Author

Topic: What is the purpose of sending change to a new address (Read 778 times)

legendary
Activity: 4522
Merit: 3426
You can't always tell which address is the change address. Take a look at this this random transaction:

To me it seems to create more problems than benefits, for example, now you have to keep a pool of private keys.  Should your wallet be a busy one and get corrupted, you could loose some private keys between back-ups.  Where as with a single address, the one backup is all you would ever need.

That is not really true. Though Bitcoin Core (and some others) have the disadvantage of requiring you to back up your wallet every 100 transactions, the best wallets now are HD wallets and only require you to back up the initial seed used to create the wallet.
hero member
Activity: 854
Merit: 1000
The simple purpose is to increase your anonimity,by using many address,tracing your bitcoins is more difficult
hero member
Activity: 490
Merit: 500
Captain
I apologize if this has been asked or debated before.  I am wondering what was the rational behind having the 'change' sent to a new address instead of the existing one?  Besides a false sense of anonymity, what else does it offer.

I understand that with coin control this is an optional behavior, but why is it still the default?

To me it seems to create more problems than benefits, for example, now you have to keep a pool of private keys.  Should your wallet be a busy one and get corrupted, you could loose some private keys between back-ups.  Where as with a single address, the one backup is all you would ever need.

Some wallets is not using change addresses, they send the change directly back to the sending address, effectly only using one address ... it works fine.
But this is not how bitcoin is designed, it works because there is no limitation to doing so.

The purpose of the change address has nothing to do with anonymity, since it provide none.
The problem is that each time you sign a transaction, you "expose" a correlation to the private key.
There has been examples where this can be used to "hack" your private key, but this was due to bad wallet implementation.

The safest way to use bitcoin, is to only use a private key one time and one time only.

I know the counter argument to this:
This will confuse the user, when constantly change address?

The answer is: The user should really not care about addresses and blockchain, the only reason why a bitcoin user today need to care about these things, is because bitcoin is not yet fully developed.
 
legendary
Activity: 3472
Merit: 4801
Using a new address for every transaction doesn't guarantee anything.

However it does improve security, privacy, and the fungible nature of bitcoin.

Additionally, it discourages the mistaken assumption that a bitcoin address is an "account number".
hero member
Activity: 560
Merit: 509
I prefer Zakir over Muhammed when mentioning me!
Thanks for the constructive replies.  I'm hoping to gain an understanding as to why the Bitcoin developers chose this behavior as a design/feature for the reference implementation of the wallet.  They are intelligent individuals so there must be a reason beyond 'anonymity'.

If one wanna stalk you at least he will have some work to do.

If you only have 1 address for input and output anyone can see anything they want with no efford

An understandable and valid point.

However a stalker can use the power of a computer and scan the block chain much the way a block explorer currently does.  Before the block explorer, it took some effort to trace a single address.  With the block explorer, it's dead simple. Today it takes a little extra effort to trace multiple address back to the source.  As Bitcoin matures, so will the tools and utilities that analyze the block chain, eventually making the trace-ability of multiple address dead simple to anyone. 

The fact that the block chain is a public record accessible to the public nullifies any type of 'anonymity'.  Once a person is matched with an address, no matter how many they have, a computer can analyze the ins and outs, and provided the desired data.

Bitcoin isn't built for anonymity even though it offers it but it has limits. Only way people can know two addresses are connected to each other is if a transactions used inputs from those two addresses but it still doesn't mean they are owned by *one* person.

An address which has transactions going out has slightly less security than a brand new address.

I don't understand.  In what context are you referring to 'security' here?

P.S. Reusing address especially if you use a buggy client has a high risk of exposing private key of your address.

Interesting... I knew there was more to it.

jbrnt probably meant what I said by "security issues".

Reusing addresses especially if you use a buggy client exposes reused R values. Reused R values can be used to find your private key. For educational purpose only: https://bitcointalksearch.org/topic/m.10669517.
full member
Activity: 156
Merit: 102
Crypto Currency Developer
Thanks for the constructive replies.  I'm hoping to gain an understanding as to why the Bitcoin developers chose this behavior as a design/feature for the reference implementation of the wallet.  They are intelligent individuals so there must be a reason beyond 'anonymity'.

If one wanna stalk you at least he will have some work to do.

If you only have 1 address for input and output anyone can see anything they want with no efford

An understandable and valid point.

However a stalker can use the power of a computer and scan the block chain much the way a block explorer currently does.  Before the block explorer, it took some effort to trace a single address.  With the block explorer, it's dead simple. Today it takes a little extra effort to trace multiple address back to the source.  As Bitcoin matures, so will the tools and utilities that analyze the block chain, eventually making the trace-ability of multiple address dead simple to anyone.  

The fact that the block chain is a public record accessible to the public nullifies any type of 'anonymity'.  Once a person is matched with an address, no matter how many they have, a computer can analyze the ins and outs, and provided the desired data.

An address which has transactions going out has slightly less security than a brand new address.

I don't understand.  In what context are you referring to 'security' here?

P.S. Reusing address especially if you use a buggy client has a high risk of exposing private key of your address.

Interesting... I knew there was more to it.
hero member
Activity: 560
Merit: 509
I prefer Zakir over Muhammed when mentioning me!
Sending change to a new address means you are never reusing an address. That improves anonymity and security. An address which has transactions going out has slightly less security than a brand new address.

Does it though? How does it improve anonymity when you can see where the change has gone and it just makes it more likely that you will spendlink from the addresses in the future.

Every time change is send to new address. Except persons who you told that they are your addresses, nobody has concrete proofs they are you addresses unless it is somehow linked in a transaction.

When reusing address i.e. always sending change back to the input address, people will know how much Bitcoin you have, where you get your Bitcoin etc...

After evaluating both cases, first is better than second i.e. sending change to new address is better than sending it back to the input address.

P.S. Reusing address especially if you use a buggy client has a high risk of exposing private key of your address.
member
Activity: 62
Merit: 10
Sending change to a new address means you are never reusing an address. That improves anonymity and security. An address which has transactions going out has slightly less security than a brand new address.

Does it though? How does it improve anonymity when you can see where the change has gone and it just makes it more likely that you will spendlink from the addresses in the future.
sr. member
Activity: 367
Merit: 250
If one wanna stalk you at least he will have some work to do.

If you only have 1 address for input and output anyone can see anything they want with no efford
hero member
Activity: 672
Merit: 500
Sending change to a new address means you are never reusing an address. That improves anonymity and security. An address which has transactions going out has slightly less security than a brand new address.
full member
Activity: 156
Merit: 102
Crypto Currency Developer
I apologize if this has been asked or debated before.  I am wondering what was the rational behind having the 'change' sent to a new address instead of the existing one?  Besides a false sense of anonymity, what else does it offer.

I understand that with coin control this is an optional behavior, but why is it still the default?

To me it seems to create more problems than benefits, for example, now you have to keep a pool of private keys.  Should your wallet be a busy one and get corrupted, you could loose some private keys between back-ups.  Where as with a single address, the one backup is all you would ever need.
Jump to: