MinAddress : Now remember your addresses easily

[BurtW]

"firstbits" is harder to use, because in order to expand a firstbits address you need to search from the genesis block onwards until you find it.

With MinAddress the block number is in the address so there's much less searching required.

This is not true.

One to One Correspondence between MinAddress and Full Address implemented to prevent mistakes in MinAddress

In order to implement the one to one correspondence the decoder must verify the block in the MinAddress is the very first block to contain the Bitcoin address - just like firstbits.  See:

I think the one to one correspondence between MinAddress and Full Address can be used to make the MinAddress mistake proof. MinAddress can have 3 levels of checks:

>Block must exist
>Address must be uniquely present in block
>Block should be the first block where the address was used.

The three level of dependencies will ensure that if MinAddress is misspell it will lead to an error rather than some other address. Though this is not 100% full proof but it will make the chance of random change leading to a valid MinAddress very very low.

[1714260501]

1714260501

[1714260501]

1714260501

[1714260501]

1714260501

[1714260501]

1714260501

[1714260501]

1714260501

[1714260501]

1714260501

[tspacepilot]

Isn't this basically just "firstbits" (which seems to have disappeared a while back)?

It's very similar to firstbits but a little different.  FWIW, firstbits is going to reappear shortly, I happen to be rewriting the software at the moment.

[BurtW]

Hmmmmmm.  No.  Without the block number it will be firstbits or it won't work.  For example without the block number find "1bu". Where is it?

[medUSA]

I like my MinAddress, surprisingly easy to remember: 46044-1jfy
(back in one jiffy)

[DannyHamilton]

The encoding process will also required to be changed and instead of finding the min characters to make address unique in a block we will be required to find the min characters to make it unique among all receive addresses having 1st block upto the 1st block of the address in question. So similar to firstbits but smaller.

Why smaller?

Isn't that what Firstbits is?

[CIYAM]

Why smaller?

Isn't that what Firstbits is?

Agreed - I am a little confused now also what the real difference is (apart from perhaps trying to add an extra "check").

[BurtW]

Hmmmmmm.  No.  Without the block number it will be firstbits or it won't work.  For example without the block number find "1bu". Where is it?

Well , we can start with the first block and check if 1bu uniquely identifies an address in that block, if yes we take full address and move to next step, if no we move to the next block and so on till we find a full address or reach the latest block. Once we get full address we compare if the block where we found the full address is the first block where the address occurs in the blockchain, if true we have our final full address otherwise we goto first step.

Only thing is that the cost of calculation is very high unless some kind of database is used to speedup the process.

UPDATE: The encoding process will also required to be changed and instead of finding the min characters to make address unique in a block we will be required to find the min characters to make it unique among all receive addresses having 1st block upto the 1st block of the address in question. So similar to firstbits but smaller.

Thinking this through:

Let's say that the firstbits of a specific Bitcoin address is "1burtw", actual address is 1BurtW....  You propose that without specifying the block number you might be able to shorten it and still find the original address.  OK, by the definition of firstbits there will exist within blocks before the very first occurance of the 1BurtW... Bitcoin address other addresses that start with 1burt because if there are no other addresses starting with 1burt then 1burt would be the firstbits by definition.

All of these other addresses will match 1burt<x> where <x> is not the letter W or w.

The question is: is there any case where we can use 1burt to find the proper 1burtw address?  Well if there is a single unique occurance of 1burt<x> where <x> is not W or w then we cannot use 1burt because your algorithm will find the previous unique 1burt address.

In fact the only time your algorithm can be used to shorten 1burtw to 1burt is if every single block which contains a 1burt<x> pattern in the blockchain before the first occurrence of 1burtw has two different 1burt<x> patterns.

Since <x> in our case here is all of the following characters:  123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz I think the probability that every 1burt<x> occurrence will occur in a block with two different 1burt<x> patterns to be not worth the extra computational effort above the standard firstbits computational effort.

To summarize:  you will almost always be able to find a block that contains a single 1burt<x> pattern so the algorithm will almost always result in the firstbits.

[jl2012]

Isn't re-using the same address not regarded as questionable?
i.e not the recommended best practice?

Well it's not recommended as the best practice but I don't see anything dangerous in doing so. I think it's just a precautionary measure. I'm sure DannyHamilton will now tell me otherwise, though hehe.

You mean because of this ?

Do not re-use an address I've given you in the past. I use a new address for every transaction and I discard the private keys once I send/spend the bitcoins that I received at an address. Therefore it is very important that you get a new address from me and do not re-use an address to send bitcoins to me in the future if we ever engage in another transaction.

Yes, it's a bad idea to re-use address, but it is an absolutely stupid idea to discard a private key.

[bornil267645]

It's a safe option as far as the security issues are concerned.

[DannyHamilton]

it is an absolutely stupid idea to discard a private key.

That is an opinion, not a fact.

My opinion differs from yours on that matter.

[BurtW]

Yes, it's a bad idea to re-use address, but it is an absolutely stupid idea to discard a private key.

I would not call it stupid.  I would call it very dedicated.  He is dedicated to forcing people to stop reusing addresses, at least when dealing with him.  If everyone did this there would be no address reuse.  Sure some BTC might get lost along the way but pain is a very effective teacher.  People would learn through the pain of losing BTC when they reused an address that reusing addresses is bad and wrong and they would stop doing it.

[tspacepilot]

Yes, it's a bad idea to re-use address, but it is an absolutely stupid idea to discard a private key.

I would not call it stupid.  I would call it very dedicated.  He is dedicated to forcing people to stop reusing addresses, at least when dealing with him.  If everyone did this there would be no address reuse.  Sure some BTC might get lost along the way but pain is a very effective teacher.  People would learn through the pain of losing BTC when they reused an address that reusing addresses is bad and wrong and they would stop doing it.

Discarding the private key of an address you've used seems to me like shooting yourself in the foot (and receiving the real-life consequences of that action) in order to adhere to an abstract principle that not everyone agrees with or thinks about.  I guess I'm saying that I can see this adding up to a lot of disputes and accusations.  Imagine you send btc for a debt to someone who discards their old addresses in this way.  You say "I sent you that money, same address I paid you at last week".  Then the other person says "no, my policy is to discard addresses, I no longer have access to that address because I've discarded the private key".  At this point, you might (rightly, imho) doubt whether that person is being honest---what if they still have the key but are lying to you in order to trick you into paying them more than once.  Obviously the fact that the bitcoins you sent are still in the address you sent them to would be evidence that the person hasn't yet tricked you, but is not evidence that they won't trick you as soon as you send again to a new address at your expense.  I guess my point boils down to this: someone may say that they discard old private keys, but how can they prove this?  (I don't think they can.)

[jl2012]

it is an absolutely stupid idea to discard a private key.

That is an opinion, not a fact.

My opinion differs from yours on that matter.

And differs from Satoshi's, too:

Oct. 3, 2010: Sigh… why delete a wallet instead of moving it aside and keeping the old copy just in case? You should never delete a wallet.

source: https://bitcointalk.org/index.php?topic=1327.msg15136#msg15136

[amaclin]

And differs from Satoshi's, too:

Oct. 3, 2010: Sigh… why delete a wallet instead of moving it aside and keeping the old copy just in case? You should never delete a wallet.

Sorry, could you explain me what does the word "never" mean in this context?
I am not native English speaker and I am very afraid of misunderstanding.
Does it mean 1000 years? Or 100 years? Should I leave my wallet to my childs and ask them to keep my private keys? How will I check that they obey my orders after my death?

[DannyHamilton]

Discarding the private key of an address you've used seems to me like shooting yourself in the foot (and receiving the real-life consequences of that action) in order to adhere to an abstract principle that not everyone agrees with or thinks about.

I see it more as documenting a set of rules (call it a "Constitution" if you like) and committing myself to that set of rules along with any real life consequences of that committment.

I guess I'm saying that I can see this adding up to a lot of disputes and accusations.  Imagine you send btc for a debt to someone who discards their old addresses in this way.  You say "I sent you that money, same address I paid you at last week".  Then the other person says "no, my policy is to discard addresses, I no longer have access to that address because I've discarded the private key".

I make it very clear to anyone that ever sends me bitcoins that the address they are sending to is only good for the one transaction and that NO FUTURE PAYMENTS to that same address will be honored or recognized.  If they choose to ignore this information and re-send to an address they have sent to in the past, I can not stop them, but it will be very clear that they have made a mistake and have sent to an address for which there is no known private key.  Such a payment will not (and cannot) be honored and the loss will be theirs.

