Thoughts on burner addresses

[vapourminer]

No sane person, generally, burns coins purposefully.

the author of popular altcoin miner deliberately burned a pretty good chunk of money to prove his software releases and associated gpg key were genuine.

check the post (sorry its an altcoin but the principle should apply to any coin)

https://bitcointalk.org/index.php?topic=2647654.msg56755869#msg56755869

[1714966637]

1714966637

[1714966637]

1714966637

[1714966637]

1714966637

[1714966637]

1714966637

[BlackHatCoiner]

check the post (sorry its an altcoin but the principle should apply to any coin)

I checked the post and I still don't understand why he burned the coins. If he wanted to state his GPG key's fingerprint, he could just announce it with an OP_RETURN message, if Ethereum has any (alternatively, in Bitcoin). No need to remove coins from circulation.

[vapourminer]

check the post (sorry its an altcoin but the principle should apply to any coin)

I checked the post and I still don't understand why he burned the coins. If he wanted to state his GPG key's fingerprint, he could just announce it with an OP_RETURN message, if Ethereum has any (alternatively, in Bitcoin). No need to remove coins from circulation.

i gather he had to burn coin from his miners built in fee address so it had to be eth from that particular address, not btc. so he burned like 20 grand usd worth of eth to show it. unsure about if eth has some sort of equivalent to op_return or some universal way to sign an addy.

[teosanru]

I recently found this address: https://mempool.space/de/address/1111111111111111111114oLvT2 I researched it and I found out that it is used as a proof of burn address. What are your thoughts of it?
In my opinion it does not make sense, since the value is destroyed and not transferred to the other project even if it might seem like it in the first place. Also there could be an option built into the bitcoin network to burn coins, but actually insert them into blocks to be redistributed to the miners. What are your thoughts on this?

Generally all the chains use such kind of addresses to burn their coins, obviously this is not a very full proof idea but the problem is that cryptos work on proof of work or proof of stake so which means something which has POW or POS has come into existence now you cannot remove that PoW done for that crypto which is why we say Cryptos are not imaginary money. Now because that POW cannot be destroyed you cannot burn the coin in any other manner you just treat it in such a way that it is removed from circulation.

[larry_vw_1955]

Because it is 100% secure as long as the key was generated correctly (used a strong random generator) and kept safe.

Well it's as secure as a legacy address can be if they did what you are suggesting. But that doesn't mean they couldn't make it more secure. For example, use an address format that gives more bits of security. 256 vs 160.

Nobody can "get your key" as long as you are protecting it correctly.

I know but ever heard the saying "don't put all your eggs in one basket? In the unlikely event that someone was to find out their single private key they would lose everything. That's why it is smart to diversify your funds. And don't use the same address more than once which they obviously have FAILED to do thus leaking their public key to the whole world. Now instead of being 160-bit secure, they are down to 128-bit security level.

Besides if you are incapable of protecting one key, you are not going to be able to protect multiple either.

Clearly the person or company behind that address has no idea about bitcoin. They are making amateur mistakes.

[BlackHatCoiner]

Well it's as secure as a legacy address can be if they did what you are suggesting. But that doesn't mean they couldn't make it more secure. For example, use an address format that gives more bits of security. 256 vs 160.

They could have also chosen an OP_RETURN alternative too. The bits have little matter. Nobody's going to start brute forcing each address.

And don't use the same address more than once which they obviously have FAILED to do thus leaking their public key to the whole world.

Where are you referring to? The BitcoinEater address? If so, it hasn't revealed its public key, since it's a burning address. You reveal your public key when you spend one of the outputs.

Clearly the person or company behind that address has no idea about bitcoin. They are making amateur mistakes.

I wouldn't say they do. Sending to a burning-looking address is the easiest way to "burn" bitcoin, because spending to an address is, obviously, supported by all wallets.

[pooya87]

Well it's as secure as a legacy address can be if they did what you are suggesting. But that doesn't mean they couldn't make it more secure. For example, use an address format that gives more bits of security. 256 vs 160.

160 bit hash in addresses provides enough security, and that's the important part.

they obviously have FAILED to do thus leaking their public key to the whole world.

Public key is meant to be public otherwise if there were any risks in revealing your public key, the whole Bitcoin system falls apart. It doesn't matter what a single person does (like not reusing address).

[o_e_l_e_o]

i gather he had to burn coin from his miners built in fee address so it had to be eth from that particular address, not btc.

Why burn at all though? Could he not just have signed a message from that address confirming his PGP key?

I know but ever heard the saying "don't put all your eggs in one basket?

Who's to say that is all their eggs? Perhaps they have several such addresses.

Now instead of being 160-bit secure, they are down to 128-bit security level.

All bitcoin private keys provide "only" 128 bits of security.

[BlackHatCoiner]

All bitcoin private keys provide "only" 128 bits of security.

Isn't this true only if you know their respective public keys? Because if you don't, you have no better method than just brute-forcing against the 160-bit hash.

[ABCbits]

unsure about if eth has some sort of equivalent to op_return or some universal way to sign an addy.

Both are possible. Signing message is covered under EIP-191[1] and EIP-712[2]. Not sure about OP_RETURN equivalent, but it's quite common to use data field[3] where popular blockexplorer such as etherscan support converting the data to UTF-8.

[1] https://eips.ethereum.org/EIPS/eip-191
[2] https://eips.ethereum.org/EIPS/eip-712
[3] https://ethereum.org/en/developers/docs/transactions/#the-data-field

[alexeyneu]

Also worth pointing out that coins in such addresses are not provably burned. They could still be spent in the future, if someone either stumbles across the correct private key or if the ECDLP and hash functions are broken and someone can reverse engineer a necessary private key for one of these addresses. Only coins which are sent to unspendable outputs, such as OP_RETURN, are provably burned.

ofc this thing is derived from plain wrong pubkey. and that's how it should been

[garlonicon]

Isn't this true only if you know their respective public keys?

There are many times, when you know that keys. They are public. You always know them in all Taproot addresses. You always know them in all multisigs, because they are based on public keys, not on public key hashes, if you are a participant in a multisig, you know the public key of another party. Also, if you look at your mempool, you will see a lot of public keys inside transaction inputs.

So, if ECDSA is unsafe, then Bitcoin is unsafe, multisig is unsafe, Taproot is unsafe, and Lightning Network is unsafe. A lot of existing coins could be stolen if ECDSA would be broken.

[o_e_l_e_o]

Isn't this true only if you know their respective public keys?

Yes, but public keys are supposed to be, well, public. If your security relies on keeping your public key secret, then your security is flawed.

As garlonicon points out, there are so many scenarios in which your public key is revealed that this should be assumed to be the default position (especially as people move to taproot addresses). In addition to the ones he has listed, consider all reused addresses and P2PK addresses. There are also many non-transaction or non-address related ways in which people expose their public keys, such as by using any non-Core wallet which sends xpubs to a server, or uploading their xpubs to some other service. Wallet software generally doesn't protect your public keys in the same way it does with your private keys, meaning you can leak them much more easily.

Thinking you are more secure because you think your public key is secret is a false sense of security. Unnecessary security at that.

[alexeyneu]

my opinion OP_RETURN is only for those who wanna burn their coins for themselves. if you offer this to user who wanna something for burned btc - for him you'd just send it to your address tellin him it's burned

[larry_vw_1955]

160 bit hash in addresses provides enough security, and that's the important part.

Right now it does. But not eventually. Quantum computer can reduce that to 80 bits.

Public key is meant to be public otherwise if there were any risks in revealing your public key, the whole Bitcoin system falls apart. It doesn't matter what a single person does (like not reusing address).

Then why do you think Satoshi invented Pay to Public Key hash? It's not just to save disc space on the blockchain.

Where are you referring to? The BitcoinEater address? If so, it hasn't revealed its public key, since it's a burning address. You reveal your public key when you spend one of the outputs.

nope not that address. this one: 1P5ZEDWTKTFGxQjZphgWPQUpe554WKDfHQ As I mentioned, one day this person might wake up and realize all their bitcoins are gone. poof. vanished. sent somewhere else. i say that because it will be one of the top targets not only for traditional hackers but also for quantum computers.

if it's a company behind this address then I hope it's not an exchange I ever do business with since either they are really dumb (a person knows the private key and could steal all the money) or they are using some type of Shamir Secret Sharing on a single private key which is probably an awful idea too.

Yes, but public keys are supposed to be, well, public. If your security relies on keeping your public key secret, then your security is flawed.

That's why satoshi didn't just stop with the public key because he figured if someone ever broke the elliptic curve they would still have to break the hash functions. additional layer of security.

As garlonicon points out, there are so many scenarios in which your public key is revealed that this should be assumed to be the default position  

assume at your own risk.

Thinking you are more secure because you think your public key is secret is a false sense of security. Unnecessary security at that.

You don't have to just "think" your public key is secret. You can make sure it is. and if you do that then it is more secure than if someone knows the public key. that's just a simple fact. I can have 256 bits of security if I use a particular address type or I can have 160 bits if I go with legacy. It's up to me. But if I do something stupid like re-use my bitcoin address, then it immediately goes down to 128 bits. Again just another fact.

