Bitcoin address management

[ioube]

Hello!

Sorry if these are dumb questions, but I'm trying to get a better understanding of bitcoin address management and would appreciate any good resource (I've been through the Bitcoin wiki etc, but still can't answer my questions).

The main point I'd like to understand is the linkage between addresses from a single seed/within a single wallet.

Question 1:
Let's say I have been using a seed/wallet ("A") for a bit of time and received/spent BTC from it.
If I transfer the whole balance of this wallet ("A") to another seed ("B") and then generate a new address on that first wallet ("A") to receive BTC from a new source, will it be possible to link the balance on my initial ("A") addresses to the newly created ("A") address?

Question 2:
If I use a single seed to generate a legacy BTC address and a Bech32 address, is it possible for someone analyzing the blockchain to determine that these two addresses come from the same seed / are linked?

Thanks!

[jackg]

If you meant ("B") on the last of question 1 then no it wouldn't be possible providing it doesn't come from ("A") and the two aren't linked.

For question 2, no they couldn't work it out that they were linked unless you sent funds between them...

[ioube]

Thanks for your answer.

for question 1, I do actually mean "A".
 the flow would be:
1) I have xxx BTC on wallet "A"
2) I empty that wallet to another one ("B")
3) I receive yyy BTC from a different source on a new address of the same wallet "A"
==> by analyzing the blockchain, can you tell that wallet "A" went from xxx BTC to 0 and then to yyy BTC or would using a new address to receive the yyy BTC "break the cycle" and make it appear as a new wallet to any observer?

Thanks,

[Rath_]

==> by analyzing the blockchain, can you tell that wallet "A" went from xxx BTC to 0 and then to yyy BTC or would using a new address to receive the yyy BTC "break the cycle" and make it appear as a new wallet to any observer?

As long as you make sure not to reuse old addresses with the new ones in the same transaction, the observer won't be able to tell if the balance of the wallet "A" has changed.

[o_e_l_e_o]

Provided you do not reveal your master public key or other details of your wallet, then there is no way to link any two addresses together just by looking at the addresses. In both your questions, there is no inherent way to link addresses together, be it two addresses from the same wallet, or two addresses generated by the same seed phrase.

The most common way that people link addresses together is either by spending from two addresses in the same transaction, or by doing this via another address. For example, you have some coins on address A and address B, and you use both these addresses in one transaction. They are obviously now linked. If you later use address B and address C in the same transaction, then it is fairly trivial to also link address A with address C via address B, even though they haven't shared a transaction.


If you want to be completely safe, then you could use derivation paths to create a whole new account. This essentially uses the same seed phrase but generates a whole different set of keys and addresses. Once you are done with wallet A and you empty it, rather than using different addresses from A and running the risk of making a mistake and accidentally linking the new addresses to the old, you can just use a different derivation path to create a brand new wallet. If you let us know which wallet we are using, we can talk you through how to do this if you like.

[ioube]

Provided you do not reveal your master public key or other details of your wallet, then there is no way to link any two addresses together just by looking at the addresses. In both your questions, there is no inherent way to link addresses together, be it two addresses from the same wallet, or two addresses generated by the same seed phrase.

The most common way that people link addresses together is either by spending from two addresses in the same transaction, or by doing this via another address. For example, you have some coins on address A and address B, and you use both these addresses in one transaction. They are obviously now linked. If you later use address B and address C in the same transaction, then it is fairly trivial to also link address A with address C via address B, even though they haven't shared a transaction.


If you want to be completely safe, then you could use derivation paths to create a whole new account. This essentially uses the same seed phrase but generates a whole different set of keys and addresses. Once you are done with wallet A and you empty it, rather than using different addresses from A and running the risk of making a mistake and accidentally linking the new addresses to the old, you can just use a different derivation path to create a brand new wallet. If you let us know which wallet we are using, we can talk you through how to do this if you like.

Thanks a lot, that's really helpful!
I guess my overall understanding was not too far from the truth, but your explanation confirms it and makes it much more clear.

So using a new address from the same wallet would make me highly vulnerable to a dust attack or doxing if I'm not careful with old address reuse.

I'm mostly using ledger live these days. I'm going through their documentation right now to see if it is possible to derivate a new wallet, but any help/tutorial would be more than welcome.

Thanks,

[bob123]

Question 1:
Let's say I have been using a seed/wallet ("A") for a bit of time and received/spent BTC from it.
If I transfer the whole balance of this wallet ("A") to another seed ("B") and then generate a new address on that first wallet ("A") to receive BTC from a new source, will it be possible to link the balance on my initial ("A") addresses to the newly created ("A") address?

No.
There is no link visible between single addresses generated from the same seed.

As long as you are not signing a transaction with inputs from both addresses, or are being analyzed through some meta data (e.g. using web wallet from browser X with addons y,z and a specific resolution, etc..), you are fine.

Question 2:
If I use a single seed to generate a legacy BTC address and a Bech32 address, is it possible for someone analyzing the blockchain to determine that these two addresses come from the same seed / are linked?

No.

[ioube]

Question 1:
Let's say I have been using a seed/wallet ("A") for a bit of time and received/spent BTC from it.
If I transfer the whole balance of this wallet ("A") to another seed ("B") and then generate a new address on that first wallet ("A") to receive BTC from a new source, will it be possible to link the balance on my initial ("A") addresses to the newly created ("A") address?

No.
There is no link visible between single addresses generated from the same seed.

As long as you are not signing a transaction with inputs from both addresses, or are being analyzed through some meta data (e.g. using web wallet from browser X with addons y,z and a specific resolution, etc..), you are fine.

Question 2:
If I use a single seed to generate a legacy BTC address and a Bech32 address, is it possible for someone analyzing the blockchain to determine that these two addresses come from the same seed / are linked?

No.

Thank you, it makes sense.
I just need to be really careful with spending / dusting and address reuse.

[o_e_l_e_o]

So using a new address from the same wallet would make me highly vulnerable to a dust attack or doxing if I'm not careful with old address reuse.

Exactly. If you don't slip up then there's no way to link the addresses, but to eliminate the risk of slipping up you can simply use a new derivation path.

I'm mostly using ledger live these days. I'm going through their documentation right now to see if it is possible to derivate a new wallet, but any help/tutorial would be more than welcome.

Yes, it is. By changing the derivation path you create what is known as a new account. Ledger Live will deal with the derivation path automatically for you in the background - all you have to do is add a new account for the coin in question (bitcoin, in this case), and the address type you want to use (legacy or segwit). There are instructions on doing this here: https://support.ledger.com/hc/en-us/articles/360006410253-Add-your-accounts. The only caveat here is you can only create a new account for each address type if the previous account for that address type has received a transaction already. This is to stop users creating dozens of unnecessary accounts and then forgetting which one their bitcoin is in.

If you follow this method, it is important to remember what is happening in the background - Ledger Live is changing the derivation path for each account. This is important if you ever need to restore your seed phrase to another wallet, as by default most wallets will show the first account only, and you'll need to specifically tell them to look for other accounts.

[ioube]

Yes, it is. By changing the derivation path you create what is known as a new account. Ledger Live will deal with the derivation path automatically for you in the background - all you have to do is add a new account for the coin in question (bitcoin, in this case), and the address type you want to use (legacy or segwit). There are instructions on doing this here: https://support.ledger.com/hc/en-us/articles/360006410253-Add-your-accounts. The only caveat here is you can only create a new account for each address type if the previous account for that address type has received a transaction already. This is to stop users creating dozens of unnecessary accounts and then forgetting which one their bitcoin is in.

If you follow this method, it is important to remember what is happening in the background - Ledger Live is changing the derivation path for each account. This is important if you ever need to restore your seed phrase to another wallet, as by default most wallets will show the first account only, and you'll need to specifically tell them to look for other accounts.

Thanks a lot, that's very clear!

If I understand well, what you describe is one of the characteristics of HD wallets: a single seed allows you to generate a virtually infinite number of wallets that are all separate from each other. The only way to link them to each other, given no cross-transaction, would be to know the seed.

Then, if as you mention, I need to restore the seed on another wallet/service, how would the software know "which derivation path to look for"?
My understanding is that this is the "deterministic" part of HD wallet and the derivation paths follow a sequence that will always be the same, going from wallet number 1 to wallet number infinite always in the same order no matter the service used to access this wallet. Am I correct?

Sorry if I'm way off, as you can tell, I'm not that technical...

[o_e_l_e_o]

If I understand well, what you describe is one of the characteristics of HD wallets: a single seed allows you to generate a virtually infinite number of wallets that are all separate from each other. The only way to link them to each other, given no cross-transaction, would be to know the seed.

Essentially, yes. There are other pieces of information which would allow someone to link addresses, such as the extended or master public keys, but the only way they could have these pieces of information is if you revealed them.

Then, if as you mention, I need to restore the seed on another wallet/service, how would the software know "which derivation path to look for"?
My understanding is that this is the "deterministic" part of HD wallet and the derivation paths follow a sequence that will always be the same, going from wallet number 1 to wallet number infinite always in the same order no matter the service used to access this wallet. Am I correct?

Largely correct, except for one small point which I'll explain at the bottom of this post.

Most wallets use the BIP44 scheme for derivation paths. A typical derivation path for an address would look like this:

Code:

m/44'/0'/0'/0/0

The m refers to your master private key, derived from your seed phrase.
The 44 refers to the address type. 44 is for legacy addresses which begin with a 1. This number would change to 49 for P2SH addresses beginning with a 3, and to 84 for Bech32 addresses beginning with bc1.
The first zero refers to coin type. This is always 0 for mainnet (i.e. not testnet) bitcoin.
The second zero refers to the account.
The third zero refers to whether the individual address is a change address or not.
The last zero is the index number of the individual address in the wallet.

Each address in one account will share the first three numbers, and only the last two numbers will change. For example, the first address would have the derivation path above, whereas the second address would have the following derivation path:

Code:

m/44'/0'/0'/0/1

And your first change address would have the following derivation path:

Code:

m/44'/0'/0'/1/0

Now, when you create a new account, your wallet simply increments the account number, which is the second zero, by one, and starts deriving new address. So the first address in your second account would have the following path:

Code:

m/44'/0'/1'/0/0

Now, as I said above, this is a standard protocol, so provided you remember that you created extra accounts in Ledger Live, you'll always be able to restore those accounts by following the standard derivation paths.

The one small point to mention is that there are a small handful of wallets which do not follow these standard paths and instead use their own paths, but as Ledger Live is not one of these, you don't have to worry about them.

[tranthidung]

You can read these documents for your interest. It does not answer your question directly but there are some points you can take from.

• Privacy-o-meter (Blockchair.com)
• Privacy (Bitcoin Wiki)

[Abdussamad]

Hello!

Sorry if these are dumb questions, but I'm trying to get a better understanding of bitcoin address management and would appreciate any good resource (I've been through the Bitcoin wiki etc, but still can't answer my questions).

The main point I'd like to understand is the linkage between addresses from a single seed/within a single wallet.

Question 1:
Let's say I have been using a seed/wallet ("A") for a bit of time and received/spent BTC from it.
If I transfer the whole balance of this wallet ("A") to another seed ("B") and then generate a new address on that first wallet ("A") to receive BTC from a new source, will it be possible to link the balance on my initial ("A") addresses to the newly created ("A") address?

no

Question 2:
If I use a single seed to generate a legacy BTC address and a Bech32 address, is it possible for someone analyzing the blockchain to determine that these two addresses come from the same seed / are linked?

Thanks!

the seed mnemonic encodes the script type so you can't create wallets like that using an electrum seed. legacy wallet seed will only generate legacy wallet and a segwit wallet seed  bech32 addresses.

if you were to use a bip39 seed then you could do the above. in that case someone could link the two addresses once you spend from them because spending reveals the public key and it'll be the same for both addresses. 

[o_e_l_e_o]

the seed mnemonic encodes the script type so you can't create wallets like that using an electrum seed. legacy wallet seed will only generate legacy wallet and a segwit wallet seed  bech32 addresses.

OP has said he is using Ledger Live, so this does not apply. His single seed phrase will generate any address type he likes.

if you were to use a bip39 seed then you could do the above. in that case someone could link the two addresses once you spend from them because spending reveals the public key and it'll be the same for both addresses. 

Only if he was to create two different address types at the the same derivation path. Since Ledger Live uses BIP44/49/84, then all his addresses will have different public keys.

[bob123]

If I understand well, what you describe is one of the characteristics of HD wallets: a single seed allows you to generate a virtually infinite number of wallets that are all separate from each other. The only way to link them to each other, given no cross-transaction, would be to know the seed.

This statement itself is not completely correct.
A single seed allows you to generate an almost infinite number of private-/public key pairs (and therefore addresses). A "wallet" basically is just an interface and/or a piece of software/hardware managing private-/public keys.

Further, there are more ways to link addresses without them being used in the same transaction, than just knowing the seed.
For example by knowing the master public key or the master public key or (under given circumstances) by meta data analysis.