Author

Topic: Why isn't Satoshi's one-time address-key pair proposal implemented? (Read 243 times)

legendary
Activity: 1624
Merit: 2481
In electrum wallet the default is to use 1 receiving address. Although multiple addresses are generated when I initially create a wallet, they are never used (not even for change) unless I specifically transfer funds to them. I don't know why.  

Is electrum a bad implementation?


Where do you get your address from (in electrum) ?
The receive-tab should always give you a new address (if the prior one has alread received funds).

May it be possible that you are always using the top address from the address-tab?


Electrum is a TOP 2 wallet (together with core), imo.
staff
Activity: 3458
Merit: 6793
Just writing some code
In electrum wallet the default is to use 1 receiving address. Although multiple addresses are generated when I initially create a wallet, they are never used (not even for change) unless I specifically transfer funds to them. I don't know why.  
I have never seen this behavior before when I use Electrum. It always gives a new address when I click on "Receive".

Is electrum a bad implementation?
No.
legendary
Activity: 2758
Merit: 6830
In electrum wallet the default is to use 1 receiving address. Although multiple addresses are generated when I initially create a wallet, they are never used (not even for change) unless I specifically transfer funds to them. I don't know why.  

Is electrum a bad implementation?
At least in my case, every time I receive a transaction, Electrum changes the address in the "Receive" tab to a new one. I just checked my list of addreses and I already used 9 different addresses since I created my wallet.
jr. member
Activity: 89
Merit: 5
Why isn't this implemented in Bitcoin Core wallet
It is, and many wallets do use a new keypair for every single transaction. New keys and their addresses are generated every time you get an address to receive Bitcoin. New keys and addresses are generate for every time a change output is needed.

In fact, the only wallets that don't are poorly written wallets that people should not use. Every major wallet software available uses new addresses for change and for receiving.

In electrum wallet the default is to use 1 receiving address. Although multiple addresses are generated when I initially create a wallet, they are never used (not even for change) unless I specifically transfer funds to them. I don't know why.  

Is electrum a bad implementation?
staff
Activity: 3458
Merit: 6793
Just writing some code
Why isn't this implemented in Bitcoin Core wallet
It is, and many wallets do use a new keypair for every single transaction. New keys and their addresses are generated every time you get an address to receive Bitcoin. New keys and addresses are generate for every time a change output is needed.

In fact, the only wallets that don't are poorly written wallets that people should not use. Every major wallet software available uses new addresses for change and for receiving.

or enforced as a verification rule?
It can't without being a hard fork because keys have been reused in the past already. Furthermore it reduces the usability of addresses because you can't just post a donation address and receive at it multiple times. It also reduces the usability of paper wallets. This cannot be a consensus rule without disrupting a lot of things.
jr. member
Activity: 89
Merit: 5
In the Bitcoin whitepaper, Satoshi Nakamoto proposed using a one-time address-key pair for each transaction to enhance anonymity.

Quote
As an additional firewall, a new key pair should be used for each transaction to keep them from being linked to a common owner. Some linking is still unavoidable with multi-input transactions, which necessarily reveal that their inputs were owned by the same owner. The risk is that if the owner of a key is revealed, linking could reveal other transactions that belonged to the same owner.

Why isn't this implemented in Bitcoin Core wallet or enforced as a verification rule? The implementation can significantly enhance privacy, although not as anonymous as Monero but definitely will make chain analysis much harder and costly. And it won't compromise security.
Jump to: