Reusing bitcoin addresses? | Bitcointalksearch.org

Coef

hero member

Activity: 882

Merit: 1000

Exhausted

Quote from: vnvizow on March 28, 2014, 11:24:56 PM

Quote from: ?? on ??

comroll,

What is the purpose of this copy/paste from an earlier post in this same thread?

Quote from: ?? on ??

Regardless of future possible discovery of weaknesses in ECDSA, even by today's standards . . .

Quote from: uminatsu on February 11, 2014, 02:17:06 PM

Regardless of future possible discovery of weaknesses in ECDSA, even by today's standards . . .

You did the same thing today in at least 3 other threads:
https://bitcointalksearch.org/topic/what-happens-to-funds-sent-to-invalid-payment-address-31145
https://bitcointalksearch.org/topic/is-there-a-way-to-make-bitcoins-without-mining-420841
https://bitcointalksearch.org/topic/how-about-we-steer-the-value-of-a-bitcoin-442845

Obviously he's spamming, aaaaand he's deleting his posts Tongue

More likely, his posts have been deleted by a mod.

vnvizow

sr. member

Activity: 364

Merit: 250

Quote from: ?? on ??

comroll,

What is the purpose of this copy/paste from an earlier post in this same thread?

Quote from: ?? on ??

Regardless of future possible discovery of weaknesses in ECDSA, even by today's standards . . .

Quote from: uminatsu on February 11, 2014, 02:17:06 PM

Regardless of future possible discovery of weaknesses in ECDSA, even by today's standards . . .

You did the same thing today in at least 3 other threads:
https://bitcointalksearch.org/topic/what-happens-to-funds-sent-to-invalid-payment-address-31145
https://bitcointalksearch.org/topic/is-there-a-way-to-make-bitcoins-without-mining-420841
https://bitcointalksearch.org/topic/how-about-we-steer-the-value-of-a-bitcoin-442845

Obviously he's spamming, aaaaand he's deleting his posts Tongue

vnvizow

sr. member

Activity: 364

Merit: 250

Normally only large businesses do that, the security an offline wallet provide is enough for personal use.

oriel2

newbie

Activity: 42

Merit: 0

Quote from: dbasql on January 27, 2013, 07:08:35 PM

It seems you may want to have several addresses if you are getting coins from multiple sources. At least then you know who and what has come in.

On a non tech level this was true for me - I used the same address in multiple locations and got payments from someone - I hav no way of knowing now which company / person sent the BTC to me!

Coef

hero member

Activity: 882

Merit: 1000

Exhausted

Quote from: Rach3 on March 05, 2014, 05:30:28 AM

Very interesting read. So what does 2^128 'time' mean? Aren't we still talking about many many times the universe age? Even with speed increase of supercomputers considered?

True, but it could be a different story if a weakness in ECDSA is found.

Another problem is anonymity.

Rach3

newbie

Activity: 1

Merit: 0

Very interesting read. So what does 2^128 'time' mean? Aren't we still talking about many many times the universe age? Even with speed increase of supercomputers considered?

uminatsu

jr. member

Activity: 55

Merit: 2

Regardless of future possible discovery of weaknesses in ECDSA, even by today's standards I believe it is much less secure to re-use an address whose ECDSA public key is known.

When the ECDSA public key is not yet publicly known, the bitcoin address is at least as secure as RIPEMD is secure against preimage attack, because anyone able to spend from that address need to find a RIPEMD preimage. There's no known method better than brute-force search which takes ~ 2^160 time.

When the ECDSA public key is publicly known, the bitcoin address is no more harder to crack than solving the EC discrete logarithm problem on the secp256k1 curve, for which there's known methods (such as baby-step giant-step) in ~ 2^128 time.

