Does it hurt the network to reuse addresses?

7

2

There is already a question that ask why you shouldn't reuse addresses, but it's about whether or not it's a bad idea for the person who would do the reusing. I understand there are several reasons you'd want to avoid reusing (e.g., fear that ECDSA isn't secure, privacy and anonymity concerns, difficulty of tracking senders, etc.); as far as I can tell, it's still sometimes worth it on an individual level to reuse an address.

However, the Bitcoin Wiki says in multiple places (here and here) that reusing an address degrades the security of the whole network; I also think I've seen this claim elsewhere but can't track down the source anymore. I don't understand how this could degrade the security of the network, and if it does, what's to prevent an attacker from repeatedly doing this before an attack if it would help?

Daniel H

Posted 2014-02-19T09:34:43.430

Reputation: 644

Answers

2

Reusing an address is a security issue if you have a weak random number generator, as was an issue with the Android Bitcoin Wallet. I should note this was android's fault for using a bad generator and was fixed quickly by the app developer, though some people lost coins because they had signed multiple messages (i.e. transactions) with the same address and the number generator used the same random number for more than one transaction, for more info you can see this: http://gigaom.com/2013/08/12/why-bitcoin-users-using-android-wallet-apps-need-to-upgrade/

If you'd like to know more about why using the same random number in two messages is bad, you can read about ECDSA (ecliptic curve digital signature algorithm) here: https://en.bitcoin.it/wiki/Protocol_specification#Signatures

Also if you are concerned with the people you transfer bitcoins with knowing how much money you have and when you're sending money, and possibly to whom, you should consider keeping your addresses and transactions separate. This involves choosing which inputs you use to send transactions, using a system like armory allows you to do this.

Mark

Posted 2014-02-19T09:34:43.430

Reputation: 1 647

Do you have a source for "some people lost coins" because of the android rng bug?Jannes 2014-02-19T13:01:24.477

I agree with James that it would be nice to have a source on "some people lost coins". Even with that, though, it sounds like only the people who reused an address lost coins, not even other users of the same buggy pRNG.Daniel H 2014-03-11T05:20:06.923

You can look through this thread here, it talks a lot about the issue with the Android Bitcoin Wallet https://bitcointalk.org/index.php?topic=271486.0/ . About 55 bitcoins were stolen , and it is verifiable since they come from addresses that were compromised due to bad signatures.

kaykurokawa 2014-07-13T18:56:53.000

Asked: 2014-02-19T09:34:43.430

Viewed: 863 times

Active: 2017-06-02T15:37:15.767