Author

Topic: What ownership proof does Bitcoin client send to network when spending coins? (Read 1035 times)

legendary
Activity: 1512
Merit: 1036
There has been something that doesn't make sense to me....

See the content at http://we.lovebitco.in/how-bitcoin-works/ which answers your questions with as economical a use of words as possible.

I developed that to go up at http://bitcoin.org/en/how-it-works, before the site was launched.


From the apparently one person put in editorial control:
Nice work. Though I think we can't make this the default starting point. This is a known rule when creating website : if we fail to explain things to the user within a few seconds, then we just lose these visitors. Period. (etc)

I counter: pick a random 10th year class of students, tell them there's a new Internet money, and split the class, so half gets to read one version, and the rest read the other. Collectively ask if the money seems trust-able or reliable, and if they think they understand it. Observe the results.

Or: see how many forum noobs (and journalists) could have had their questions answered on the first Internet destination for Bitcoin.
legendary
Activity: 3514
Merit: 4895
    One or more public keys are made public at the point of "spending" funds - this is still no real risk as the private key is never seen (except by yourself) although if any weakness is found with ECDSA (or some future quantum computer is built to discover private keys from public ones) then potentially any remaining funds at that address could be at risk.
    It is for this reason that you are advised never to re-use an address.
    So if I have 20 Bitcoins at my address and spend 5 of them, I should immediately or ASAP send the remaining 15 to a different address in my wallet?

    That depends on how concerned you are that cryptographic functions that have been secure for nearly 30 years and are widely recognized as reliable and trustworthy might suddenly be broken to the extent that someone can quickly calculate a private key if they know the public key.

    At the moment, there is no known way to determine a private key if given a public key.  As such, your bitcoins are safe at the address they were originally received at, and will continue to be so unless sometime in the future weaknesses are discovered in the ECDSA algorithm.

    It is however considered a "best practice" to never re-use a bitcoin address.  It is recommended that you generate a brand new address for every transaction.  In this way, you will never have any bitcoins stored at an address that has had it's public key revealed.

    The way bitcoin works, a transaction has to either not spend or completely spend any previous transaction received.

    So, if you receive two separate transactions at one address, one for 3 BTC and the other for 7 BTC, and you then create a transaction to send 1 BTC somewhere, the transaction will either:

    • spend all 10 BTC in a transaction, sending 1 BTC to the intended address, and sending 9 BTC back to an address in your wallet as "change"
    • spend the 3 BTC in a transaction, sending 1 BTC to the intended address, sending 2 BTC back to an address in your wallet as "change", and leaving the 7 BTC alone at the address where it was initially received
    • spend the 7 BTC in a transaction, sending 1 BTC to the intended address, sending 6 BTC back to an address in your wallet as "change", and leaving the 3 BTC alone at the address where it was initially received

    Note that in two of those scenarios there is value still associated with the address where the bitcoins were initially received, and the public key will be known since it was used to spend the other transaction that was sent to the same address.

    On the other hand, if you receive those two separate transactions at two different addresses, then the unspent transaction will be at a different address than the one being spent.  Therefore, the public key associated with that unspent transaction won't have been made public.

    You'll have to decide for yourself if the small amount of added security is worth the hassle of using a new address for every transaction.[/list]
    legendary
    Activity: 3416
    Merit: 1912
    The Concierge of Crypto
    The reference client, bitcoin-qt, automatically sends your remaining balance to a new address, called a change address. Fortunately, or unfortunately, this new change address is hidden from the normal user.

    Other clients behave differently, such as mobile phone clients send change to the same address.

    To answer the OP's question, your client signs the transaction. It then sends this signature to the network. The network verifies this signature against the transaction. If valid, good. If not, reject. This is the essence of public key cryptography. The transaction is the message.

    http://en.wikipedia.org/wiki/Public-key_cryptography
    newbie
    Activity: 40
    Merit: 0
    One or more public keys are made public at the point of "spending" funds - this is still no real risk as the private key is never seen (except by yourself) although if any weakness is found with ECDSA (or some future quantum computer is built to discover private keys from public ones) then potentially any remaining funds at that address could be at risk.
    It is for this reason that you are advised never to re-use an address.
    So if I have 20 Bitcoins at my address and spend 5 of them, I should immediately or ASAP send the remaining 15 to a different address in my wallet?
    legendary
    Activity: 1890
    Merit: 1086
    Ian Knowles - CIYAM Lead Developer
    But isn't that public now, and can't that be reused by someone else as proof they can spend my account's remaining bitcoins?

    One or more public keys are made public at the point of "spending" funds - this is still no real risk as the private key is never seen (except by yourself) although if any weakness is found with ECDSA (or some future quantum computer is built to discover private keys from public ones) then potentially any remaining funds at that address could be at risk.

    It is for this reason that you are advised never to re-use an address.
    legendary
    Activity: 1652
    Merit: 2311
    Chief Scientist
    So I'm guessing a 3rd option happens, it sends my BitcoinAddress, plus some other derived number that lets the network know that my client has my private key, but it doesn't actually send my private key.    Is that right?

    Yes.

    If you want to get geeky about it, it sends an ECDSA signature derived from the private key and the transaction data, and the full public key that corresponds to your bitcoin address (the address is a shorter version of it).
    newbie
    Activity: 40
    Merit: 0
    There has been something that doesn't make sense to me.   What does my bitcoin client send to the network to let the network know that I am legitimately spending my coins?

    Does it just send my bitcoin address?  I doubt that, because I could create my own client that just takes someone else's bitcoin address and send that and spend their bit coins.  

    Does it send my private key?  That would at least prove to the network that I am properly entitled to spend the bit coins, but then would let anyone else spend the remaining bitcoins for that address because now my private key is public knowledge.

    So I'm guessing a 3rd option happens, it sends my BitcoinAddress, plus some other derived number that lets the network know that my client has my private key, but it doesn't actually send my private key.    Is that right?  But isn't that public now, and can't that be reused by someone else as proof they can spend my account's remaining bitcoins?  So this number must morph somehow for each transaction and can't be re-used, but based on what?  Position in the blockchain?  Time of day, account balance?
    Jump to: