Not a good idea at this time. Addresses should not be re-used.
To clarify what he actually means:Addresses should not be reused after they have
spent money. Ideally all payments that contribute to the balance of an address should be spent all at once to empty the address balance.
However this "should" is only theoretical, it would take a major cryptography breakthrough for it to matter, and if the Bitcoin crypto was found crackable, there would be a world-wide shitstorm from everything else that uses the same crypto.
Explanation:Bitcoin addresses are a ECDSA public/private keypair. ECDSA is a
signing algorithm - only the private keyholder can
sign messages, but anyone given the corresponding public key can verify that a message was signed by the keyholder. Bitcoin uses this technology when creating transactions: the address-holder signs a message "I want to sent my Bitcoins to Joe" to prove they authorize the transfer.
However, a Bitcoin address is not the public key. It has another security layer: an address is cryptographic
hashes of the public key. When given a public key, you can determine it belongs to a Bitcoin address by hashing it yourself, however you cannot determine the public key by just having an address. This is done also because the hash is less data than a full key, making for shorter addresses.
After the public key of an address is disclosed, the extra hash layer of a Bitcoin address is removed. Only the strength of ECDSA protects the Bitcoin funds.
Two things disclose the public key:
- Spending Bitcoins - the public key is included with the transaction so the authenticity can be determined
- Signing messages - another feature that allows Bitcoin users to prove any arbitrary message was sent by them
I can receive many payments without disclosing the public key. For example, I may have a cold-storage savings address (paper wallet) where I send money every month. Nothing about receiving many payments has reduced security.
Regarding alias address discovery, here are my previous thoughts:
I've started thinking it through, and a self-published alias might be the easiest addition. It would seem best to lift Namecoin's style of address registration
with fee. There would certainly be a landrush period, and you would want to discourage squatting, so a significant but diminishing cost would better ensure interested parties might still find their desired alias available (see
post #10 above; I paid .55 BTC in fees just for some fun...).
Implementation: You go into your address book, there is an option called "register label on network". You press this, it asks you to create an alias that other clients can see to send money to you. If you are not the first, you get an error that the alias is already taken. The alias is permanently included in the blockchain along with some bitcoins you donate as the fee, and then the address book will list all aliases registered to your address. Other Bitcoin clients would have a searchable database of all these aliases to find you as a recipient.
However, I don't think anything like this should be included in Bitcoin. Although not any more dangerous than "firstbits", it would make it too easy to spoof people into sending money to an "amazon.com" that goes to a malicious squatter instead. It also hinders anonymity and the sender identification that comes with one-time-use addresses.
First, Bitcoin will likely never be extended in such a way, it falls in the category of storing non-transaction data in the blockchain, which is against the grain of every position taken by developers and contributors.
The obvious feature of aliases is to discover someone's address, by looking up other information such as a name. However looking up a name has fundamental problems. Any conceivable system apart from a centrally micro-managed repository would allow bad actors to create false aliases such as "Deep Celeron" "The REAL deepceleron", "deepce1eron", or anything else that might foil the system by making my real account unclear to senders. Someone might go create an alias with my email address before I do it myself.
Address message signing is not a solution to this problem. You don't have my Bitcoin address yet, so it doesn't matter that an alias was signed by the address someone wants to fool you into using.
Namecoin allows name storage in it's blockchain. There are many id/useralias entries now where the "info" field is someone's Bitcoin address.
Again, the only reason why this has value is that I got it first. I could register id/Syke, and claim that that is the proof that I am Syke, and sign further messages with the address showing proof that "Syke" owns that address and name.
Aliases would be useful in theory, but would be troubling in any implementation, and would only create another way for people to have Bitcoins stolen.