Quote from: DannyHamilton on January 28, 2013, 10:05:27 PM

Quote from: CIYAM on January 28, 2013, 09:39:52 PM

Pretty much correct - to spend an "unspent output" (i.e. a part of your total BTC "balance") you must include the public key for the address and a script signature (so it can be verified). At that point any other "unspent outputs" to that same address are *more vulnerable* as your public key is now known (before only a RIPEMD hash was known).

Unless I'm mistaken, prior to spending any unspent outputs associated with an address, what was known was a RIPEMD hash of a SHA256 hash.

So, when you first receive an output to a previously unused address, the layers between your private key and what is publicly known are ECDSA->SHA256->RIPEMD resulting in a "bitcoin address".

Once you spend any single (or more) output that had been sent to the address, the only layer between your private key and what is publicly known is ECDSA.

This means that if a weakness is found in the future in any two of ECDSA, SHA, and RIPEMD, the bitcoins associated with addresses that are only used once are still safe from any brute force attempt. However, once an address has been used once to spend a previous output, all current and future bitcoins associated with that address become immediately vulnerable if a weakness is discovered in ECDSA even if no weakness is discovered in SHA or RIPEMD.

0dayatciyam.org

newbie

Activity: 5

Merit: 0

Quote from: CIYAM on January 09, 2013, 11:38:58 PM

Quote from: eleuthria on January 09, 2013, 11:33:36 PM

102 BTC returned in this transaction: http://blockchain.info/tx-index/42579467/4a0fe8cb78b19778a49d171642649c9ee25453ed206894c88b049d0ee7939a0f

I'd highly recommend not creating raw transactions in the future unless absolutely necessary

. $1,500 is a pretty risky mistake if it didn't land on a known pool wallet/IP.

Very much appreciated - although I've been doing raw tx's without a problem for weeks I guess the exhaustion of working over 12 hours per day for the last week has clearly taken its toll.

I will certainly be "ultra-cautious" with all future raw tx's.

it wuld appear that security is not a thing you should talk.

DannyHamilton

legendary

Activity: 3472

Merit: 4801

Quote from: CIYAM on January 28, 2013, 09:39:52 PM

Pretty much correct - to spend an "unspent output" (i.e. a part of your total BTC "balance") you must include the public key for the address and a script signature (so it can be verified). At that point any other "unspent outputs" to that same address are *more vulnerable* as your public key is now known (before only a RIPEMD hash was known).

Unless I'm mistaken, prior to spending any unspent outputs associated with an address, what was known was a RIPEMD hash of a SHA256 hash.

So, when you first receive an output to a previously unused address, the layers between your private key and what is publicly known are ECDSA->SHA256->RIPEMD resulting in a "bitcoin address".

Once you spend any single (or more) output that had been sent to the address, the only layer between your private key and what is publicly known is ECDSA.

This means that if a weakness is found in the future in any two of ECDSA, SHA, and RIPEMD, the bitcoins associated with addresses that are only used once are still safe from any brute force attempt. However, once an address has been used once to spend a previous output, all current and future bitcoins associated with that address become immediately vulnerable if a weakness is discovered in ECDSA even if no weakness is discovered in SHA or RIPEMD.

CIYAM

legendary

Activity: 1890

Merit: 1086

Ian Knowles - CIYAM Lead Developer

Quote from: phoenox on January 28, 2013, 09:20:24 PM

So if you don't reuse your addresses then you will have two layers of encryption, but if you do you will only have one? But this only applies if you reuse the address after you have spent money from it.

Pretty much correct - to spend an "unspent output" (i.e. a part of your total BTC "balance") you must include the public key for the address and a script signature (so it can be verified). At that point any other "unspent outputs" to that same address are *more vulnerable* as your public key is now known (before only a RIPEMD hash was known).

Quote from: phoenox on January 28, 2013, 09:20:24 PM

If i am understanding right, this is also related to why when you spend coins, the entire balance in that account is spent, but whatever change you need is sent back to you in a new address.

A transaction is actually a "script" that can have multiple inputs and outputs with the "inputs" being either "coinbase" (from mining) or "unspent outputs" (from transactions that were sending funds to yourself).

Each "input" must be completely spent (fees are actually the total amount of the inputs minus the total outputs so you effectively don't spend a small amount of your inputs in order to "pay a fee").

Typically your input(s) are not going to exactly match the amount you want to send and so a "change" address is added as another output to solve this.

Quote from: phoenox on January 28, 2013, 09:20:24 PM

If I spend money twice or three times, will the client or the network automatically change the account that is being spent from every time?

The network has nothing to do with it - your client will "somewhat" randomly choose which "unspent outputs" to use (with some checks to avoid you needing to pay too much in fees).

phoenox

newbie

Activity: 12

Merit: 0

Looks like there is a lot of misinformation about this.

So if you don't reuse your addresses then you will have two layers of encryption, but if you do you will only have one? But this only applies if you reuse the address after you have spent money from it.

If i am understanding right, this is also related to why when you spend coins, the entire balance in that account is spent, but whatever change you need is sent back to you in a new address.

If I spend money twice or three times, will the client or the network automatically change the account that is being spent from every time?

CIYAM

legendary

Activity: 1890

Merit: 1086

Ian Knowles - CIYAM Lead Developer

It is much more secure (not just more anonymous) to never re-use an address (and yes - am aware of my sig and you'll notice there a no unspent outputs on that address).

The reason being that once you have signed a tx for any unspent output that was sent to that address (i.e. once you "spend from it" and with the standard client you can't easily control how it chooses which unspent outputs to "spend from") then you have "released" your "public key" (prior to that only the Base58 encoded RIPEMD hash of it was publicly known - also known as the "address").

Now if the ECDSA that Bitcoin uses ever becomes found to be "crackable" then the "private key" to your "address" could be feasibly be cracked and any "remaining" unspent outputs to that address could now be spent by the cracker.

edd

donator

Activity: 1414

Merit: 1002

Providing a new address for each transaction is a very efficient way for merchants to track payments.

scrumbly

newbie

Activity: 7

Merit: 0

Yeah, this feels like paranoia for the normal use case. If you're just fiddling around with bitcoins (and not, I dunno, laundering drug money) is it really worth all the effort and maintenance to have a new address for every transaction?

dbasql

full member

Activity: 219

Merit: 100

Ethics and Science need to shake hands

It seems you may want to have several addresses if you are getting coins from multiple sources. At least then you know who and what has come in.

timando

newbie

Activity: 7

Merit: 0

The main reason to use a new address is to hide the fact that it's you. The reason that the client gives a new address each time is to help you to stay anonymous. The reason you need to stay anonymous is because the entire transaction history is available to everyone. This means that people can see exactly what's going on. If you reuse addresses, it makes it a lot easier for someone to see what's going on with your bitcoins. Reusing an address has no disadvantages if you don't care about everyone seeing exactly what you do with your money (If you're the type of person who tweets about their breakfast and posts on Facebook about their every action, you have nothing to worry about)

Otoh

donator

Activity: 3108

Merit: 1166

It's only relevant if you are aiming for 100% anonymity, otherwise it doesn't matter at all & you can keep using the same addresses for receiving & also sending TX np.

edit: as above

Akka

legendary

Activity: 1232

Merit: 1001

There is no technical reason to not reuse addresses. Also you don't give one person each time you revive a payment a new address.

The only reason you might not want to reuse addresses is to maximise anonymity.

For example there even are services like BTCT.co that don't allow you to change you receive address once you have set one.

Gabi

legendary

Activity: 1148

Merit: 1008

If you want to walk on water, get out of the boat

Only reason is anonimity. Except that, there is no problem.

ThickAsThieves

hero member

Activity: 518

Merit: 500

While there are reasons a person might want to "burn" addresses, it is not necessary.

Topic: Reusing bitcoin addresses? (Read 30273 times)