At this point, you might (rightly, imho) doubt whether that person is being honest---what if they still have the key but are lying to you in order to trick you into paying them more than once.  Obviously the fact that the bitcoins you sent are still in the address you sent them to would be evidence that the person hasn't yet tricked you, but is not evidence that they won't trick you as soon as you send again to a new address at your expense.  I guess my point boils down to this: someone may say that they discard old private keys, but how can they prove this?  (I don't think they can.)

Lack of access to a private key cannot be proven.  However, if you've been told NOT to send to a particular address, and you send to that address anyhow, it is your choice and your loss.  As you put it, if you send to an address that I have given you in the past after I have informed you not to do so, then you are "shooting yourself in the foot (and receiving the real-life consequences of that action)".

it is an absolutely stupid idea to discard a private key.

That is an opinion, not a fact.

My opinion differs from yours on that matter.

And differs from Satoshi's, too:

Oct. 3, 2010: Sigh… why delete a wallet instead of moving it aside and keeping the old copy just in case? You should never delete a wallet.

source: https://bitcointalk.org/index.php?topic=1327.msg15136#msg15136

It is your opinion that "it is an absolutely stupid idea".

Satoshi suggested that keeping an old copy "just in case" was something to consider. It appears, at least at the time of that post, to have been his opinion that "You should never delete a wallet", though he doesn't seem to have made a value judgement on the intelligence of someone (like you did) that chooses to delete the wallet.

[BurtW]

... in order to adhere to an abstract principle that not everyone agrees with or thinks about.

Where the abstract principle you are talking about is address reuse.  I don't consider this an "abstract" issue.

Address reuse is the single largest internal threat to the long term viability of Bitcoin.  It is the single largest threat that we can do something about within the Bitcoin community.  Address reuse should be discouraged by any and all means possible.  Companies, individuals, charities, etc. who continue to reuse addresses should be boycotted until they change their ways.  Deterministic key pair generation should be used for all periodic payments, all donation addresses, all mining pool payouts, and all other times when multiple payments are made from one entity to another entity.

Ideally all addresses would be used only once and contain only two transactions:  a single funding transaction followed by an eventual single spending transaction.  All change should go to a fresh address every time.  

I wish the protocol enforced these rules.  If it were possible to make this change it is the only change to the protocol I personally would support at this time.

[tspacepilot]

Discarding the private key of an address you've used seems to me like shooting yourself in the foot (and receiving the real-life consequences of that action) in order to adhere to an abstract principle that not everyone agrees with or thinks about.

I see it more as documenting a set of rules (call it a "Constitution" if you like) and committing myself to that set of rules along with any real life consequences of that committment.

I guess I'm saying that I can see this adding up to a lot of disputes and accusations.  Imagine you send btc for a debt to someone who discards their old addresses in this way.  You say "I sent you that money, same address I paid you at last week".  Then the other person says "no, my policy is to discard addresses, I no longer have access to that address because I've discarded the private key".

I make it very clear to anyone that ever sends me bitcoins that the address they are sending to is only good for the one transaction and that NO FUTURE PAYMENTS to that same address will be honored or recognized.  If they choose to ignore this information and re-send to an address they have sent to in the past, I can not stop them, but it will be very clear that they have made a mistake and have sent to an address for which there is no known private key.  Such a payment will not (and cannot) be honored and the loss will be theirs.

As far as I can tell, you are putting a lot of risk on your ability to make this 'very clear to anyone who ever" sends you bitcoins.  I have to admit, if I understood this before sending you money, I'd say "well that's fine and no problem, he'll send me an address when he wants payment".  But if I didn't understand it beforehand, I think it would be hard for you to convince me that the loss was mine.  I would question whether anyone in their right mind would actually purposefully throw away the private key of an address they had already received payment at.  Your claims of constitution and principles would look very specious to me at that point.

At this point, you might (rightly, imho) doubt whether that person is being honest---what if they still have the key but are lying to you in order to trick you into paying them more than once.  Obviously the fact that the bitcoins you sent are still in the address you sent them to would be evidence that the person hasn't yet tricked you, but is not evidence that they won't trick you as soon as you send again to a new address at your expense.  I guess my point boils down to this: someone may say that they discard old private keys, but how can they prove this?  (I don't think they can.)

Lack of access to a private key cannot be proven.  However, if you've been told NOT to send to a particular address, and you send to that address anyhow, it is your choice and your loss.  As you put it, if you send to an address that I have given you in the past after I have informed you not to do so, then you are "shooting yourself in the foot (and receiving the real-life consequences of that action)".

Seems like in this scenario, who ends up with the consequences would be hashed out in a public dispute.  Perhaps the payer decides you are trying to scam and doesn't send again, perhaps you then label that person untrustworthy.  This example scenario is to vague and general to actually try to predict a specific outcome, but I think it's easy to see that it would be a mess.  By the way, has this happened to you?

... in order to adhere to an abstract principle that not everyone agrees with or thinks about.

Where the abstract principle you are talking about is address reuse.  I don't consider this an "abstract" issue.

I believe the abstraction lies in the fact that, as you say, the protocol doesn't enforce this.  The community doesn't (as a whole) do this---note the fact that we all have a "btc address" field in our bitcointalk profile info.

Address reuse is the single largest internal threat to the long term viability of Bitcoin.  It is the single largest threat that we can do something about within the Bitcoin community.  ...

I wish the protocol enforced these rules.  If it were possible to make this change it is the only change to the protocol I personally would support at this time.

This seems like hyperbole.  Can you really link my reuse of a vanity address to a concrete threat on the longterm viability of Bitcoin and the Bitcoin community?

[BurtW]

Address reuse is the single largest internal threat to the long term viability of Bitcoin.  It is the single largest threat that we can do something about within the Bitcoin community.  ...

I wish the protocol enforced these rules.  If it were possible to make this change it is the only change to the protocol I personally would support at this time.

This seems like hyperbole.  Can you really link my reuse of a vanity address to a concrete threat on the longterm viability of Bitcoin and the Bitcoin community?

You can read one of my many rants on this subject, which is very dear to my heart as you may have noticed, just check out my signature.

Post #58 in this very thread:

https://bitcointalk.org/index.php?topic=774741.msg8758673#msg8758673

[DannyHamilton]

By the way, has this happened to you?

Someone sent bitcoins to an address that is no longer under my control?

No.

Since you seem interested in hypothetical scenarios, lets consider this one:

• You re-use addresses all the time.
• People who send bitcoins to you are aware that you re-use addresses and don't think twice about sending bitcoins to an address they've used in the past
• You become victim to a hacker or malware and the addresses you've used in the past are no longer secure.
• You tell everyone that you can think of that they should not re-use any address that you've given them in the past
• Someone doesn't get your message, and sends bitcoins to one of your old addresses
• The bitcoins are moved out of the address by a thief before you can access them

Who is "responsible" for the loss?

You? Because you created an expectation in others that they could re-use your addresses?

The sender? Because they failed to confirm the address with you, and failed to receive the notice you had sent out?

Do they still owe you payment or not?

You might say that the address was hacked, and that they shouldn't have sent there, but how do they know if it was hacked?  How do they know that they missed your message?  Perhaps you moved the bitcoins out of the address, and then made up a story about the address being hacked?

This is a mess.

On the other hand, if you established early and often that addresses should never be re-used, then it becomes clear where the responsibility lies.  If they send to an address that you give them, it is your responsibility.  If they send to an address that you do not give them, then it is their responsibility.

note the fact that we all have a "btc address" field in our bitcointalk profile info.

Note that there isn't any btc address field when you look at my profile.

This seems like hyperbole.

No, it really doesn't.

[tspacepilot]

DannyHamilton,

I very much enjoyed your hypothetical scenario.  I think you did a great job showing how misunderstanding, poor-communication, and/or false-expectation can lead to a mess in the general case and that an address no-longer controlled by the first user can cause problems whether or not the first user discarded it willingly or lost it to an attack.

I think your example also highlights a little more of why you feel so strongly about this.  You see address reuse as a theft waiting to happen.  I guess what I don't yet understand is how you can store your coins at all with such a philosophy.  Isn't any balance you have at the moment waiting to be stolen in the same way that my past used addresses are?

On the other hand, what you said here:

note the fact that we all have a "btc address" field in our bitcointalk profile info.

Note that there isn't any btc address field when you look at my profile.

seems just plain snippy.  If you did have an address in that field on your profile that would be an act of amazing hypocracy given your "Constitution".  I referenced the btc address field of our profiles as evidence that your philosophy isn't necessarily shared by all (or even the majority).

This seems like hyperbole.

No, it really doesn't.

This remark is similarly terse and not really helpful.  Care to elaborate?