Topic: How long to hack an address that is used to send BTC multiple times? - page 2. (Read 579 times)

Thanks.  Switching to a new address after every transaction is not feasible because of the high transaction fees.  Not to mention the transaction time. 


Thanks.  I don't own thousands of BTC, lol.  At the end of all my transactions (after a few months), I'll probably move my BTC to a new address then.  Hopefully, the transaction costs will be equal or less than what it is now (but who really knows).

If you imported your address into Electrum, the default behaviour is to send the coins back to the origin address. They cannot implement change address since they aren't going to generate addresses without seeds for you. The reason for this is to minimise confusion.


The current problem with ECDSA is that it is susceptible to attacks by quantum computer due to Shor's algorithm. This means that quantum computers can potentially crack ECDSA in a reasonable amount of time. However, the current progress of quantum computing is not anywhere near to the point for which encryptions are vulnerable to them. Even so, it may take some time for each address to be cracked.

Frankly speaking, unless you own thousands of BTC, no one would bother to try your address. It isn't free to use nor is it cheap and there are other things to crack than your BTC address.

Yeah, I admit it's lazy.  I need to tinker with Electrum more.  I imported a private key into Electrum-LTC and spent some LTC.  For whatever reason, by default, after I spent a portion of the LTC, the Electrum-LTC wallet sent the leftover LTC back to the original address.  I'm assuming if Electrum-LTC is a fork of Electrum, they both work similarly for imported private keys.

Having said that though, I have my private key for my BTC address printed out.  I plan to spend some BTC over the next several weeks (or months).  At the very end of my spending, I then plan to move the remaining BTC to a new address so that it cannot be hacked.  But during the next few weeks and months, it's just a hassle to generate a new address each time, and then record the private key for each new address (hardware wallets are all sold out around the area I live).  As for the privacy of the destination address, it's a BTC address for my account on an exchange so I don't care too much about privacy.

That's why I was wondering what is the possibility that somebody can hack my address over the next several months if I reuse it.  If the probability is extremely low, I don't mind the risk I take over the next several months, provided that at the end of my spending at the end of the next few months, that I move my coins to a new address and don't spend from the new address.

In your opinion, do hackers even have the technology or has a weakness in ECDSA been found recently such that reusing the same address over the next few months is susceptible to being hacked?

The author is suggesting that IF there is a flaw in the RNG that YOU are using THEN "it becomes possible for someone to use multiple signatures from the same private key to compute that private key and steal your bitcoins".

If you don't re-use the address, then that is less of a concern. A poor RNG used when generating the signature is less significant if you don't re-use the address.

Under NORMAL use (where your RNG and signature generating software is not compromised), ECDSA is CURRENTLY sufficiently secure to re-use addresses.

However...

WHY would you INTENTIONALLY expose yourself to the POSSIBILITY that your RNG MIGHT not be as good as you'd like?

WHY would you INTENTIONALLY expose yourself to the POSSIBILITY that a weakness in ECDSA MIGHT be discovered in the future?

WHY would you INTENTIONALLY reduce your own privacy AND the privacy of those that you engage in transactions with?

Especially, when you can improve all 3 of those situations by simply generating a new address for EVERY transaction?  A business wouldn't re-use an invoice number, why would you re-use a bitcoin address?

---

A bitcoin address is NOT an account number.  A bitcoin address is something that you give to a single entity for a single purpose, so that you can identify when that entity has paid you for that purpose.

Lets imagine that I have a single address that I use for everything.  Lets call it 1ThisIsReallyStupid.

Now, lets say John offers to buy something from me. I give John my address "1ThisIsReallyStupid" and tell John I'll ship it as soon as I see a payment.  Now lets say Mike, who has purchased from me in the past, sends me a payment and an email saying "Hey Danny, I just sent you a payment, can you send me some more of your awesome product?".  Unfortunately, I don't immediately see Mike's email, so I assume that the payment was from John.  I ship John the product.  Then I see Mike's email!

Oh noes!

John is now receiving product that he never paid for!  How could I possibly have avoided this terrible problem???

Oh, wait. Lets hop back in our time machine to the first time I ever engaged in business with Mike...

"Mike, the address FOR THIS TRANSACTION is '1UniqueAddressForTransaction001'. As soon as proper payment is received at that address, I'll ship the product.  Please contact me for a new address for any future shipments."

Now we can fast-forward to the present where John wants some product...

"John, the address FOR THIS TRANSACTION is '1UniqueAddressForTransaction002'. As soon as proper payment is received at that address, I'll ship the product.  Please contact me for a new address for any future shipments."

Then Mike fails to follow instructions.  He sends to the ONLY address for me that he has EVER known '1UniqueAddressForTransaction001'. and sends his email.

John's product does not get shipped, because '1UniqueAddressForTransaction002' is STILL UNFUNDED!  Wow! Amazing how well that works.

I send a quick email to Mike:
"Mike, our order tracking system uses bitcoin addresses as invoice numbers.  Your payment to '1UniqueAddressForTransaction001' will not trigger shipment on your new product order since that shipment requires the appropriate funds to be sent to '1AddressAlsoUniqueForTx003'.  Would you like us to forward the funds from '1UniqueAddressForTransaction001' to '1AddressAlsoUniqueForTx003' on your behalf or would you like us to send those funds back to you (if so, please provide a bitcoin address to send to)? Note that (as indicated in our terms of service) re-sending funds that have been sent to an incorrect bitcoin address will incur a 0.002 BTC fee per transaction received by us."

---

Actually, I think the advice against address-reuse is based on the concept that it reduces both your own privacy AND the privacy of everyone that you engage in transactions with.

The slight protection against "future breaks against ECDSA" is an added side-benefit, but not the most compelling reason.

No. He's correct.

You got the meaning wrong however. My reply does assume that the RNG is flawed(in a poorly implemented wallet). The point with that sort of attack is that an attacker can easily get your private key using at least two signatures that reuses the R value. If the wallet is flawed, the values could potentially be the same and address reuse does mitigate this since each address would only have one output that would be spent and the address would only be used once.

Ok.  I'm not an expert in this, that's why I'm asking.  I read this reply in another thread (https://bitcointalksearch.org/topic/m.2969391):


The author of this quote is implying that the more you reuse your public address, the easier it becomes to generate the private key from the public key.  The author seems to be implying there is a flaw with the RNG (I assume your reply assumes the RNG is not flawed).  Is there a flaw with the author's quote above?

It's unknown. The advice against address-reuse is based on the general risk of future breaks against ECDSA, which cannot be ruled out. It's certainly not susceptible to brute-forcing, since that is on the order of 2²⁵⁵, which is effectively infinite (more than the number of particles in the universe, etc. etc.) But if some clever mathematician figures out a cryptographic break against ECDSA that weakens ECDSA keys, it would be necessary to sweep funds from wallets secured only by ECDSA to something else. P2PKH/P2WPKH resolves this issue by publishing only the key-fingerprint instead of the entire pubkey. Even if there is a break against ECDSA, there is no short-term risk of your coins being stolen. Coins in long-term cold storage (timelocked), for example, need this feature.

Untrue. Unless your wallet generate keys with reused R values, it is safe to say that your BTC is safe for the time being.
Depends. If you generated the HD wallet in Electrum, Electrum will automatically send the change to a new address. The other unspent inputs remain in the address unless you change your settings.
With todays technology, it would be infeasible to crack ECDSA (way more than 10 years). It might change with quantum computing though. You don't have to worry about it. Due to some circumstances, I was reusing my previous address for 3 years with upwards of 700 transactions. Nothing has happened yet.

If you have a public address and you reuse this address to send BTC from multiple times, my understanding is that your public address is more susceptible to being hacked (ie. easier for somebody to generate the private key from your public address).  From what I have read, if you send BTC from your public address and you keep any leftover coins in that public address, your public address is only protected by ECDSA.  I have also read that the more you reuse the same address to send BTC, the more your address is susceptible to being hacked.

So let's say I am using a public address.  I send a portion of my BTC from my public address to somebody else but the leftover BTC remains in my public address (doesn't Electrum keep your leftover BTC in the same address by default?).  I use this same public address to send BTC from over the next several weeks.  In total, I have sent from this address 4 or 5 times over several weeks.  Several weeks later, after I am done sending my BTC, I backup my wallet and my private key, uninstall Electrum and decide to let my leftover BTC sit there in my public address.

With today's technology, how long would it take to hack this public address?  Is this something I don't have to worry about for the next 10 years?  The next 5 years?  The next 1 year?