2
I've read that it's never safe to use the same bitcoin address more than once because there is a small chance that someone could solve for your private keys (though I don't have a solid-enough background in encryption to understand all of the implications of this concept). In any case, even if you did generate a different address for every incoming transaction, what would stop an attacker from simply sending many transactions to the first address they see in an attempt to crack your private key?
I think that what you read is wrong, or you have misunderstood it. Can you give a link / reference to where you read this? – Nate Eldredge – 2015-11-22T15:51:15.937
@NateEldredge https://en.bitcoin.it/wiki/Address_reuse#Security
– JSideris – 2015-11-22T16:04:48.4471
I believe you are thinking of the leaking of a private key when building a transaction with reused r-values. There is no chance someone can solve your private key from an attacker sending you coins. https://bitcointalk.org/index.php?topic=977070.msg10669517#msg10669517
– m1xolyd1an – 2015-11-22T16:20:03.443@m1xolyd1an Yes this is the issue to which I was referring. That was a pretty good explanation on how the vulnerability works - I get how the calculation is done. Am I to understand that using the same address to receive bitcoins more than once is, per se, not insecure, but that this vulnerability has to do with the way transactions are signed? – JSideris – 2015-11-22T17:06:08.570
Yes the reused r-value vulnerability is from creating many transactions from the same address AND a wallet service fault of re-using r values. @Bizorke – m1xolyd1an – 2015-11-22T17:21:09.023
1@Bizorke: I think it's also important to emphasize that the signature vulnerability is not inherent to ECDSA, as far as I know; it requires a flawed implementation. The "reused r values" only works if you are using a broken random number generator, and the side channel attack requires that the attacker have access to your computer (possibly a different account). I'm not aware of any inherent risks of creating many transactions from a single address. – Nate Eldredge – 2015-11-22T19:08:21.263
1Modern software uses RFC6979 which doesn't use any supplied entropy for the ECDSA nonce anyway. If the RNG is so broken it's making duplicates there's going to be other problems though. – Anonymous – 2015-11-23T01:26:38.220