Reusing addresses is bad, M’kay?

tl;dr Reusing bitcoin addresses has both security and privacy consequences and should be avoided, especially since services and tools that don’t reuse addresses are available and even easy to use.

 

locked-wallet-1First what do we mean by “address re-use”?

In general we mean sending, ever, more than one transaction to any specific bitcoin address.

Specifically what you want to do is to prevent having funds sent  to an address after any bitcoin has been spent that were addressed to that same address. Technically receiving two transaction on an address and then spending is OK but receiving, spending and receiving from an address in this order is not. The easiest thing to do is not reuse, especially since you can’t easily synchronize with parties which may pay you after you spend from an address.

Yet, a lot of people are reusing addresses over and over and over, mostly because they don’t know better and, most importantly, reusing addresses is the default option in the tool or service of their choice.

From a privacy standpoint it should be clear why this is really bad: people that have your address can see your past and future transactions and track you and also, by making yourself more identifiable you’re making it harder for everyone else to use Bitcoin privately.  Poor privacy is infectious.

One-Time1

If you ever pay someone that also uses a public address, like a gambling site, everyone that knows that you control that address will also be able to know you gamble, when you gamble and who you gamble with which may not be something you want people to find out or even phantom as a possibility, yet is trivial to do, as the bitcoin public ledger, the blockchain, is, duh, public.

From a security standpoint it’s not obvious why it is better to not reuse addresses but there are two/three components:

  1. Not reusing addresses can protect you from a weak random number generator or buggy ECDSA implementation (see what happened on Android with their RNG)
  2. Not reusing addresses protects you from quantum computing
  3. Not reusing addresses may prevent you to be exposed from undiscovered holes in ECDSA theory

 

A reasonable question/answer  about this topic is on bitcoin.stackexchange.

Historically reusing addresses has also been practiced for two main reasons:

  1. Simpler to reuse, both from user and developer implementation perspective (and most people don’t know yet about bitcoin, that this is even an issue or how to track you)
  2. Every time you ‘create’ a new address you must also create a new private key and with that comes responsibilities such as making backups of the new private keys each time a new one is created. This is no longer an issue if you use a deterministic wallet

How to solve the issue? People should be made aware of the problems associated more clearly and services and tools like Mycelium and Blockchain.info or even Bitgo, which are relatively famous tools/services that do at least some address reuse by default , should really avoid reusing addresses before more users are harmed.

hacking-bitcoin-with-goUsers that don’t want to wait for these service or tool providers to catch up and update can use services like GreenAddress which never reuses addresses, uses a deterministic approach and provides true per-transaction two factor authentication via multisig.

 

Feedback is welcome!

2 Comments

  1. I would love to see a blog post on how deterministic + stealth addresses can be used to “bridge the gap” between the conveniences of same-address use and the security and anonymity of deterministic wallets.

    I also would love to see stealth addresses (though the naming might be misleading) get widespread adoption.

    Like

  2. Pingback: On Reusing Bitcoin Addresses | When Bitcoin Met Pete

Comments are closed.