tl;dr Reusing bitcoin addresses has both security and privacy consequences and should be avoided, especially since services and tools that don’t reuse addresses are available and even easy to use.
First what do we mean by “address re-use”?
In general we mean sending, ever, more than one transaction to any specific bitcoin address.
Specifically what you want to do is to prevent having funds sent to an address after any bitcoin has been spent that were addressed to that same address. Technically receiving two transaction on an address and then spending is OK but receiving, spending and receiving from an address in this order is not. The easiest thing to do is not reuse, especially since you can’t easily synchronize with parties which may pay you after you spend from an address.
Yet, a lot of people are reusing addresses over and over and over, mostly because they don’t know better and, most importantly, reusing addresses is the default option in the tool or service of their choice.
From a privacy standpoint it should be clear why this is really bad: people that have your address can see your past and future transactions and track you and also, by making yourself more identifiable you’re making it harder for everyone else to use Bitcoin privately. Poor privacy is infectious.
If you ever pay someone that also uses a public address, like a gambling site, everyone that knows that you control that address will also be able to know you gamble, when you gamble and who you gamble with which may not be something you want people to find out or even phantom as a possibility, yet is trivial to do, as the bitcoin public ledger, the blockchain, is, duh, public.
From a security standpoint it’s not obvious why it is better to not reuse addresses but there are two/three components:
- Not reusing addresses can protect you from a weak random number generator or buggy ECDSA implementation (see what happened on Android with their RNG)
- Not reusing addresses protects you from quantum computing
- Not reusing addresses may prevent you to be exposed from undiscovered holes in ECDSA theory
A reasonable question/answer about this topic is on bitcoin.stackexchange.
Historically reusing addresses has also been practiced for two main reasons:
- Simpler to reuse, both from user and developer implementation perspective (and most people don’t know yet about bitcoin, that this is even an issue or how to track you)
- Every time you ‘create’ a new address you must also create a new private key and with that comes responsibilities such as making backups of the new private keys each time a new one is created. This is no longer an issue if you use a deterministic wallet
How to solve the issue? People should be made aware of the problems associated more clearly and services and tools like Mycelium and Blockchain.info or even Bitgo, which are relatively famous tools/services that do at least some address reuse by default , should really avoid reusing addresses before more users are harmed.
Users that don’t want to wait for these service or tool providers to catch up and update can use services like GreenAddress, which never reuses addresses, uses a deterministic approach and provides true per-transaction two factor authentication via multisig.
Feedback is welcome!