"New address for each payment" is a logic bomb

[flynn]

So, you made your point, maybe somewhere sometime someone will get an account that belongs to someone else, probably getting 0.01 BTC free
All right.

U could read the OP at least before replying...

Not worth answering.

[niothor]

I think the math works out that there's more Bitcoin addresses than there are atoms in the universe.  Basically, it's been talked about many times, and it's nothing to worry about.

The latest numbers show around 10^80 atoms so there are "a bit" more atoms.

[darkmule]

I think it's also possible that a black hole will suddenly erupt above the New York Stock Exchange and suck in everything there, then suddenly disappear back to whence it emerged.

It COULD happen.  Prove it couldn't. 

So we should probably get rid of stock exchanges.  Especially the Nikkei.  It's just as likely to suffer such an event.

[Come-from-Beyond]

Heh, why do ppl post in this thread if they have no clue what birthday paradox is...

[niothor]

Heh, why do ppl post in this thread if they have no clue what birthday paradox is...

Because:
1) people are lazy to check wtf is the birthday paradox
2) math is not quite as easy as watching baseball
3) your thread assumes a vulnerability of the bitcoin protocol , so i'm not sure why haven't you already been burned as an "infidel" already

[Come-from-Beyond]

Because:
1) people are lazy to check wtf is the birthday paradox
2) math is not quite as easy as watching baseball
3) your thread assumes a vulnerability of the bitcoin protocol , so i'm not sure why haven't you already been burned as an "infidel" already

So true

[drawingthesun]

As u know, each time u make a payment Satoshi's client generates a new address to send change to. He (or someone else) also advised to create a new address each time someone needs to receive a payment (for anonymity reason). Entropy of an address is 160 bits (due to RIPEMD-160 "compression"). Applying Birthday Paradox we get that when 2^80 addresses are created we will, likely, get a collision. This is not critical, coz "older" address will be empty, probably. But this can be used in black PR against Bitcoin. An adversary (who is generating addresses non-stop) will be able to show 2 different public keys with the same address. Media will be happy to publish articles with "Bitcoin completely broken" title...

I understand that the eventual collision of two keys will be blown way out of proportion and used as an attack by the media and conflicting interests. However what can we do? The current advice to not reuse keys is very sound and the benefits outweigh the risk by far.

What could a solution be? So that the media never gets this opportunity... CFB, if the key space is now 2^161 how much does this offset the probabilities in the birthday paradox? What keyspace would make any collision unlikely given every human producing a trillion addresses every nano second for thousands of years? 2^1000000?

As I see your claim, that a collision is going happen sooner than the conventional thought allows, the solution would be to make the key space so much larger that any collision is unlikely forever.

[Come-from-Beyond]

What could a solution be?

Keep reusing addresses. Sending change to a new address doesn't increase anonymity.

[drawingthesun]

What could a solution be?

Keep reusing addresses. Sending change to a new address doesn't increase anonymity.

The way I imagine change addresses working, I always thought that they are increasing anonymity somewhat. Why do you disagree?

If money never returns to base, so to speak, it always looks like it is moving forward somewhere and working out what forward is the merchant and what forward is you can become difficult.

[Come-from-Beyond]

The way I imagine change addresses working, I always thought that they are increasing anonymity somewhat. Why do you disagree?

If money never returns to base, so to speak, it always looks like it is moving forward somewhere and working out what forward is the merchant and what forward is you can become difficult.

If that was as u said then we wouldn't need http://zerocoin.org/

[drawingthesun]

If that was as u said then we wouldn't need http://zerocoin.org/

Oh true, we certainly need zerocoin or coinjoin very soon. I would imagine if either one of those systems became commonplace and in the reference client you could make a very good argument that the creation of a new address for every transaction is not required for anonymity.

However once an address spends coins it reveals something? I forget what that something is. I remember reading an address that has not spent coins is somewhat safer. Is this something that could be overcome too?

[Come-from-Beyond]

However once an address spends coins it reveals something? I forget what that something is. I remember reading an address that has not spent coins is somewhat safer. Is this something that could be overcome too?

That is a public key.

[drawingthesun]

However once an address spends coins it reveals something? I forget what that something is. I remember reading an address that has not spent coins is somewhat safer. Is this something that could be overcome too?

That is a public key.

Does that revealed information make the address less secure?

[Kouye]

Does that revealed information make the address less secure?

I think what you are referring to is the fact that when you spend coins, you have to sign the tx with your private key, thus giving a "hint" about it.

[drawingthesun]

Does that revealed information make the address less secure?

I think what you are referring to is the fact that when you spend coins, you have to sign the tx with your private key, thus giving a "hint" about it.

Ah ok that makes sense, so is that a theoretical/academic risk or a real practical risk?

[Come-from-Beyond]

Does that revealed information make the address less secure?

I think what you are referring to is the fact that when you spend coins, you have to sign the tx with your private key, thus giving a "hint" about it.

Ah ok that makes sense, so is that a theoretical/academic risk or a real practical risk?

If someone owns a quantum computer he will be able to recover the private key almost as fast as u sign a message with it. So until the public key is unknown the private key can't be picked.

[Kouye]

Ah ok that makes sense, so is that a theoretical/academic risk or a real practical risk?

It has been a real risk not long ago, on android, because its rng was broken.
From what I understood, as soon as you had 2tx signed, your private key could be deduced.

[Come-from-Beyond]

I wonder why your Ignore button is so glowing...

Coz when most of bitcoiners were licking ass of Bitcoin foundation founders I was on the opposite side.

Do you know that the probability of your body atoms particles can align so you can penetrate a wall even without noticing is greater that a Bitcoin address colition?

Do u mean quantum tunneling? Aye, I know about this phenomenon.

How many people do you know can walk through walls?

At least one.


When 2^80 addresses are created u will find at least 1 identical pair with probability very close to 100%. I'm not talking about finding a collision to one particular address.

[moderate]

I wonder why your Ignore button is so glowing...

Coz when most of bitcoiners were licking ass of Bitcoin foundation founders I was on the opposite side.

R u sur it iznt coz u talk like thiz ?

[Come-from-Beyond]

R u sur it iznt coz u talk like thiz ?

Ye, coz ignore counter jumped +20 after I took part in debates regarding Bitcoin Foundation. Why?