0
1
I know about the privacy and security implications of address reuse. But I was thinking about a scenario where I have one address for every person I receive transactions from. This would still have the security problems, but not the privacy problems? Did I overlook something here?
1
but not the privacy problems? Did I overlook something here?
Yes, unfortunately. When you later spend you often need to use coins originating from multiple transactions that previously paid you and these co-spends will link together your transactions.
For example. Say Alice pays you 1 bitcoin to address A and then Bob pays you 1 bitcoin to addess B. You then spend 2 bitcoin and use those to coins, indicating to the world that the same party probably controls A and B. Later Bob pays you 1 bitcoin again and Charlie pays you 1 bitcoin to address C. You make another 2 BTC payment using the coins from Bob's second payment and Charlie's payment, now the world has reason to believe A, B, and C are all controlled by the same party. Without the reuse people would know less.
This privacy loss doesn't just hurt you, but also A, B, and C and potentially the people they interact with so even if privacy isn't very important to you today it's still better to not gratuitously lose privacy.
Bitcoin Core has some logic to try to spend all payments to the same address at once (though in 0.17 it isn't enabled by default) but even that won't help you if the payments/spending are spread out over time. If you are forced to reuse addresses it's preferable to delay spending payments to a particular address until its unlikely to get any more and to then spend them all at once.
Using one address per paying party is the bare minimum needed to even know who paid you but doesn't provide particularly great privacy.
0
maybe need to (re-)define security a bit more. A security issue would imply a harm to you, your computer or maybe to your money (aka lost Satoshis). You are correct, you publish the public key of your address in a signed transaction. This is done by all users, which do transactions, and as such "works as designed". No security harm is involved with such a disclosure of your address (senior bitcoin experts to proof me wrong). Why? But your privacy may get lost. Again, you are right, re-using address is bad for privacy. Hence HD wallets and (BIP32/43/44). Loosing privacy can become a security issue in the next step for more or less reasons: 1. someone tries to hide the bitcoin wealth or hasn't declared the funds in front of the tax authorities, and now "fears" sanctions, once his activities get discovered. In this case, sanctions are rightful. And yes, they then cause a security issue to you (computers confiscated, eventually risk to go to prison). 2. someone's (tax declared, rightful) wealth is disclosed, which attracts criminals, which could prepare measures to rob you in one way or another. This is usually considered to be a security issue as well.
Summary: keep privacy at max, do not re-use addresses. The bitcoin technology allows for protection of assets and a minimal set of privacy. Higher privacy, and as such more "possible security" comes with next technology levels like tumblebit or mimble wimble. Just my thoughts.
The problem with publishing the public key belonging to an address is that you break one layer of security. If there is a problem with ECDSA and an attacker can calculate your private key from your public key, they can spend all funds if only knowing the public key. An address is a hash of the public key. To get the private key from an address you need to break more layers. – Martin – 2017-04-29T09:38:56.987
If I have a pseudonym with everyone of my transaction partners they can only see my "wealth" with them, so only the transaction sent between them and not my overall wealth. – Martin – 2017-04-29T09:41:58.143
so you would have 1 address per user, that sends you Satoshis. This is address re-usage, and has the same PRIVACY implications, as if you'd have only one address for all users. Just at a different scale. Not sure, what the security issue is, what you mean by that. To avoid this, you may want to look into BIP32/44 wallets (HD wallets), that can assign everytime changing adresses, without you to worry too much... I put the answer here:
https://bitcoin.stackexchange.com/questions/46718/bitcoin-system-with-payins-and-payouts-using-bip32/52900#52900
The security problem is that when you create a transaction you have to publish the public key belonging to your address.
But you transact with everybody over another pseudonymity. I am sure the privacy is improved because not everyone of your transaction partners can see your balance. (for example) But I am not sure what exactly I am overlooking. – Martin – 2017-04-27T20:38:24.593