So, if ECDSA is unsafe, then Bitcoin is unsafe, multisig is unsafe, Taproot is unsafe, and Lightning Network is unsafe. A lot of existing coins could be stolen if ECDSA would be broken.

They will be unsafe at some point. Maybe before people have time to react and some people might lost some bitcoin because of that. They have exascale computers now. Zettascale is coming after that. And probably Quantum Computers too.

Who's to say that is all their eggs? Perhaps they have several such addresses.

Still wouldn't change the fact that they are doing it all wrong with that one address. Re-using it. If they have other similar addresses, they probably doing the same thing with it too. Bad idea.

[pooya87]

Right now it does. But not eventually. Quantum computer can reduce that to 80 bits.

Quantum computers are not magic tools that can solve any problem!

Then why do you think Satoshi invented Pay to Public Key hash? It's not just to save disc space on the blockchain.

P2PKH existed from early days, it wasn't invented later.

~ one day this person might wake up and realize all their bitcoins are gone.

That day we all wake up to an entirely different world where the banking system no longer works, military secrets are leaked and abused by the enemies and a large part of the internet would fall apart. You see the cryptography used in bitcoin and the security level is not just specific to bitcoin.

I can have 256 bits of security if I use a particular address type

Bitcoin keys provide 128-bit of security, you can't have more than that regardless of your address type.

[mindrust]

If you burn coins from the chain then the total coin supply will change. If you can remove coins, then it would mean you can add coins too. Nobody wants that. Once a coin is lost, it is lost. It is the whole point of a limited supply blockchain and bitcoin is just that.

Burn addresses might not make any sense to you but it is what it is. You'll have to live with that if you are using bitcoin because it is not going to change.

[larry_vw_1955]

Right now it does. But not eventually. Quantum computer can reduce that to 80 bits.

Quantum computers are not magic tools that can solve any problem!

And where did I ever say that? Quantum computers could solve certain types of problems because algorithms are known for those certain types of problems.

Then why do you think Satoshi invented Pay to Public Key hash? It's not just to save disc space on the blockchain.

P2PKH existed from early days, it wasn't invented later.

I didn't say it was invented later. I said Satoshi invented it. Is that wrong?

That day we all wake up to an entirely different world where the banking system no longer works, military secrets are leaked and abused by the enemies and a large part of the internet would fall apart. You see the cryptography used in bitcoin and the security level is not just specific to bitcoin.

your'e trying to lump in other things along with bitcoin to try and make it sound like someone would have to be irrational to attack bitcoin using a quantum computer. perhaps bitcoin is a simpler target to go after than some of the things you mentioned. ever think of that?

I can have 256 bits of security if I use a particular address type

Bitcoin keys provide 128-bit of security, you can't have more than that regardless of your address type.

Sure you can. You have can have 256 bits as long as you don't leak the public key. Surprised you don't realize that.

[pooya87]

And where did I ever say that? Quantum computers could solve certain types of problems because algorithms are known for those certain types of problems.

Exactly. They can solve "certain types of problems" but they can't magically decrease the 128-bit security of a EC private key to 80 bit.

I didn't say it was invented later. I said Satoshi invented it. Is that wrong?

It sounded to me like you were suggesting it came later.

your'e trying to lump in other things along with bitcoin to try and make it sound like someone would have to be irrational to attack bitcoin using a quantum computer. perhaps bitcoin is a simpler target to go after than some of the things you mentioned. ever think of that?

The point is to say cryptography is not going to be broken as easily as you think otherwise we wouldn't have built so much on top of it. Historically this has also been true. We can always foresee the technical developments including hardware capabilities that could lead to weakening a cryptography algorithm and we have always been replacing them with stronger ones for the past thousand+ years.

Sure you can. You have can have 256 bits as long as you don't leak the public key. Surprised you don't realize that.

The key will still provide 128-bits of security.

[o_e_l_e_o]

Quantum computer can reduce that to 80 bits.

And if that ever becomes the case, then bitcoin will move to quantum resistant signatures. Relying on then insecure hash functions and keeping your public keys secret is not a tenable solution.

You don't have to just "think" your public key is secret. You can make sure it is.

Keeping your public key secret means never spending your coins. As I said above, if your security relies on your public key being secret, then your security is broken. Long before this becomes an issue, bitcoin will fork to quantum resistant signatures.


If you think that 128 bits of security is insecure, then you should probably stop using bitcoin. Even if you believe that all your coins are protected by 256 bits of security, the many millions of bitcoin present in addresses with exposed public keys is enough to completely crash the price of bitcoin to zero if they were suddenly all stolen and everyone lost confidence in bitcoin's security.