If reusing addresses is a bad idea then why...

[Bizmark13]

...are there sites like WikiLeaks that have been using the same address for years:

http://blockchain.info/address/1HB5XMLmzFVj8ALj6mfBsbifRoD4miY36v

The above address has been receiving and sending out transactions since 2011. I have heard that by sending funds from an address, you lose an additional layer of protection and so if a method of cracking the single encryption now protecting your address is discovered, any bitcoins stored in such a used address could be stolen. But how feasible is this scenario?

And secondly, I have also heard that it is a bad idea to make multiple deposits into a single address since that also qualifies as reusing an address. But how would it be possible then to make a paper wallet to store 1 BTC in if you have multiple addresses with 0.01 or 0.05 BTC in them each? Say for example you sell a whole bunch of low-value items and generate a new address for each transaction, how would you then pool these funds together without reusing an address by making multiple deposits?

And do multiple deposits affect the security of the encryption? If not, then why are multiple deposits considered a bad idea? Or aren't they?

Apologies for the newbie-ish questions. It feels a bit weird posting in this section of the forums since I'm a senior member. You'd think someone who has been on the forums for so long and has more posts than Satoshi would be an expert by now but unfortunately, I'm still pretty far from it.

[BurtW]

...are there sites like WikiLeaks that have been using the same address for years:

http://blockchain.info/address/1HB5XMLmzFVj8ALj6mfBsbifRoD4miY36v

The above address has been receiving and sending out transactions since 2011. I have heard that by sending funds from an address, you lose an additional layer of protection and so if a method of cracking the single encryption now protecting your address is discovered, any bitcoins stored in such a used address could be stolen. But how feasible is this scenario?

It is true that before you send from a Bitcoin address the only thing known is the Bitcoin address, which is the triple hash of the public key.  Now when you send from an address you basically publish the actual public key in order to spend them.  So after spending from an address not only is the hash of the public key known, but the actual public key is now known.  In order to steal your BTC from the public key they would have to be able to calculate the private key from the public key.  If they can do that then your BTC, my BTC, everyone's BTC are gone even before they are taken because the entire system has been cracked and all BTC are worthless.

In other words, not something I worry about.

And secondly, I have also heard that it is a bad idea to make multiple deposits into a single address since that also qualifies as reusing an address. But how would it be possible then to make a paper wallet to store 1 BTC in if you have multiple addresses with 0.01 or 0.05 BTC in them each? Say for example you sell a whole bunch of low-value items and generate a new address for each transaction, how would you then pool these funds together without reusing an address by making multiple deposits?

First of all, multiple "deposits" into one brand new address do not have any effect on security (see my next post for other concerns).  To answer your question directly you can send from all the addresses which contain small amounts into the one brand new address in order to collect all the BTC into one address using one single transaction.  This one transaction would then be the one time you sent BTC to the address.

And do multiple deposits affect the security of the encryption? If not, then why are multiple deposits considered a bad idea? Or aren't they?

Multiple deposits do not effect security, but see below.

Apologies for the newbie-ish questions. It feels a bit weird posting in this section of the forums since I'm a senior member. You'd think someone who has been on the forums for so long and has more posts than Satoshi would be an expert by now but unfortunately, I'm still pretty far from it.

No problem.

[BurtW]

So multiple sends to a single address do not affect security and multiple spends from a single address does affect security to a certain extent because now the public key is published.

Now the other concern related to address reuse is privacy.

Ideally for privacy you would only use an address once and never reuse it.  This is because then it becomes much harder to match specific Bitcoin addresses to specific people/entities.  So, in your example, it would be pretty hard for Wikileaks to claim that they do not control that address after so many years of advertising that they do in fact control that address.

Now note that every single transaction that has ever sent BTC to them is now recorded forever in the blockchain.

So, if for example you gave to them from an address that can be tied to you then the fact you gave to them can now be proven and that might make you a "terrorist" or whatever...

To help maintain your privacy and almost more importantly to help maintain everyone else's privacy, ideally you would never use an address more than once.  Once here is defined as one transaction into the address (which can come from one or many addresses in the one transaction) and once to spend the entire balance at the address (which can go out to one or many addresses, including your "change" which should go to a brand new address).

This whole privacy issue is tied closely to my pet issue:  maintaining the fungibility of Bitcoin.

See my signature.

Burt

[Bizmark13]

Thanks for the reply. Yeah, that was what I thought as well. I just wasn't completely certain, that's all. If the encryption that prevents a private key from being derived from a public key is broken, I could see people who reused their addresses losing their bitcoins and those who didn't reuse their addresses managing to hold onto their bitcoins until there is a hard fork and the encryption is fixed. It would be similar to the situation a while ago where due to a bug in the Android RNG, those who used Mycelium wallet had their funds compromised. Except instead of a flaw in the Android RNG, it would be a flaw in the implementation of the encryption algorithm or the mathematics behind the algorithm itself. Still a very unlikely thing to happen though.

And about the privacy thing, I guess that could be an issue but I think it's a minor issue for most people, isn't it? I doubt I'm important enough for someone to spend the resources to sift through the blockchain just to track me down. And even if they did, all they would see is a bunch of transactions to and from exchanges and dust payments from faucets. So someone like me who doesn't use Bitcoin for nefarious purposes should be alright, no?

[BurtW]

It may not be a problem for you personally and I agree that most people do not think about it or care about it.  But remember that every single person that can be "outed" can be used to "out" others and those can be used to "out" others, etc.  So by having a lot of people not caring about their privacy it reduces the availability of privacy for those that do.

I am not saying that people who use one single vanity address for every one of their Bitcoin transactions and publish the fact they use, have, control, buy, sell, spend BTC and thereby publish how much they have, how much they spend, where they get it from, and what they spend it on are doing anything wrong per se.  

It is just that by being that free with all their personal information they do reduce the privacy of everyone they deal with directly and by extrapolation then the privacy of the entire system.

All that in fact is not what I belive to be Bitcoin's biggest problem.  By reducing the privacy of the system we increase the possiblity and probability that one day fungibility may be reduced or destroyed.  That is my biggest concern.

[BurtW]

If someone wants to "play nice" and support Bitcoin, the idea of Bitcoin and the Bitcoin network they could/should:

1) Run a full node
2) Stop reusing addresses
3) Maintain their privacy
4) Use coinjoin, exchanges or actual mixers to continually mix and thereby equally taint all coins
5) Stop using/reusing vanity address
6) Stop publishing static deposit addresses, give each customer or donator a different address every time
7) Use deterministic key pair sequences for all periodic payments (this means mining payouts too!)

eight) Keep your bitcoins safe, every loss due to a hack is a public black eye on the whole experiment

[BowieMan]

...are there sites like WikiLeaks that have been using the same address for years:

http://blockchain.info/address/1HB5XMLmzFVj8ALj6mfBsbifRoD4miY36v

The above address has been receiving and sending out transactions since 2011. I have heard that by sending funds from an address, you lose an additional layer of protection and so if a method of cracking the single encryption now protecting your address is discovered, any bitcoins stored in such a used address could be stolen. But how feasible is this scenario?

And secondly, I have also heard that it is a bad idea to make multiple deposits into a single address since that also qualifies as reusing an address. But how would it be possible then to make a paper wallet to store 1 BTC in if you have multiple addresses with 0.01 or 0.05 BTC in them each? Say for example you sell a whole bunch of low-value items and generate a new address for each transaction, how would you then pool these funds together without reusing an address by making multiple deposits?

And do multiple deposits affect the security of the encryption? If not, then why are multiple deposits considered a bad idea? Or aren't they?

Apologies for the newbie-ish questions. It feels a bit weird posting in this section of the forums since I'm a senior member. You'd think someone who has been on the forums for so long and has more posts than Satoshi would be an expert by now but unfortunately, I'm still pretty far from it.

Reusing addresses makes it easier to trace payments or link an address to someone. If it's just a simple donation address, it doesn't matter if the address can be linked, since everyone already knows that the address belongs to, say, WikiLeaks

[BurtW]

Reusing addresses makes it easier to trace payments or link an address to someone. If it's just a simple donation address, it doesn't matter if the address can be linked, since everyone already knows that the address belongs to, say, WikiLeaks

Until WikiLeaks is found to be a "terrorist" organization and eveyone who sent them money a suspected "terrorist".  Using a static address would allow at least some of those that sent money to Wikileaks to be hunted down.

[BowieMan]

Reusing addresses makes it easier to trace payments or link an address to someone. If it's just a simple donation address, it doesn't matter if the address can be linked, since everyone already knows that the address belongs to, say, WikiLeaks

Until WikiLeaks is found to be a "terrorist" organization and eveyone who sent them money a suspected "terrorist".  Using a static address would allow at least some of those that sent money to Wikileaks to be hunted down.

