Bitcoin address re-usage can lead to theft of private keys

[SirLancelot]

1. It is quite harmful to one's privacy and becomes an impediment to BTC censorship resistance
 3. Quantum computers could extract private keys if these addresses are re used.

I think the Author is somehow misleading, if I want to re-use a wallet address multiple times for transactions, it doesn't give me any security harm to my private keys

For now we don't see any harm of repeatedly using the same address but will we wait before something bad happens to us? I don't think he is misleading since he already state some reasons there on why it is advised to constantly change our public address right after every use however for someone that is only dealing with smaller amounts then I think they can continue using with one address.

There's nothing to be afraid of because no one will check their addresses and will be obsessed to hacked it. Hacking isn't easy so if hackers will done the act, they can just do it to the addresses that has huge balances on it as that will be worth of their time.

[1715411478]

1715411478

[1715411478]

1715411478

[Pmalek]

Addresses can be reused in different ways.
For example, I can send the same address to Person A, B, and C if they need to send me Bitcoin. The address has been re-used. At most, that's a privacy concern. But even if the address was used 3 times, the public key is never revealed if I don't spend the coins. You wouldn't be able to crack my private key with my public key (even if you could) because there is no record of it yet. Only if I spend the coins from my receiving address by signing a transaction, my public key will be recorded on the blockchain and then you can attempt to crack it. According to experts, we are decades away from such a scenario. 

[franky1]

i think people need to define "re-use"

receiving funds repeatedly from many people to your one address is no harm at all.. (from a brute force hack prospective)
.. its the repeat spending that has a slight miniscule(brute force hack) risk.. but still negligable*

the privacy risk of receiving funds from multiple sources to one address or spending from one address to multiple people is where each merchant/sender/receiver to or from that address, where if you offer personal info then associates that address with a name they have. and they can then pass that info on if you keep using that address if it becomes an interesting address to keep an eye on

*however the risk of someone brute forcing.. well as i said in my last post.. give it a try. try brute forcing satoshis address from his block9 reward , see how easy it really is

[pooya87]

The fundamentals of asymmetric cryptography is based on the fact that you can and should reveal your public key and signature without any risk of your private keys being compromised specially if ECDSA is used. If there were any risks then it would make the whole system obsolete not just reused addresses.
The only serious issue with reused addresses is a privacy related one.

Perhaps, the author is refering to the problem described here: https://web.archive.org/web/20160308014317/http://www.nilsschneider.net/2013/01/28/recovering-bitcoin-private-keys.html ?   

As far as I understand, when the same address is reused, signatures are created with the same private key. This private key can be calculated if, and only if, the k-value (random integer) is either not-so-random (deterministic or weak entropy) or the said k-value is also reused. We are interested in the latter case because the former case doesn't require the reuse of addresses. So, if the wallet software in question is compromised, malicious, flawed, or outdated, or the user himself is trying to sign a transaction using a custom, poorly written ECDSA signature algorithm, it may result in a private key vulnerable to theft. If a wallet uses the same k-value each time it signs a transaction, an attacker can take advantage of this vulnerability and steal all the coins that still are on a reused address.

K values these days are generated deterministically so the chances of it being weak is practically zero. If it is weak in a certain implementation then there is a good chance that there is no need to reuse the address for the private key to be leaked like the case with blockchain.info vulnerability that they were producing the same k for everyone and you could steal the coins before they even confirmed.

In other words implementation flaws mean the said software should be avoided altogether. Whether you reuse addresses or not doesn't change the fact that your funds are at risk.

[Trapezium]

Do not trust any unreliable source. Hackers can filter the private keys and access the wallet and then steal the bitcoins. Be careful and smart enough to identify any fault.

[NotATether]

2. It can leave one open to niche attacks and one becomes vulnerable to these cyber thieves who will extract private keys from signatures after a transaction has been made.
 3. Quantum computers could extract private keys if these addresses are re used.

The attacks only work if the same nonce is re-used over and over again by the wallet [most wallets plugged that vulnerability 8-10 years ago] or if there is some mathematical relationship between the two nonces e.g. K' (the second nonce) being equal to K+1 or something else equivalently simple. So don't expect to find an equation out of a linear congruential (rand(3) family of RNGs) or Mersenne Twister RNG.

All secure wallets generate a random nonce for each transaction, mitigating this vulnerability.

[Welsh]

3) A has nothing to do with B. If quantum computers ever get to the point of being able to do something like that (probably not in our lifetimes) the entire encryption of BTC would be broken.

To piggyback on this, also would mean that multiple industries would be compromised since they rely on the same thing Bitcoin does. Meaning, a solution would've already been found or Bitcoin being broken is the last of our worries. However, as suggested we've got a ton of time to think about quantum resistant measures which probably won't happen for a long time. I'm not sure about our lifetime, but I imagine we'll be ahead of schedule on a solution, since there's already been some half baked solutions proposed already.

the privacy risk of receiving funds from multiple sources to one address or spending from one address to multiple people is where each merchant/sender/receiver to or from that address, where if you offer personal info then associates that address with a name they have. and they can then pass that info on if you keep using that address if it becomes an interesting address to keep an eye on

Yeah, and considering how much companies usually keep of your data, I wouldn't doubt that exchanges are using this on mass. I imagine this sort of data will unfortunately become a gold mine in the near future. Hence why people should care about not willy nilly giving their information to any company or person for that matter, that asks for it.

[PostQuantumChain]

 3. Quantum computers could extract private keys if these addresses are re used.
 

Quantum Computers could calculate your private key with Shor's after 1 transaction because you are revealing your public key in a transaction.
They even could attack it, while it's in the mempool and replace it with a higher fee. Bitcoin has to use quantum-resistant signatures in the future.
https://csrc.nist.gov/News/2022/pqc-candidates-to-be-standardized-and-round-4


Yes, there are some new kinds of attacks regarding the random nonce.
https://eprint.iacr.org/2020/615.pdf

Maybe you don't want to sign messages on edge devices with low entropy.

[franky1]

the privacy risk of receiving funds from multiple sources to one address or spending from one address to multiple people is where each merchant/sender/receiver to or from that address, where if you offer personal info then associates that address with a name they have. and they can then pass that info on if you keep using that address if it becomes an interesting address to keep an eye on

Yeah, and considering how much companies usually keep of your data, I wouldn't doubt that exchanges are using this on mass. I imagine this sort of data will unfortunately become a gold sat mine in the near future. Hence why people should care about not willy nilly giving their information to any company or person for that matter, that asks for it.

for sake of humour, im making one small adjustment

a few years ago the company behind bitnodes was doing offers of awarding people sats for handing over personal info. like linking their social media and stuff.
so yea it will be a 'sat mine' linking forum usernames to social media and then to known nodes and wallet addresses.

other services awarding sats for 'learn about bitcoin' are able to give away sats because they sell that info when you sign up, other things like 'refer a friend' too as it brings a bigger picture of who you are by revealing your social connections to others

chain analysis websites earn money selling their data so if they can fill that data with tagged addresses it adds a premium to their data

many exchanges wanting this info to be able to analyse it and learn more about their customer behaviours, is worth alot of value to them.
the more an exchange knows about a customer, the more they can spot suspicious people/behaviours and send SAR(suspicious activity reports) and avoid getting fined for accidentality missing out on suspects that should have been obvious if they had the info to make a good decision to report or not

[slaman29]

Privacy I agree and that is the main point of address reuse, and the only one. I have been using one same address for identification purpose (hence the loss of privacy) but if that made it more vulnerable to private key theft, why would it even be a feature?

I mean, hackers can just use the same attack on any address in blockchain explorer if the quantum computer argument is true then it shouldn't matter if you use the address once or twice or more.

Only way is to keep changing entire wallets if that's the case.

[franky1]

privacy is not preserved by avoiding address re-use.
its preserved by being a person that does not talk about their life too much..

EG there are people that use a different address for all their signature campaigns. yet they are publicly listing their address in the ad-campaign category posts of the public forum. thus immediately attaching their forum username to all of their new addresses.. becomes a pointless exercise in using different addresses

i personally have a vanity address and i use that simply for the "i dont care who sees" situations. i keep my actual hoard of coins in a separate wallet where the funds are never spent together in a same tx as my vanity address. so they are separate.

i dont list or mention the address of my separate hoard. and so i preserve the privacy of that hoard.
i do not mention my forum name when handling transactions of the hoard. thus keeping that separate too.

..
there is no point doing address-reuse avoidance. if you are still going to be using all your funds from different addresses to deposit into your same KYC'd exchange account

avoiding address re-use should be
OK address 1abcdef is only for exchange A and exchange B,C deposits where they know my birth certified name
OK address 1zxywv is only for merchant F who does not ask for my name or forum avatar/pseudonym
OK address 1pqrstu is only for merchants i found through the forum who know my forum identity

and try to keep the funds separate so they dont sweep together

in short be smart about what address you use with which service. but especially about what life story you attach to that address

[dansus021]

Or maybe Ronin network just messed up and gave away their private keys to the hackers otherwise if this was possible, Don't you think so many addresses holding large amounts of Bitcoin would have been hacked by now?

Yes I do agree with this, I do believe that what happened to ronin network is insider job. and I know quantum computer capable doing lot of thing but what you have said is true

reuse-ing address is fine for daily transaction with account not more thang 1000$ as long you don't fall to scammer and hiding away your private key, but for privacy process using Wasabi wallet or other mixer is always be a great choice

[pooya87]

~but for privacy process using Wasabi wallet or other mixer is always be a great choice

If you use Wasabi wallet, your privacy would be less than zero because they not only track all your transactions going in and out of the CoinJoin transaction but also they report it directly to blockchain analysis companies who in turn use it to deanonymize you.