Topic: Why/Is reusing BTC address (both for receiving and sending) harmful (Read 2554 times)

The disclosure is because you publicly donated to a know address and later send money to another well known address (at least known to the authority), and it of course make your address public and makes all your efforts in never reusing addresses void.

I believe if someone wants to do some problematic donation, he has to create a new wallet and use some mix service anyway.

Yes.

Someone can't trace your transactions on blockchain??

What you are missing here is that a wallet may contain many unspent txouts from receiving many payments from different sources before there is any need to purchase something with the wallet.

Lets say I sell alpaca socks out of a truck down by the river. I would be receiving many 0.10 BTC payments from different individuals to different addresses, suppose for a total of 20 .1 BTC payments in my wallet.

Now, I donate 0.95 BTC to a known-address donation site and say to everybody "hey, I just donated!". There will be a 0.05 change back to my wallet, that is now considered "tainted" - based on my declaration of donation, or the site owner saying "thanks for donating, deepceleron", it has become simple to figure out my donation AND determine which is the change back to me that is still in my wallet.

So I've got 1.00 BTC of sock-selling money that 10 sock buyers know the address of, and 0.05 that anybody interested can know about.

I then send the entire contents of my wallet to a man-boy snowden tibet love honey pot that is supposed to be anonymous, but is monitored or busted by a government. Even with this site using one-time addresses, the previous use of a reused address has compromised my identity and made my payment have little plausible deniability, due to my control of the change. The "change" could have been a multi-send to a third party, and the third party may have made the illicit payment, but LE will not care to investigate so much when they need doors to kick in.

Ok. That's interesting. Thanks for sharing.

Then I am more convinced that if a careful person always use address only once, no need to worry about the other part has a well known address. It's very difficult to link the address he uses this time with all other addresses he owns.

Still a new Wallet makes no sense, unless you abandon all BTC in the old Wallet.

And yes, 2 outputs combinated are likely to be from one person, but there is still no guarantee.

See: https://bitcointalksearch.org/topic/i-taint-rich-raw-txn-fun-and-disrupting-taint-analysis-51kbtc-linked-139581

Edit: Typo

If you are using clients other than MultiBit, (e.g. the Qt version and Amony), most likely the client is creating a new change address whenever you send out BTC.

Good point, but sometimes by looking at the amount you can know better than 50% chance.

Even if it is risky, I'm to lazy to make new addresses

How about the combining case?
If we see B -> E
             C ->

Then B, C are associated right?

If you don't reuse the address S. It will never have an unspent output after this transaction again. If you use every address only once. S will receive exactly 1 Transaction and never again a second one. Therefore there will never be more than one change address for ever address. And it's impossible to tell which address is the change address and which one is the reviving address.

Changing Wallets here makes absolutely 0 difference. That was the point.

How do you tell which of the two outputs was the change and which the payment?

With each transaction you have a 50% chance to follow the wrong path.

Unless what you send exactly equals to what you received before, otherwise there's a change and the change needs to be sent to a change address in the same transaction. So if you see a transaction S -> A and S -> S2, you know it's highly likely S and S2 belongs to the same wallet. As a result, your address S is associated with the change address S2, but not so closely because you can still claim (arguably weakly) that you are sending to two different people simultaneously and happens to used up all the unspent amount of S.

Then let's say you have change address A, and change Address B, they all have 0.5 BTC and you want to send to user U 1 BTC, then this time you will see A -> U 0.5 and B -> U 0.5. This makes a strong association between A and B and every one knows A and B belongs to the same wallet.

Therefore, it is easy to associate the addresses in the same wallet by analysing the block chain.

There is also a security reason why you should not send twice from the same address.

Once you create a transaction, the public key for the sending address is revealed (before there is only the hash). This gives an adversary more information for an attack.

A specific example where this was exploited is the Android RNG issue. Signing with the same private key multiple times allowed attackers to calculate the private key.

No, if you use each Address only once, it will be completely empty after you send BTC from that address the first time and will never be used for any transaction again. There would be no difference in creating a new Wallet.

The client takes care that Change addresses are only used once, the only thing you have to do is to use addresses for reviving transactions only once.

If you only revive at B one time, there never will be a B-2 Change.

So that means addresses in a wallet is very easy to be associated. Then not-reusing address is not enough, and we have to generate a new wallet for each transaction?

Even if people all generate new address for each transaction, since the addresses in one wallet is easy to be found associated, their addresses are still can be classified into one big 'address family'. So there may be no 'well known address', but 'well know address family'. Did I make any mistake here? If this is true, why the trouble?

Address 1 may have separate fund sources in the same wallet as Address 2.

If payments from B are to known reused addresses, the change is easily identifiable as still under the control of the wallet owner.

When B-1-Change is combined with B-2-Change in a third transaction, those payments are associated and the transaction also identifiable as made by the wallet owner.

But B never reuses address, so whatever interests others is not the same address used to transact with A. B use address 1 to donate to 'Free Tibet' or whatever, and B use address 2 to send to 'well known' A. Why do you know address 1 and address 2 both belong to B?

Whatever made {B} interesting to them in the first place. Perhaps he was involved in an unusually high value transaction.  Perhaps {B} paid to a "Free tibet" honeypot or well known (reused) donation address and the attacker is the chinese government and now they want to identify B to send him to a reeducation camp.

People never worry about a lot of things, including some things they really should and some things they'll later greatly regret not worrying about.

How do you know it's a change rather than another transaction to others? Why sending BTC to a donation address will disclose my identity and address? People all around the world send to well known address of 'just-dice' and never worry about their identity is disclosed.