What is the purpose of sending change to a new address

odolvlobo

legendary

Activity: 4466

Merit: 3391

You can't always tell which address is the change address. Take a look at this this random transaction:

Quote from: myfirst on May 19, 2015, 11:57:02 AM

To me it seems to create more problems than benefits, for example, now you have to keep a pool of private keys. Should your wallet be a busy one and get corrupted, you could loose some private keys between back-ups. Where as with a single address, the one backup is all you would ever need.

That is not really true. Though Bitcoin Core (and some others) have the disadvantage of requiring you to back up your wallet every 100 transactions, the best wallets now are HD wallets and only require you to back up the initial seed used to create the wallet.

ticoti

hero member

Activity: 854

Merit: 1000

The simple purpose is to increase your anonimity,by using many address,tracing your bitcoins is more difficult

Scamalert

hero member

Activity: 490

Merit: 500

Captain

Quote from: myfirst on May 19, 2015, 11:57:02 AM

I apologize if this has been asked or debated before. I am wondering what was the rational behind having the 'change' sent to a new address instead of the existing one? Besides a false sense of anonymity, what else does it offer.

I understand that with coin control this is an optional behavior, but why is it still the default?

To me it seems to create more problems than benefits, for example, now you have to keep a pool of private keys. Should your wallet be a busy one and get corrupted, you could loose some private keys between back-ups. Where as with a single address, the one backup is all you would ever need.

Some wallets is not using change addresses, they send the change directly back to the sending address, effectly only using one address ... it works fine.
But this is not how bitcoin is designed, it works because there is no limitation to doing so.

The purpose of the change address has nothing to do with anonymity, since it provide none.
The problem is that each time you sign a transaction, you "expose" a correlation to the private key.
There has been examples where this can be used to "hack" your private key, but this was due to bad wallet implementation.

The safest way to use bitcoin, is to only use a private key one time and one time only.

I know the counter argument to this:
This will confuse the user, when constantly change address?

The answer is: The user should really not care about addresses and blockchain, the only reason why a bitcoin user today need to care about these things, is because bitcoin is not yet fully developed.

DannyHamilton

legendary

Activity: 3472

Merit: 4801

Using a new address for every transaction doesn't guarantee anything.

However it does improve security, privacy, and the fungible nature of bitcoin.

Additionally, it discourages the mistaken assumption that a bitcoin address is an "account number".

Muhammed Zakir

hero member

Activity: 560

Merit: 509

I prefer Zakir over Muhammed when mentioning me!

Quote from: myfirst on May 19, 2015, 01:07:14 PM

Thanks for the constructive replies. I'm hoping to gain an understanding as to why the Bitcoin developers chose this behavior as a design/feature for the reference implementation of the wallet. They are intelligent individuals so there must be a reason beyond 'anonymity'.

Quote from: (Lithium) on May 19, 2015, 12:25:16 PM

If one wanna stalk you at least he will have some work to do.

If you only have 1 address for input and output anyone can see anything they want with no efford

An understandable and valid point.

However a stalker can use the power of a computer and scan the block chain much the way a block explorer currently does. Before the block explorer, it took some effort to trace a single address. With the block explorer, it's dead simple. Today it takes a little extra effort to trace multiple address back to the source. As Bitcoin matures, so will the tools and utilities that analyze the block chain, eventually making the trace-ability of multiple address dead simple to anyone.

The fact that the block chain is a public record accessible to the public nullifies any type of 'anonymity'. Once a person is matched with an address, no matter how many they have, a computer can analyze the ins and outs, and provided the desired data.

Bitcoin isn't built for anonymity even though it offers it but it has limits. Only way people can know two addresses are connected to each other is if a transactions used inputs from those two addresses but it still doesn't mean they are owned by *one* person.

Quote from: myfirst on May 19, 2015, 01:07:14 PM

Quote from: jbrnt on May 19, 2015, 12:04:16 PM

An address which has transactions going out has slightly less security than a brand new address.

I don't understand. In what context are you referring to 'security' here?

Quote from: Muhammed Zakir on May 19, 2015, 12:58:39 PM

P.S. Reusing address especially if you use a buggy client has a high risk of exposing private key of your address.

