Added paragraph about address re-use for BIP131 #353

pull priestc wants to merge 2 commits into bitcoin:master from priestc:master changing 1 files +20 −0
  1. priestc commented at 10:53 PM on March 14, 2016: contributor

    So many people are saying this BIP is bad because it encourages address re-use. I added a paragraph clarifying how address re-use is affected by this BIP.

  2. added paragraph about address reuse 314e87f9c0
  3. fixed typos and wording 46a91a8dc4
  4. in bip-0131.mediawiki:None in 46a91a8dc4 
      82 | +Address re-use comes in two forms: re-use by the ''sender'', and re-use by the ''receiver''.
  83 | +
  84 | +Re-use by the sender is basically using the same address for the change output. This is generally considered bad
  85 | +since people looking through your transaction history can determine who you do business with. When
  86 | +you generate a new address for every change, your privacy is conserved as it is impossible to know which
  87 | +output is a recipient, and which output is the change output. This BIP has '''no effect''' on re-use
    MarcoFalke commented at 10:55 PM on March 14, 2016:

    it is impossible to know which output is a recipient

    This is not true.

  5. in bip-0131.mediawiki:None in 46a91a8dc4 
      89 | +
  90 | +On the other hand, address re-use by the ''receiver'' occurs under completely different circumstances.
  91 | +When you publish an address and have multiple people send to that address, you are engaging in address re-use
  92 | +from the receiver. This activity has historically been considered bad because it leads to re-using a private key.
  93 | +When you re-use a private key too many times, you run the risk of an attacker performing statistical analysis
  94 | +on the multiple signatures, which can lead to an attacker finding out your private key.
    sipa commented at 11:09 PM on March 14, 2016:

    That's not the primary reason to discourage it, as it's only a theoretical concern. The most important argument against is the same as what you list above: it hurts your own privacy (as now people who send to your will learn something about your incoming funds from others), and by extension, hurts the privacy of everyone interacting with you by enabling more analysis of linkage.

    priestc commented at 11:30 PM on March 14, 2016:

    If somebody wants to give up some privacy for a massive decrease in transaction fees, then they should be able to do that. There are many many addresses that have multiple unspent outputs associated with them on the network today, proving that the decrease in privacy is acceptable to many people.

    Technically, when you are going through the checkout at Walmart, you can look in to the cash register and get as much information as you would if you looked through someone's bitcoin history through a blockexplorer. Neither Walmart nor any other retailer finds it necessary to keep a privacy guard over the cash register. As long as you rotate your address every so often, its going to take a lot of work to figure out someone's complete financial story by through a block explorer.

    By the way, if I re-use my address, that has no effect on anyone but myself. Other people are not affected at all.

    sipa commented at 11:51 PM on March 14, 2016:

    By the way, if I re-use my address, that has no effect on anyone but myself. Other people are not affected at all.

    I disagree with that statement. If you, and you alone, are reusing your address, it already simplifies linking other people's addresses together. Due to Bitcoin's lack of full anonymity, privacy provided by the system is a public good, that must be treasured by everyone equally to be preserved.

    If somebody wants to give up some privacy for a massive decrease in transaction fees, then they should be able to do that.

    As a result, I disagree with that as well. We should aim for a design that does not allow one person to get a monetary benefit from hurting the privacy of others in the system.

    priestc commented at 1:43 AM on March 15, 2016:

    You, and you alone, reusing your address simplifies linking other people's addresses together.

    If the senders of those transactions were using wallets that generate new addresses for each change output (which I refer to as "non re-use by the sender" in the PR), then their privacy is still preserved, no matter what. Yes, there is a link, but the link is meaningless. When doing analysis, you can't be sure that any output goes to the original owner, or to another recipient. The best you an do is determine a probability that one address is connected to another. If the sender does re-use addresses for the change output, then it is a 100% probability that the addresses are linked.

    As a result, I disagree with that as well. We should aim for a design that does not allow one person to get a monetary benefit from hurting the privacy of others in the system.

    Nobody's privacy is being hurt anywhere by enabling wildcard inputs.

  6. luke-jr referenced this in commit 5a942b04c0 on Mar 15, 2016
  7. luke-jr merged this on Mar 15, 2016
  8. luke-jr closed this on Mar 15, 2016
  9. luke-jr commented at 6:35 AM on March 15, 2016: member

    As others have elaborated on, this change is wrong, but GitHub isn't the place to discuss it.

Contributors
priestcMarcoFalkesipaluke-jr
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bips. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-04-14 15:10 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me