Do BTC payments have to be signed with the same keys used to get the BTC?

[theymos]

Say that I buy 100 BTC from NLS. He has my identity. I then buy something with those particular BitCoins. If the seller and NLS share info, can I be identified? My understanding is that I can, because I used the same BitCoin address to both receive and send those coins.

[Sabunir]

I do not believe that this is a problem. When some receives coins, they have no way of telling who it came from. So if the hypothetical exchanger* and the seller shared usage data, all they would know is that you (and many other people) bought coins, and that someone sent coins to the seller.

Of course, this is my understanding, and I'm not an expert.

*There's no need to single out NLS.

[theymos]

The paper seems to say that coins are transferred by signing the receiver's public key with the sender's keys. Then the receiver has to use that same "verified" public key to transfer the coins to someone else. Since the public key is connectible to an identity by the person who originally sent the coins, this is a problem.

I could be wrong about how this works, though. How do you think it works?

[Sabunir]

I think you have mistaken "public key" cryptography for normal cryptography. Please read this, if that concept is new to you - Bitcoin uses this technology for coin transfers. Otherwise, I must misunderstand you.

[theymos]

I understand public-key cryptography.

Look at the diagram in section 2 of the BitCoin paper. For owner 1 to send coins to owner 2, he needs to know owner 2's public key in order to create a hash and sign it. To receive payment, owner 3 needs that same public key to verify that it has been signed by owner 1.

[DannyM]

Hopefully a dev will clarify this for us. Does generating a new address for each person you transfer with mitigate this risk, or is the key the same?