re-use of addresses

[jonald_fyookball]

ok, so I understand that you shouldn't re-use an address
because then people will see the public key rather than
the hex-encoded hash, and it weakens the security
from 160 bit to 128 bit...

But, can you receive multiple transactions at the same
address (as long as you dont send) with no security
compromise?

[1713513973]

1713513973

[1713513973]

1713513973

[1713513973]

1713513973

[1713513973]

1713513973

[1713513973]

1713513973

[DeathAndTaxes]

Yes.  There is a second reason for not reusing addresses, and it is to improve privacy.  If you are receiving funds from different sources at the same address you still defeat that element.

It should be pointed out that 128 bit security is still beyond brute force for both current and future classical computing.  The main reason for not exposing the PubKey is if to protect it in case the strength of that key is ever reduced in the future.  This could be due to quantum computing making it possible to implement Shor's algorithm against the key, or ECDSA being weakened through cryptanalysis.  In both instances the effective security of the key will be reduced and known keys could be attacked without warning.

[DannyHamilton]

Also note that if you receive multiple transactions at an address, and then only spend some of the outputs, the remaining outputs will be left at an address for which the public key is known. Furthermore, if the wallet you are using does not use an unknown value for generating the signature then the remaining outputs become vulnerable.

[mysidia]

Furthermore, if the wallet you are using does not use an unknown value for generating the signature then the remaining outputs become vulnerable.

So to be safe... when spending... always create a transaction that spends any unused part to one or more of your other Bitcoin addresses  (or new addresses) that have never spent anything.

And when receiving funds from someone, always receive them at a newly generated address, if possible.

Using these rules would achieve greater degrees of security and privacy than if you did allow yourself to reuse addresses.

[franky1]

try to explain it to a legit charity that does not care about privacy at all.
example: donation address to seans outpost

he does not care about privacy AT ALL infact he wants the world to know and use that address for donations, and he 'spends' the inputs manytimes a month. explain the risk and/or chance all their donations can be lost by using the same address.

(without meandering into a privacy concern)

[jonald_fyookball]

Also note that if you receive multiple transactions at an address, and then only spend some of the outputs, the remaining outputs will be left at an address for which the public key is known. Furthermore, if the wallet you are using does not use an unknown value for generating the signature then the remaining outputs become vulnerable.

Wait now I'm confused.  Are you talking about output to a change address? I thought the change address would be safe because we are not sending from it.

[Stephen Gornick]

ok, so I understand that you shouldn't re-use an address

GreenAddress just wrote a blog post on address re-use:
 - http://blog.greenaddress.it/2014/04/30/reusing-addresses-is-bad-m-kay/

But this view is not universal, apparently:

Attention #Bitcoin : contrary to what USG moles are peddling, NOT REUSING ADDRESSES IS BAD FOR YOUR PRIVACY. http://log.bitcoin-assets.com/?date=04-05-2014#659425

- http://twitter.com/Mircea_Popescu/status/463072372896333825

and then:
 - http://log.bitcoin-assets.com/?date=04-05-2014#659487

which I read but still have no idea why Mircea would make that claim.

Anybody?

[DannyHamilton]

Also note that if you receive multiple transactions at an address, and then only spend some of the outputs, the remaining outputs will be left at an address for which the public key is known. Furthermore, if the wallet you are using does not use an unknown value for generating the signature then the remaining outputs become vulnerable.

Wait now I'm confused.  Are you talking about output to a change address? I thought the change address would be safe because we are not sending from it.

Outputs that are received at a Bitcoin address are individually spent in their entirety. If you are using a wallet with coin control you have the ability to choose which outputs are spent in a transaction, and can therefore make sure that all outputs received at a particular address are spent together in a single transaction. If you are not using coin control, then it is possible that some outputs will be spent separately from others that were received at the same address.

Bitcoin doesn't distinguish between change addresses and receiving addresses. At the protocol level, it's all the same.

[jonald_fyookball]

Also note that if you receive multiple transactions at an address, and then only spend some of the outputs, the remaining outputs will be left at an address for which the public key is known. Furthermore, if the wallet you are using does not use an unknown value for generating the signature then the remaining outputs become vulnerable.

I suppose what im still not understanding is this part about the remaining outputs would be left at address where the public key would be known.  Why would it be known?  This change address for the remaining outputs would be a receive only address.

Ok never mind, I think I get it.  You mean the other part of the money NOT in the change address.

[CoinRocka]

Interesting, reusing address analogous to creating history for credit or consumer worthiness.  A mulling point.

[franky1]

all im reading is about privacy so people cant track you and that a public key will become............ public..

so to quote myself as i think the main point people are truly concerned with is losing their coins, so:

try to explain it to a legit charity that does not care about privacy at all.
example: donation address to seans outpost

he does not care about privacy AT ALL infact he wants the world to know and use that address for donations, and he 'spends' the inputs manytimes a month. explain the risk and/or chance all their donations can be lost by using the same address.

(without meandering into a privacy concern)

the layman wishes to know SECURITY risk not privacy risk

[DeathAndTaxes]

all im reading is about privacy so people cant track you and that a public key will become............ public..

so to quote myself as i think the main point people are truly concerned with is losing their coins, so:

try to explain it to a legit charity that does not care about privacy at all.
example: donation address to seans outpost

he does not care about privacy AT ALL infact he wants the world to know and use that address for donations, and he 'spends' the inputs manytimes a month. explain the risk and/or chance all their donations can be lost by using the same address.

(without meandering into a privacy concern)

the layman wishes to know SECURITY risk not privacy risk

I think you misunderstand. If your public key is known then the security of your address is reduced.   Today assuming the wallet implementation is proper it is reduced by 160 bit to 128 bit security.  It is the public knowledge of the PubKey which reduces the security of the funds.  So public knowledge of the PubKey IS a security not just privacy issue.

Can a known PubKey lead to a loss of funds?  In most cases in may not but
* if Quantum Computing ever advances to a point where it is economical to break a 256 bit PubKey your funds could be stolen.
* if cryptanalysis advances to a point where it becomes possible to brute force a 256 bit PubKey your funds could be stolen.
* if your wallet implementation (or underlying library and/or OS) through deliberate intent or negligence ruses the same k value for the same PubKey your funds could be stolen.

There is no way to quantity the risk of the the first two factors however if it happens and you have funds stored in a know pubkey it will be too late.   The third scenario has already happened multiple times (android OS and bitcon.js).

The hash of the pubkey is a secondary line of defense.  It is like asking why can't I clean a firearm while it is loaded and the safety off.  In theory if you do everything right you could accomplish that without incident but taking that risk serves no purpose and if it doesn't end badly for you, if enough people try it, it will end badly for someone.

[jonald_fyookball]

It seems my electrum wallet is pretty good about automatically creating new addresses for most transactions.

I was just reviewing my cold storage coins and seems that the main addresses are only used once despite a few transactions in the wallet.

[RockHound]

Any Localbitcoin Sellers on here?

Reading this thread made me a bit worried about the auto-generated blockchain wallet attached to our accounts.

Apparently we can change them (+still have access to previous?) but thought it's pretty damn secure at any rate. What do you guys reckon?

[killinitsoftly]

I don't re-use addresses but I might as well because I use a wallet (armory) program that can send from any of my addresses.  kind of annoying

[jonald_fyookball]

Any Localbitcoin Sellers on here?

Reading this thread made me a bit worried about the auto-generated blockchain wallet attached to our accounts.

Apparently we can change them (+still have access to previous?) but thought it's pretty damn secure at any rate. What do you guys reckon?

Blockchain.info ?  That's an online wallet.  The main risks there are
some hacker steals your password (please set up 2FA!) or
the site itself is hacked or internally compromised.  (Goxxed).

Although I trust Blockchain (Andreas Antonopolous is their chief of security)
infinitely more than Mark Karpeles and Gox, its still an online wallet
and it could happen.

Those things are probably more likely to happen than
you losing your coins because of address re-use.

[serje]

There is no way to quantity the risk of the the first two factors however if it happens and you have funds stored in a know pubkey it will be too late.   The third scenario has already happened multiple times (android OS and bitcon.js).

I think I can quantify this!

with the current hash power for BTC if everyone would mine in a pool to brute force your address  then first the sun will explode and after they will break into your address ... witch will be pointless because we won't have any sun

[jonald_fyookball]

There is no way to quantity the risk of the the first two factors however if it happens and you have funds stored in a know pubkey it will be too late.   The third scenario has already happened multiple times (android OS and bitcon.js).

I think I can quantify this!

with the current hash power for BTC if everyone would mine in a pool to brute force your address  then first the sun will explode and after they will break into your address ... witch will be pointless because we won't have any sun

He said cryptoanalysis and quantum computing, not ordinary brute-forcing, but you're right. 

On a side note, will the sun really "explode"  or just burn out?

[RockHound]

Any Localbitcoin Sellers on here?

Reading this thread made me a bit worried about the auto-generated blockchain wallet attached to our accounts.

Apparently we can change them (+still have access to previous?) but thought it's pretty damn secure at any rate. What do you guys reckon?

Blockchain.info ?  That's an online wallet.  The main risks there are
some hacker steals your password (please set up 2FA!) or
the site itself is hacked or internally compromised. 

Those things are probably more likely to happen than
you losing your coins because of address re-use.

Cheers J

Assumed it was autogenerated from the blockchain.info with multisig because when you click on the address in "wallet", links to site.

But see what you mean    So do they move our BTC funds when we deposit into:

cold storage wallet<trade request<cold storage to Buyers withdrawal address ?

[DeathAndTaxes]

There is no way to quantity the risk of the the first two factors however if it happens and you have funds stored in a know pubkey it will be too late.   The third scenario has already happened multiple times (android OS and bitcon.js).

I think I can quantify this!

No you can't.

with the current hash power for BTC if everyone would mine in a pool to brute force your address  then first the sun will explode and after they will break into your address

Which has nothing to do with the points you "quantified".