Okay, granted. But maybe they thought it was more difficult to give everyone who wants to donate some BTC to them a new address dynamically, I guess they just opened up some address and told people to send their BTC there in case they want to donate.

[AdamSmith]

Reusing addresses makes it easier to trace payments or link an address to someone. If it's just a simple donation address, it doesn't matter if the address can be linked, since everyone already knows that the address belongs to, say, WikiLeaks

Until WikiLeaks is found to be a "terrorist" organization and eveyone who sent them money a suspected "terrorist".  Using a static address would allow at least some of those that sent money to Wikileaks to be hunted down.

Having the public address being watched by government is really a bad idea and put donators in a hot seat.

[notlist3d]

Only thing you might think of is using multiple wallet's (which would be different addresses).  This way not all your bitcoins are in one wallet for security.

[clovex]

Reusing addresses makes it easier to trace payments or link an address to someone. If it's just a simple donation address, it doesn't matter if the address can be linked, since everyone already knows that the address belongs to, say, WikiLeaks

Until WikiLeaks is found to be a "terrorist" organization and eveyone who sent them money a suspected "terrorist".  Using a static address would allow at least some of those that sent money to Wikileaks to be hunted down.

Okay, granted. But maybe they thought it was more difficult to give everyone who wants to donate some BTC to them a new address dynamically, I guess they just opened up some address and told people to send their BTC there in case they want to donate.

then what about people like you which are in signature campaings and are forced to make their address public to get paid?

[polynesia]

Scenario 1: I have 2 deposits in a single address, which I combine together and use for a single payment.
Scenario 2: I have 2 deposits in 2 different addresses. I combine them and use them for a single payment (one single transaction).

Aren't these 2 scenarios the same from a privacy point of view? Although I have used 2 different addresses in scenario 2, isn't the single transaction proof that I control both addresses?

[wasserman99]

Reusing addresses makes it easier to trace payments or link an address to someone. If it's just a simple donation address, it doesn't matter if the address can be linked, since everyone already knows that the address belongs to, say, WikiLeaks

The main reason you should not reuse an address is because of privacy. The more times you use a specific address, the easier it is to potentially link your identity to that address.

If you have a donation address, then privacy is not your goal. When you are receiving donations, the person donating the money obviously knows what cause they are donating to so this issue is not applicable.

[BurtW]

Reusing addresses makes it easier to trace payments or link an address to someone. If it's just a simple donation address, it doesn't matter if the address can be linked, since everyone already knows that the address belongs to, say, WikiLeaks

The main reason you should not reuse an address is because of privacy. The more times you use a specific address, the easier it is to potentially link your identity to that address.

If you have a donation address, then privacy is not your goal. When you are receiving donations, the person donating the money obviously knows what cause they are donating to so this issue is not applicable.

Not true, read the thread.  Easily solved by giving out a different address for each donation.

[Kipsy89]

They just need a single address for people so they can donate BTC! They don't need to cover up their tracks, it's also a good thing for people to see that people really do donate BTC to them, so more people will follow!

[1986]

I think the whole thing about reusing addresses is just a precautionary measure to make it safer, but I don't think it's something you need to worry about.

[BurtW]

They just need a single address for people so they can donate BTC! They don't need to cover up their tracks, it's also a good thing for people to see that people really do donate BTC to them, so more people will follow!

The issues is not the privacy of Wikileaks it is the privacy of the people donating to Wikileaks.  

Because Wikileaks uses a single address, instead of separate addresses as they should, everyone that sends donations to them loses some amount of privacy.  If the sender can be found then it can be proved that the sender sent money to Wikileaks.  It is the senders privacy that is being hurt by their address reuse.

[BurtW]

I think the whole thing about reusing addresses is just a precautionary measure to make it safer, but I don't think it's something you need to worry about.

Why?  Explain yourself.

I explained in detail above why address reuse is a bad idea and hurts Bitcoin, the idea of Bitcoin, the privacy and fungibility of Bitcoin, etc.

Do the same with your off the cuff comment.

[1986]

I think the whole thing about reusing addresses is just a precautionary measure to make it safer, but I don't think it's something you need to worry about.

Why?  Explain yourself.

I explained in detail above why address reuse is a bad idea and hurts Bitcoin, the idea of Bitcoin, the privacy and fungibility of Bitcoin, etc.

Do the same with your off the cuff comment.

I really don't see how it's realistically a problem at all.