Interesting... I knew there was more to it.

jbrnt probably meant what I said by "security issues".

Reusing addresses especially if you use a buggy client exposes reused R values. Reused R values can be used to find your private key. For educational purpose only: https://bitcointalksearch.org/topic/m.10669517.

myfirst

full member

Activity: 156

Merit: 102

Crypto Currency Developer

Thanks for the constructive replies. I'm hoping to gain an understanding as to why the Bitcoin developers chose this behavior as a design/feature for the reference implementation of the wallet. They are intelligent individuals so there must be a reason beyond 'anonymity'.

Quote from: (Lithium) on May 19, 2015, 12:25:16 PM

If one wanna stalk you at least he will have some work to do.

If you only have 1 address for input and output anyone can see anything they want with no efford

An understandable and valid point.

However a stalker can use the power of a computer and scan the block chain much the way a block explorer currently does. Before the block explorer, it took some effort to trace a single address. With the block explorer, it's dead simple. Today it takes a little extra effort to trace multiple address back to the source. As Bitcoin matures, so will the tools and utilities that analyze the block chain, eventually making the trace-ability of multiple address dead simple to anyone.

The fact that the block chain is a public record accessible to the public nullifies any type of 'anonymity'. Once a person is matched with an address, no matter how many they have, a computer can analyze the ins and outs, and provided the desired data.

Quote from: jbrnt on May 19, 2015, 12:04:16 PM

An address which has transactions going out has slightly less security than a brand new address.

I don't understand. In what context are you referring to 'security' here?

Quote from: Muhammed Zakir on May 19, 2015, 12:58:39 PM

P.S. Reusing address especially if you use a buggy client has a high risk of exposing private key of your address.

Interesting... I knew there was more to it.

Muhammed Zakir

hero member

Activity: 560

Merit: 509

I prefer Zakir over Muhammed when mentioning me!

Quote from: Moonpig on May 19, 2015, 12:47:08 PM

Quote from: jbrnt on May 19, 2015, 12:04:16 PM

Sending change to a new address means you are never reusing an address. That improves anonymity and security. An address which has transactions going out has slightly less security than a brand new address.

Does it though? How does it improve anonymity when you can see where the change has gone and it just makes it more likely that you will spendlink from the addresses in the future.

Every time change is send to new address. Except persons who you told that they are your addresses, nobody has concrete proofs they are you addresses unless it is somehow linked in a transaction.

When reusing address i.e. always sending change back to the input address, people will know how much Bitcoin you have, where you get your Bitcoin etc...

After evaluating both cases, first is better than second i.e. sending change to new address is better than sending it back to the input address.

P.S. Reusing address especially if you use a buggy client has a high risk of exposing private key of your address.

Moonpig

member

Activity: 62

Merit: 10

Quote from: jbrnt on May 19, 2015, 12:04:16 PM

Sending change to a new address means you are never reusing an address. That improves anonymity and security. An address which has transactions going out has slightly less security than a brand new address.

Does it though? How does it improve anonymity when you can see where the change has gone and it just makes it more likely that you will spendlink from the addresses in the future.

(Lithium)

sr. member

Activity: 367

Merit: 250

If one wanna stalk you at least he will have some work to do.

If you only have 1 address for input and output anyone can see anything they want with no efford

jbrnt

hero member

Activity: 672

Merit: 500

Sending change to a new address means you are never reusing an address. That improves anonymity and security. An address which has transactions going out has slightly less security than a brand new address.

myfirst

full member

Activity: 156

Merit: 102

Crypto Currency Developer

I apologize if this has been asked or debated before. I am wondering what was the rational behind having the 'change' sent to a new address instead of the existing one? Besides a false sense of anonymity, what else does it offer.

I understand that with coin control this is an optional behavior, but why is it still the default?

To me it seems to create more problems than benefits, for example, now you have to keep a pool of private keys. Should your wallet be a busy one and get corrupted, you could loose some private keys between back-ups. Where as with a single address, the one backup is all you would ever need.

Topic: What is the purpose of sending change to a new address (Read 769 times)