx]

Does signing a message expose coins on that address in anyway,

eg is it equivalent of sending some coins from an address and not using a change address?

and by expose I mean lessen security....

A block explorer essentially lists all transactions made from any address involved in transactions that has been confirmed or going to be.

Signing with an address has the same coin exposing impact as sending a transaction.

If you transactions using any change addresses can be found on a block explorer, it is already exposed. Signing a message will not increase said risk. I think it is a non factor.

[ranochigo]

Signing a message will reduce your privacy in a sense that once you give them a signed message with your identity, they will know you control that address.

Signing a message and sharing it would in a sense reduce security. Your public key can be calculated from that. Not a concern since every transaction you make will reveal it anyway.

Not using change address doesn't really reduce your security, it just reduces your anonymity. However, with that, there is something that it exposes; your public key. Even though it is a 'public' key, someone knowing it wont be entirely good either. You can calculate your private key from your public key. It is has to be done with a quantum computer. And that happening before we have a solution would be at the least of my worries.

[Qartada]

Signing a message will reduce your privacy in a sense that once you give them a signed message with your identity, they will know you control that address.

That's the key thing here.  So what's then important is that the pseudonym you use to reveal your address also can't be linked to your identity because your pseudonym used to reveal your address is then linked to your address.  If people found out your identity from your Bitcointalk account, which I would hope they can't, that's when your security would be compromised because they'd then know your identity and Bitcoin address.  You're about 99.999% safe.

[pedrog]

Does signing a message expose coins on that address in anyway,

eg is it equivalent of sending some coins from an address and not using a change address?

and by expose I mean lessen security....

If you sign it at an offline computer the private key and wallet password are never exposed, if you do it in an online computer it is the same as sending coins as you need to unlock the wallet.

[jubalix]

Does signing a message expose coins on that address in anyway,

eg is it equivalent of sending some coins from an address and not using a change address?

and by expose I mean lessen security....

A block explorer essentially lists all transactions made from any address involved in transactions that has been confirmed or going to be.

Signing with an address has the same coin exposing impact as sending a transaction.

If you transactions using any change addresses can be found on a block explorer, it is already exposed. Signing a message will not increase said risk. I think it is a non factor.

See this is what I thought....I remember going over this about 3 years ago but cant find the thread....So to recap my understanding, a change address is used because it means you have not exposed ? and so you are relying purely on elliptic curves or some such which are not provably secure....so the whole idea by satoshi to include the change addresses  was to make it alot more secure......

is this right?

[ranochigo]

See this is what I thought....I remember going over this about 3 years ago but cant find the thread....So to recap my understanding, a change address is used because it means you have not exposed ?

Using a change address is used for two purposes:
1. Ensure privacy.
Using change address makes it harder to link addresses together.
Eg. A --> B (Destination) + C (Change)
A --> B (Destination) + A (Change)

For the first example, you can accurately determine which is the destination.

2. To eliminate ANY security risk associated with address reuse.

and so you are relying purely on elliptic curves or some such which are not provably secure....so the whole idea by satoshi to include the change addresses  was to make it alot more secure......

is this right?

What? ECDSA is used in anything needed to prove the a signature associated with your address is valid (in transactions etc). It is secure as of now but not reusing addresses prevents this issue. But yes, there is next to 0 risk for you to lose coins if ECDSA can be reversed if you never reuse address.

[jubalix]

See this is what I thought....I remember going over this about 3 years ago but cant find the thread....So to recap my understanding, a change address is used because it means you have not exposed ?

Using a change address is used for two purposes:
1. Ensure privacy.
Using change address makes it harder to link addresses together.
Eg. A --> B (Destination) + C (Change)
A --> B (Destination) + A (Change)

For the first example, you can accurately determine which is the destination.

2. To eliminate ANY security risk associated with address reuse.

and so you are relying purely on elliptic curves or some such which are not provably secure....so the whole idea by satoshi to include the change addresses  was to make it alot more secure......

is this right?

What? ECDSA is used in anything needed to prove the a signature associated with your address is valid (in transactions etc). It is secure as of now but address reuse prevents this issue. But yes, there is next to 0 risk for you to lose coins if ECDSA can be reversed if you never reuse address.

ok i see...as i thought.....thanks....needed to confirm this

[DannyHamilton]

so the whole idea by satoshi to include the change addresses  was to make it alot more secure......

is this right?

No.

The whole idea by Satoshi to use a new address for every transaction output was to increase privacy significantly and to make it just a tiny bit more secure.

When you first receive a transaction output using an address that has never been used before, the output is protected by 3 cryptographic algorithms (ECDSA, SHA256, and RIPEMD160).  To get to your private key mathematically from your address, an attacker would need to find significant mathematical weaknesses in three significantly different algorithms simultaneously.

Once you spend that output (or sign a message using the private key that is associated with the address) you reveal the ECDSA public key. After that, the output is protected ONLY by ECDSA.

ECDSA is very secure already, so adding the extra layers doesn't really make it ALOT more secure, but if a weakness is ever discovered in ECDSA, it will help to have the additional layers in place.

[jubalix]

so the whole idea by satoshi to include the change addresses  was to make it alot more secure......

is this right?

No.

The whole idea by Satoshi to use a new address for every transaction output was to increase privacy significantly and to make it just a tiny bit more secure.

When you first receive a transaction output using an address that has never been used before, the output is protected by 3 cryptographic algorithms (ECDSA, SHA256, and RIPEMD160).  To get to your private key mathematically from your address, an attacker would need to find significant mathematical weaknesses in three significantly different algorithms simultaneously.

Once you spend that output (or sign a message using the private key that is associated with the address) you reveal the ECDSA public key. After that, the output is protected ONLY by ECDSA.

ECDSA is very secure already, so adding the extra layers doesn't really make it ALOT more secure, but if a weakness is ever discovered in ECDSA, it will help to have the additional layers in place.

thanks exactly what i was looking for....