20
7
Besides the obvious privacy implications, and (according to a bitcointalk.org forum post) the fact that once an address is used your coins that rest on it safety depend entirely on the ECDSA safety (as opposed to your coins being secure if at least two of ECDSA, SHA256 and RIPEMD are secure for any address that were never used to send BTC) - are there any other reasons why it is a bad idea to reuse the same address (for sending as well as receiving BTCs) frequently?
10
There are both security and privacy related issues that arise from address reuse. Based upon your question you are less concerned with the privacy implications and more concerned with the security implications in this question. I will discuss security first before briefly mentioning why the privacy implications are greater than the security implications.
Address Security
Bitcoin addresses are derived randomly by generating a private and public key pair. When an address is generated both the private and public keys are secret to everyone except the owner of the wallet. At this point your address has 100% security assuming the device that it is stored on is not compromised already. When you provide someone with your bitcoin address to send you funds they do not learn anything about the public or private keys even though the address is derived from the public key. So far so good, right?
The first issue/security risk I will discuss is a specific implementation issue in a mobile wallet library. It is worth knowing how a bitcoin transaction is structured to understand this issue but without getting too technical you may want to read this article about what happened when the same K value is used in multiple signatures. When this issue arose it was trivial to derive the private key protecting the funds in question and attackers we able to steal a reported 55+ bitcoins. As part of a bitcoin transaction the public key associated with the address is revealed to the network. This allows the blockchain to validate that indeed that public key is associated with the address sending funds. It also validates that the signature provided could only be generated by the private key associated with the public key which was now revealed. If the user that were attacked did not reuse addresses and sent all of the funds stored out of this address to a new address after spending some of the funds, the new address would be 100% secret again. This issue has been fixed and should only represent a concern if you are using a wallet that has not had a proper cryptographic audit.
The next class of security issues I will touch upon is side channel attacks. These kind of attacks can become technical in discussion very fast so I will not go into details but essentially specific hardware platforms can be made to leak information about their current state thus allowing an attacker to determine random values the CPU will generate in the future. This again allows the k value (also known as the ephemeral key) to be leaked and private keys can be recreated. One such side channel attack know to target ECDSA is the FLUSH and RELOAD attack.
Although side channel attacks are unlikely to be performed on someone randomly without targeting it would be much easier to attack someone that is not using privacy preserving techniques. Which leads me to briefly touch on the privacy aspects of address reuse.
Privacy Concerns
The first thing to consider when deciding whether or not to reuse your bitcoin address is that privacy not only impacts yourself when using bitcoin it also impacts everyone else that you transact with. Using blockchain analysis it is trivial to determine which companies you may be doing business with, how much money you could be holding, as well as your complete ledger history of everyone that your address has transacted with.
There has been tracking attempts that also work to associate addresses with each other and "collapse identities" based upon transactions that are public for everyone to see on the blockchain. Addresses that are downstream from your known address could be used to make illegal or purchases that could catch the interest of law enforcement and this could lead them to your doorstep because of association with particular transactions.
Read more about why you should not reuse addresses including 2 real world examples of unscrupulous activity that could occur if someone knew how much money you had stored or earned over a regular schedule (such as payroll).
6
Why address reuse is discouraged:
[1] More info: https://en.bitcoin.it/wiki/Address_reuse
4
It is absolutely safe at the moment since ECDSA is considered safe. People rather don't like to reuse to preserve anonymity or make coins harder to steal.
This is because addresses in Bitcoin are not published directly in terms of the public key, but a hash of it. This way nobody can link the hash to the corresponding public key as long as the contained coins are not spend in an transaction. Then the holder of the coins needs to prove ownership by revealing the public key in order to enable others to validate the signature.
3Why? Could you please elaborate more this answer? Thank you. – Felipe – 2014-01-26T23:54:36.213
2Yes, I'd appreciate if you'd elaborate on that. – Luca Matteis – 2014-02-19T10:34:52.883
3I downvoted because the answer does not explain position in enough detail. – Jonathan Cross – 2016-01-15T14:23:42.167
1Could you please elaborate what security issue rises from address reuse? I’m unaware of that being a security issue. – Murch – 2016-01-15T15:07:29.213
@Murch I have updated the answer with much more detailed info. – Jonathan Cross – 2016-01-29T14:49:16.447
Mark's answer covers this in detail. It is not safe to use the same bitcoin address. – JohnHanks – 2016-01-15T22:29:46.877