Topic: Address reuse is simpler than alternatives and not always bad - discussion - page 2. (Read 432 times)

To be more precise: owners need to protect private keys and chain codes (and indices in some cases) which are kind of a synonym for "extended private keys" (as in BIP-32). Do these terms fit better?

Change address is important to control your privacy levels.
Change
Address reuse

Blockchain explorers can identify your transactions as self-transfers, address reused or combine your inputs in same wallet.

https://blockstream.info/tx/13ae94ae542b118cc913ac0290c1b4ae82ed999fe7737b2c8043731a923b6d6a
https://blockchair.com/bitcoin/transaction/13ae94ae542b118cc913ac0290c1b4ae82ed999fe7737b2c8043731a923b6d6a

They can trace your transaction and gives its privacy score. You can pick some random transactions on blockchain explorers and use two block explorers (blockchair.com and Blockstream.info to check its privacy.

I think this is the main one. Commonly used for recurring payments such as in signature or avatar campaigns on this very forum.

Since they should verify before sending, I don't think this really applies. Same as when using IBANs, where you should double-check it before sending funds.

This is not really true ever since HD wallets and seed phrases are a thing. Nobody really uses and backs up individual private keys anymore. When we say 'not your keys', we usually mean 'not your seed phrase' or 'not your seed phrases'.

---

I have reused addresses (campaign payments), however I'm aware of those UTXOs and take my own precautions to make sure I still keep my privacy. It's not nearly as newbie-friendly as just using new addresses every time (since you seem to suggest that it's newbie-friendly to reuse.. I'd actually beg to differ).

I don't see much advantage of reusing same address, unless this is your only public donation address, or you are using it to receive payments from same client/company.
Address management is very important for privacy and with modern bitcoin wallets you only need to have one seed phrase to keep safe, and that can generate as many public addresses as you want.
There are some coins I don't want to be mixed together at all, that is why I have labels for addresses and transactions to make categorization in my wallet, similar like I would do with old style cash wallets.
One-for-all address is big no go for me, but people can do whatever they want.

This is a disadvantage, not an advantage.  By "advertising" a new address each time to receive a transfer, I can know exactly who sent me a payment, and why just by looking at the address it was sent to.  If I reuse an address, I can't distinguish one payment from another.


I disagree.  An address has a checksum built into it. So, if a sender makes a mistake typing it, then the mistake will be immediately identified by any reasonable wallet software and they will be unable to send to the wrong address.  Reusing an address encourages a sender to go retrieve the address from a list of addresses somewhere that they are maintaining, significantly increasing the risk that they accidentally retreive the wrong address. If they retrieve the wrong address from their list, it will be a valid address and the wallet software won't stop them from sending to it.


More steep learning curve for anyone that has ever worked with an invoice number.


It's just as difficult to protect a single key as it is to protect a thousand keys. Furthermore, if you use a new address each time, then there it doesn't matter if a key is somehow accidentally leaked once the funds that were received at that address have been spent. And, to top it all off, if you fail to protect a single key of a reused address, you'll lose ALL of your funds, if you fail to protect a single key of a non-reused address, you'll only lose that single payment, and still retain control of all your other funds.


That depends a bit on your specific use case.  For most users, it isn't any simpler or more complitcated.  You just run your wallet software, and teel your sender what address to sent to.


Actually, it increases the risk of a phishing attack.  If I re-use an address, then a phishing attack can create an address that looks similar to my "usual address".  Since my friends will be conditioned to expect that particular address, they are MUCH more likely not to notice the small difference. On the other hand, if I use a new address every time, my friends and I are far more likely to put verification processes in place.


Why would a sender need to store or keep addresses?  They are useless once they've been used. There is nothing for them to choose". I'll send them a new one for the next payment.


I disagree.  The difficulty of protecting a single key is exactly the same as the difficulty of protecting multiple keys.

I have not backed up the vast majority of my private keys, only my seed phrases. I haven't even looked at the vast majority of my private keys. There is no need to, and indeed, exporting and handling raw private keys is an unnecessary risk for the vast majority of bitcoin users. If you are using a BIP39 or other HD wallet, then all you need to back up is your seed phrase.

You are confusing individual private keys with extended private keys. Individual private keys are used to generate addresses. Extended private keys are used to generate child private keys.

If someone compromises an individual private key, then they compromise that address only.
If someone compromises an extended private key, then they compromise that address and all child addresses. They cannot compromise sibling or parent addresses without additional information.

Disagree if BIP-32 is considered. There is the specification of child private key derivation from a parent one (which doesn't have to be a master key): "(...) knowing an extended private key allows reconstruction of all descendant private keys (...)". QED.

That's correct for that particular case of master private key. It doesn't say anything about the need to protect child private keys.

I think it is not true. See the example of the extended private key: xprv9wTYmMFdV23N2TdNG573QoEsfRrWKQgWeibmLntzniatZvR9BmLnvSxqu53Kw1UmYPxLgboyZQa XwTCg8MSY3H2EU4pWcQDnRnrVA1xe8fs Can't anybody determine what the next private key in the chain is? I look forward to responses. I expect that there will be the same answers.

I mean a decision not to use a private key anymore (as a result of it being compromised for example).

If your seed phrase is kept safely, then all your private keys are safe as well. You are not going to keep each of your private keys in a separate location. All you need to keep is your seed phrase.


If a private key is compromised, it has nothing to do with other private keys.
If your seed phrase is compromised, all your private keys are compromised.


What do you mean by "revoking a private key"? I don't understand this.

I realized it lately and decided to use only one address in public which is one of the address I am using recently in review campaigns. It helps me to break connection with the private addresses I have although I am a regular user of mixer. Nothing is going to my private wallet without touching a mixer and nothing is coming out from my private wallet without touching the mixer again.

A sender will always are at the risk to input a wrong address unless they are maintaining an address book or such things. They could be a victim of copy paste clipboard malwares and easily send the payments to a scammer.

You basically need more learning than just using a random address from your wallet. It requires coin management.

A HD wallet can have as many address as you want. You only need to protect the seed phrase.

Disagree. It would be too simple to protect just seed phrase. In reality and by definition, all private keys (master + child ones) together with the seed phrase need protection. Seed may make backup easier while it does not replace the need for protection of private keys. It is important distinction. If a private key is compromised then all its child keys (and even parent keys in some cases) are compromised too. It's not viable to revoke a private key without revoking all its child keys. Is it incorrect?

This is fair point, especially for small organization/individual who accept Bitcoin as donation option.


I get your point. But the sender could just re-check latest Bitcoin address mentioned by receiver.



Mostly irrelevant due to HD wallet where user only need to backup recovery phrase/words or master private key (also called xprv). And on practice, they need to protect their device and wallet file instead.

You definitely have a point: those advantages that you enumerated make address reuse a very attractive option, especially for those afraid of "steep learning curves." But for those who wish to learn how to use tools, other, more privacy-friendly, options exist, and they have got exactly the same advantages: static payment address, fewer keys to protect, and less risk on the sender and receiver side.

Just to name a few:

1) BTCPayServer
2) https://paynym.is/
3) Silent Payments

For privacy, do not reuse an address unless there is a need to reuse it, like to be using an address to receive payment of salary. If you give customers an address, some will still make mistake if clipboard malware if their device is infected, it is good to check and recheck the address you are sending coin to before you click on the send icon.

You do not have to protect keys as seed phrase can do that for you and generate all the keys, we are no more in the era of nondeterministic wallet, HD wallets are recommended because of the seed phrase that are easier as backup. What you should backup and protect is your seed phrase.

Never mind me. I see all you wrote to be unnecessary.

Let's discuss various perspectives on reusing Bitcoin address, share experiences, opinions, find differences from alternatives, weigh pros and cons, define and exmplify situations in which reusing an address is the best option.

I think that there are some advantages of resuing an address:

• no need to advertise new address each time to receive transfer,
• less risk of mistake on sender side,
• less steep learning curve (e.g. for IBAN users),
• fewer keys to protect

just to name a few.

Advertisement an address is simpler vs maintenance of a system that advertises many unique ones. Also, a reused ("catch-all") address gives an opportunity to mititagate some of phishing attacks because other sources (trusted ones, e.g. friends, self-made or external directory) could validate an address. Moreover, storing and keeping many addresses is more complex for a sender (imagine choosing the best/valid address among hundreds of them pertaining to a recipient). Lastly, protection is simpler for one private key than many of them (even if they are generated in a deterministic way like BIP-32 or BIP-39).

There is the disadvantage that a list of transactions is not obscured (in comparison to using a new address for each transaction) - so-called "privacy" issue on the Bitcoin network.