Author

Topic: Which do you prefer, a constant bitcoin address or anonymity? (Read 610 times)

global moderator
Activity: 3794
Merit: 2612
In a world of peaches, don't ask for apple sauce
I guess anonymity but I get fed up with constantly changing addresses.
legendary
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
So, since we do generally agree that ECDSA is safe (see also: http://bitcoin.stackexchange.com/questions/2847/how-long-would-it-take-a-large-computer-to-crack-a-private-key), does this really matter?  Isn't this kind of like putting on sunblock when indoors at night?

I think for small amounts of BTC that are in a wallet it's probably verging on paranoid to be worrying about ECDSA being cracked and losing your coins - but for long term "cold storage" (which you might wish to include in your estate to be passed on) then an address that's never been used before would be the better approach.
vip
Activity: 1316
Merit: 1043
👻
Not a crypto expert, but here's what I found googling:

Quote
You have a good discussion in:

https://bitcointalksearch.org/topic/quantum-computers-and-bitcoin-133425

Basically, ECDSA is compromised, hashing isn't. With a quantum computer, you could easily deduce the private key corresponding to a public key. If you only have an address, which is a hashed public key, the private key is safe. Anyway, to spend a transaction, you need to send the public key. At that point you are vulnerable, but the attack is not straightforward.
legendary
Activity: 3248
Merit: 1070
newbie
Activity: 36
Merit: 0
I don't think I'm understanding your point.   The public key is safe for to be used in as many transactions as you want - it's designed for that and does not diminish the security of your key.

In the event of ECDSA being *cracked* (perhaps something that could occur in the future via Quantum Computing) then it could be feasible to determine the private key for any published public key.

As a bitcoin address itself is a hash of the public key (rather than the public key itself) your bitcoins are safe from such an attack *provided* that you do not reuse an address that you have published the public key for (which you will have if you've used a previous UTXO from that address).

So although it may be unlikely that the ECDSA used by Bitcoin will be *cracked* any time soon it is an extra level of safety for you *not* to reuse addresses.

Thanks for the added detail, this makes sense.  To replay it:
   - the address isn't really a key - its a hash of a key.  So it is meaningless for attacking by itself.
   - you can receiving coins at an address without exposing your public key
   - you can't send coins from an address without exposing your public key
   - so once you've sent coins, your public key could be cracked
   - but we all generally agree that cracking ECDSA is extremely unlikely and certainly decades away
True?

So, since we do generally agree that ECDSA is safe (see also: http://bitcoin.stackexchange.com/questions/2847/how-long-would-it-take-a-large-computer-to-crack-a-private-key), does this really matter?  Isn't this kind of like putting on sunblock when indoors at night?

Thanks,
Mike
legendary
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
I don't think I'm understanding your point.   The public key is safe for to be used in as many transactions as you want - it's designed for that and does not diminish the security of your key.

In the event of ECDSA being *cracked* (perhaps something that could occur in the future via Quantum Computing) then it could be feasible to determine the private key for any published public key.

As a bitcoin address itself is a hash of the public key (rather than the public key itself) your bitcoins are safe from such an attack *provided* that you do not reuse an address that you have published the public key for (which you will have if you've used a previous UTXO from that address).

So although it may be unlikely that the ECDSA used by Bitcoin will be *cracked* any time soon it is an extra level of safety for you *not* to reuse addresses.
newbie
Activity: 36
Merit: 0
This is not just about anonymity, every time you spend coins from an address the public key for the address is revealed. This is 1 less (out of 3) different encryption/hashing algorithms used.

I don't think I'm understanding your point.   The public key is safe for to be used in as many transactions as you want - it's designed for that and does not diminish the security of your key.

Mike
vip
Activity: 1316
Merit: 1043
👻
This is not just about anonymity, every time you spend coins from an address the public key for the address is revealed. This is 1 less (out of 3) different encryption/hashing algorithms used.

This is also one of the reasons why Qt has different change addresses.
newbie
Activity: 36
Merit: 0
I'm curious about how people feel about bitcoin anonymity and changing addresses.

Best practices recommend that when spending money, that you move the remainders to an alternate account.  The side effect of this is that the address holding your bitcoin is constantly changing (and its a little complex to wrap your head around, because it is different from your bank).  The advantage of it is that it is harder to trace.  If you keep using the same bitcoin address, other parties can quickly figure out who you are.

Here is some discussion:
   http://bitcoin.stackexchange.com/questions/1629/why-does-bitcoin-send-the-change-to-a-different-address

Some wallets seem to return change to the sending address, like this one:
   https://blockchain.info/tx/4560433712e9586d8b0db35c7baf992998f5cc63c92c317b8758a363672f913e

Other wallets seem to return change to new addresses, like this one:
   https://blockchain.info/tx/dddbabfe02c77d6d7c8e6f06e8cb78bf5f9d172d82e8671450ec513623238212


Poll:  which do you prefer for small amounts of money (< 10BTC):
    a)  Anonymity
    b)  Constant bitcoin address

Mike

   
Jump to: