Address reuse (Bitcoin Core)

[tiffy]

Is it safe to use an address twice (privacy excluded)?

I have read that if the random nonce k used for the ECDSA signature is not chosen at random then someone can calculate the private key.

Is this really a problem in practice?

I make a test transaction for new addresses to make sure that they work correctly.

I use Bitcoin Core 27.1.

[takuma sato]

Is it safe to use an address twice (privacy excluded)?

I have read that if the random nonce k used for the ECDSA signature is not chosen at random then someone can calculate the private key.

Is this really a problem in practice?

I make a test transaction for new addresses to make sure that they work correctly.

I use Bitcoin Core 27.1.

You can reuse the addresses as many times as you want. In practice no one is going to be able to derive your private key just because you are reusing the public key that belongs to it. People say to not reuse private addresses for privacy, since they can see how you keep adding funds to the same address. You could always mix the address after you have a considerable amount and want to hide it from public eye.

[BlackBoss_]

Is it safe to use an address twice (privacy excluded)?

Is this really a problem in practice?

If you say, you don't care about privacy (privacy excluded), you can use a same address many time. It's address reuse.

It practically is not good for your privacy and in order to get better privacy, you need to use Bitcoin change addresses.

Some advice is here https://blockchair.com/bitcoin/privacy-o-meter

General guidelines for sending BTC transactions

Blockchair can not help you improve the privacy of your transactions but here are some basic recommendations on how to stay anonymous on the Bitcoin network

Don't send round numbers
Don't send round amounts. Instead of sending 0.1 BTC, send 0.10125

Use Bitcoin Mixers
Mixers add an additional layer of privacy to a transaction to avoid exposing user identities.

Avoid reusing wallets
Don't send your Bitcoin change to the same address you use for sending bitcoins.

Avoid including many of your addresses in one transaction
Any time you can, try not to send BTC from your various Bitcoin addresses.

Avoid using "send everything" option
If you are withdrawing funds from an exchange, it is okay.
If you're moving funds to another wallet, do not transfer the whole amount to another address. It greatly compromises your privacy.

Spending your Bitcoin

[ranochigo]

Is it safe to use an address twice (privacy excluded)?

Yes.

I have read that if the random nonce k used for the ECDSA signature is not chosen at random then someone can calculate the private key.

Is this really a problem in practice?

I make a test transaction for new addresses to make sure that they work correctly.

I use Bitcoin Core 27.1.

That is true. If your nonce is known, then you can calculate the private key from your signature. However, Bitcoin Core is open source and a simple bug like this would probably be caught on early and should never make it into a stable release.

The problem concerning address reuse, which is often blown out of proportion is the possibility of repeated nonce in the signature. When nonce are being repeated, you can calculate the private key from two different signature. This is only in the case where nonce are non-random and being reused across multiple transactions. This is a problem with poorly implemented CSPRNG with certain poorly designed wallets in the past. However, Bitcoin Core uses RFC 6979 to ensure every signature is distinct and deterministic. As such, the chances of repeated nonce is zero.

[nc50lc]

I have read that if the random nonce k used for the ECDSA signature is not chosen at random then someone can calculate the private key.

Is this really a problem in practice?

Yes, that's why clients like Bitcoin Core use pseudo random values that for that reason.
Ref: github.com/bitcoin/bitcoin/blob/master/src/key.cpp#L208-L234

Reusing address doesn't necessarily mean that every transaction that you'll create will use the same nonce when producing signatures.
An address that you reuse may be a representation of the same script but it has nothing to do with the generation of k value when spending the multiple UTXOs linked to it.
Check the reference above for the function Bitcoin Core uses.

[Forsyth Jones]

Wallets like Bitcoin Core practically force the user to use new addresses every time the receive button is pressed by the user, but as others have said, using new addresses for each receive is a matter of privacy, you are not necessarily vulnerable to changing signatures to exfiltrate your private key.

I think they should change the UI/UX of the receive tab in Bitcoin Core, I think they should never have changed the design of the tab, just compare how much more practical it was to receive to a new address or reuse an old one in the old UI, the old addresses were listed in the same tab, we could generate a new QR code from any address (with a new address or reused).



Electrum unfortunately followed the same path, adding the name "invoices" for on-chain receiving with invoices with expiration dates. Unfortunately, this only causes more confusion than it helps. For example, newbies mistakenly think that addresses created by invoices with expiration dates will be canceled or invalid.