Pages:
Author

Topic: "New address for each payment" is a logic bomb - page 3. (Read 9190 times)

legendary
Activity: 2142
Merit: 1010
Newbie
Does that revealed information make the address less secure?
I think what you are referring to is the fact that when you spend coins, you have to sign the tx with your private key, thus giving a "hint" about it.

Ah ok that makes sense, so is that a theoretical/academic risk or a real practical risk?

If someone owns a quantum computer he will be able to recover the private key almost as fast as u sign a message with it. So until the public key is unknown the private key can't be picked.
legendary
Activity: 1176
Merit: 1015
Does that revealed information make the address less secure?
I think what you are referring to is the fact that when you spend coins, you have to sign the tx with your private key, thus giving a "hint" about it.

Ah ok that makes sense, so is that a theoretical/academic risk or a real practical risk?
sr. member
Activity: 336
Merit: 250
Cuddling, censored, unicorn-shaped troll.
Does that revealed information make the address less secure?
I think what you are referring to is the fact that when you spend coins, you have to sign the tx with your private key, thus giving a "hint" about it.
legendary
Activity: 1176
Merit: 1015
However once an address spends coins it reveals something? I forget what that something is. I remember reading an address that has not spent coins is somewhat safer. Is this something that could be overcome too?

That is a public key.

Does that revealed information make the address less secure?
legendary
Activity: 2142
Merit: 1010
Newbie
However once an address spends coins it reveals something? I forget what that something is. I remember reading an address that has not spent coins is somewhat safer. Is this something that could be overcome too?

That is a public key.
legendary
Activity: 1176
Merit: 1015
If that was as u said then we wouldn't need http://zerocoin.org/

Oh true, we certainly need zerocoin or coinjoin very soon. I would imagine if either one of those systems became commonplace and in the reference client you could make a very good argument that the creation of a new address for every transaction is not required for anonymity.

However once an address spends coins it reveals something? I forget what that something is. I remember reading an address that has not spent coins is somewhat safer. Is this something that could be overcome too?
legendary
Activity: 2142
Merit: 1010
Newbie
The way I imagine change addresses working, I always thought that they are increasing anonymity somewhat. Why do you disagree?

If money never returns to base, so to speak, it always looks like it is moving forward somewhere and working out what forward is the merchant and what forward is you can become difficult.

If that was as u said then we wouldn't need http://zerocoin.org/
legendary
Activity: 1176
Merit: 1015
What could a solution be?

Keep reusing addresses. Sending change to a new address doesn't increase anonymity.

The way I imagine change addresses working, I always thought that they are increasing anonymity somewhat. Why do you disagree?

If money never returns to base, so to speak, it always looks like it is moving forward somewhere and working out what forward is the merchant and what forward is you can become difficult.
legendary
Activity: 2142
Merit: 1010
Newbie
What could a solution be?

Keep reusing addresses. Sending change to a new address doesn't increase anonymity.
legendary
Activity: 1176
Merit: 1015
As u know, each time u make a payment Satoshi's client generates a new address to send change to. He (or someone else) also advised to create a new address each time someone needs to receive a payment (for anonymity reason). Entropy of an address is 160 bits (due to RIPEMD-160 "compression"). Applying Birthday Paradox we get that when 2^80 addresses are created we will, likely, get a collision. This is not critical, coz "older" address will be empty, probably. But this can be used in black PR against Bitcoin. An adversary (who is generating addresses non-stop) will be able to show 2 different public keys with the same address. Media will be happy to publish articles with "Bitcoin completely broken" title...

I understand that the eventual collision of two keys will be blown way out of proportion and used as an attack by the media and conflicting interests. However what can we do? The current advice to not reuse keys is very sound and the benefits outweigh the risk by far.

What could a solution be? So that the media never gets this opportunity... CFB, if the key space is now 2^161 how much does this offset the probabilities in the birthday paradox? What keyspace would make any collision unlikely given every human producing a trillion addresses every nano second for thousands of years? 2^1000000?

As I see your claim, that a collision is going happen sooner than the conventional thought allows, the solution would be to make the key space so much larger that any collision is unlikely forever.
legendary
Activity: 2142
Merit: 1010
Newbie
Because:
1) people are lazy to check wtf is the birthday paradox
2) math is not quite as easy as watching baseball
3) your thread assumes a vulnerability of the bitcoin protocol , so i'm not sure why haven't you already been burned as an "infidel" already Cheesy

So true
hero member
Activity: 826
Merit: 501
in defi we trust
Heh, why do ppl post in this thread if they have no clue what birthday paradox is...

Because:
1) people are lazy to check wtf is the birthday paradox
2) math is not quite as easy as watching baseball
3) your thread assumes a vulnerability of the bitcoin protocol , so i'm not sure why haven't you already been burned as an "infidel" already Cheesy
legendary
Activity: 2142
Merit: 1010
Newbie
Heh, why do ppl post in this thread if they have no clue what birthday paradox is...
legendary
Activity: 1176
Merit: 1005
I think it's also possible that a black hole will suddenly erupt above the New York Stock Exchange and suck in everything there, then suddenly disappear back to whence it emerged.

It COULD happen.  Prove it couldn't. 

So we should probably get rid of stock exchanges.  Especially the Nikkei.  It's just as likely to suffer such an event.
hero member
Activity: 826
Merit: 501
in defi we trust
I think the math works out that there's more Bitcoin addresses than there are atoms in the universe.  Basically, it's been talked about many times, and it's nothing to worry about.

The latest numbers show around 10^80 atoms so there are "a bit" more atoms.
hero member
Activity: 728
Merit: 540
So, you made your point, maybe somewhere sometime someone will get an account that belongs to someone else, probably getting 0.01 BTC free
All right.

U could read the OP at least before replying...

Not worth answering.
legendary
Activity: 2142
Merit: 1010
Newbie
So, you made your point, maybe somewhere sometime someone will get an account that belongs to someone else, probably getting 0.01 BTC free
All right.

U could read the OP at least before replying...
legendary
Activity: 2142
Merit: 1010
Newbie
Bitcoin network hashrate is 5*10^15 ~ 2^52. So in 2^28 seconds (8 years) we'll reach this number. Doesn't look too large. And this is without the Moore's law.

It's also without consideration that mining hardware cannot be used for finding duplicates.

That was an assessment.
hero member
Activity: 728
Merit: 540
So, you made your point, maybe somewhere sometime someone will get an account that belongs to someone else, probably getting 0.01 BTC free
All right.

No system is perfect. Abstractions do leak. Everyday people make mistakes and loose bitcoin accounts, or send money to the wrong account or have their computer hacked and get robbed from their btc accounts.

So What ?  1 error over tens of millions transactions should make the complete system unusable ? nope. It's a fairly good reliability. Far more reliable than any other banks.


sr. member
Activity: 251
Merit: 250
Bitcoin network hashrate is 5*10^15 ~ 2^52. So in 2^28 seconds (8 years) we'll reach this number. Doesn't look too large. And this is without the Moore's law.

It's also without consideration that mining hardware cannot be used for finding duplicates.
Pages:
Jump to: