Address reuse: Difference between revisions

From Bitcoin Wiki
Jump to navigation Jump to search
Luke-jr (talk | contribs)
Luke-jr (talk | contribs)
Notable offenders
Line 24: Line 24:
Users who see addresses reused may incorrectly be led to believe they function similarly to wallets or bank accounts.
Users who see addresses reused may incorrectly be led to believe they function similarly to wallets or bank accounts.
Often this is manifested in people talking about nonsense like "address balance", "wallet address", "from address", and similar misconceptions that don't actually exist in Bitcoin.
Often this is manifested in people talking about nonsense like "address balance", "wallet address", "from address", and similar misconceptions that don't actually exist in Bitcoin.
== Notable offenders ==
Some notable Bitcoin software and services encourage or require address reuse:
* Many bitcoin mining pools (especially [[Eligius]])
* Various wallets (usually BitcoinJ-based) reuse addresses for change.
* Electrum displays addresses in a way that encourages confusion and address reuse and misuse.

Revision as of 00:01, 21 July 2014

Address reuse is the practice of sending multiple transactions to the same address. This works by "accident", not by design. It is considered a bad practice, and not something that should be done.

Problems

Privacy

Address reuse harms the privacy of not only yourself, but also others - including many not related to the transaction. In some cases, these risks are serious enough that they are likely in violation of reasonable consumer protection laws.

Security

Bitcoin does not, at a low level, have any concept of addresses, only individual coins. Address reuse, at this layer, requires producing multiple digital signatures when you spend bitcoins. Multiple situations have been found where more than one digital signature can be used to calculate the private key needed to spend bitcoins. Even if you spend all the bitcoins claimed by this private key at once, it is still possible to double-spend them in theft before they confirm. While the situations for finding the private key from signatures have been fixed, it is not prudent to assume there aren't more such situations yet unknown.

Accidental loss

In Bitcoin abstraction, an address is an invoice for a specific payment. Once that payment is made, the receiving party has no reason to retain the data for the address (technical details simplified) and may discard it. Even if someone does not choose to discard that data, it may have since been lost in an accident or compromised. In any of these situations, any future payments to the same address would go in to a "black hole", and be forever lost through no fault of the recipient.

Confusion

Users who see addresses reused may incorrectly be led to believe they function similarly to wallets or bank accounts. Often this is manifested in people talking about nonsense like "address balance", "wallet address", "from address", and similar misconceptions that don't actually exist in Bitcoin.

Notable offenders

Some notable Bitcoin software and services encourage or require address reuse:

  • Many bitcoin mining pools (especially Eligius)
  • Various wallets (usually BitcoinJ-based) reuse addresses for change.
  • Electrum displays addresses in a way that encourages confusion and address reuse and misuse.