Why exactly reusing Bitcoin addresses strengthens Bitcoin user anonimity
Jurov manages to misrepresent the problem on Bitcoinpete's blog with the following comment :
Please ELI5 where is any substantial difference between:
Source1 -> utxo1@MyNeverReusedAddr1 -> Spent
Source2 -> utxo2@MyNeverReusedAddr2 ^and
Source1 -> utxo1@MyAddr – > Spent
Source2 -> utxo2@MyAddr ^You are spending 2 distinguishable unspent outputs in both cases.
The fact that these two situations are equivalent (which they are) is irrelevant. Consider the relevant situation :
May 1st, Source1 -> utxo1@MyNeverReusedAddr1 -> Dest1.
May 2nd, Source2 -> utxo2@MyNeverReusedAddr2 -> Dest2.
May 3nd, Source3 -> utxo3@MyNeverReusedAddr2 -> Dest3.
May 4nd, Source4 -> utxo4@MyNeverReusedAddr2 -> Dest4.
May 5nd, Source5 -> utxo5@MyNeverReusedAddr2 -> Dest5.
versus
May 1st, Source1 -> utxo1@MyAddr – > Dest1.
May 2nd, Source2 -> utxo2@MyAddr -> Dest2.
May 3nd, Source3 -> utxo3@MyAddr -> Dest3.
May 4nd, Source4 -> utxo4@MyAddr -> Dest4.
May 5nd, Source5 -> utxo5@MyAddr -> Dest5.
Through process 1 above, Source and Destination can be paired : 1 goes with 1. It is not possible for Source 1 to have been paid at Destination 3, or 5. It is not possible for Destination 4 to have been paid from Source 2i. Thus, always using unique BTC addresses guarantees to any third party that our service is transparent for purposes of tracking our users.
Through process 2 above, Source and Destination can not be paired, other than saying that Source1 or another user prior to May 1st was paid through Dest1 ; that Source2 or any other user prior to May 1st was paid through Dest2 and so on. At any point in time, the Sources which may be paired to a Destination are numerous, and as the address keeps being reused, their numbers continue to increase. Thus, always reusing the same BTC address guarantees to any third party that our service is opaque for the purposes of tracking our users. Fail that, sometimes reusing BTC addresses does not guarantee opacity, but does also not guarantee transparency.
It is worth nothing that stuff like m-of-n signatures serve a very similar anti-fungibility purpose, under the veneer of "extra security". If a Bitcoin service allows such a model, it implicitly loses the ability to mix the Bitcoin coming in from different sources, and it consequently becomes even more transparent for the third party spook than case 1 discussed above. On the other hand, the supposed added security is useless in most cases. There may still exist some edge situations where m-of-n signatures are perhaps useful, but this is dubious at best, and probably not your situation.
Summa : If you're a Bitcoin user and don't know why m-of-n would be useful for you, specifically, don't use it. It's not helping "in general", it's not some sort of Universal Security Bonus or anything similar. Moreover, Universal Security Bonus providing items do not exist.
If you're a Bitcoin service and can't get a good RNG then close down. Now. If you're a Bitcoin service with a good RNG, then reuse your addresses at least some of the time. You're doing everyone in Bitcoin, and your customers especially, a huge favour.
If you're interested in Bitcoin's future, don't :
- Use any service that never reuses any addresses ;
- Use anything that comes from Mike Hearn.ii
That'd be all, thanks for reading.
———- Obviously, the argument can be brought that even in this case, "tracking" is pure nonsense, as there's no such thing as Bitcoin taint in the first place, and for very good reasons. Services such as BitBet manage to preserve users anonimity quite perfectly even if employing very little address reusage.
Nevertheless, for the sort of idiots that are not capable to comprehend this point opoint on their own, and for the sort of despicable scumbags that comprehend it just fine, but like to pretend that playing the whore for outgoing lords is somehow going to prove a worthwhile activity, this argument stands. This category includes the courts. [↩]
- The guy's only job in Bitcoin is to try and break it. He works for the bad guys, forget about him, he's the enemy. [↩]
Wednesday, 7 May 2014
Thanks for clarification. I don't have strong opinion about this,only wanted to point out it isn't some
Wednesday, 7 May 2014
(sorry , it got accidentally)
..some mixing of balances as pete implied. And in case of global reused address like MPEx, it's easier to learn about other users, which may make transaction harder to deny.
Wednesday, 7 May 2014
You can in principle mix balances if you wish, through the periodic sweeping transaction. In many cases this will happen automatically as funds are moved into cold wallet, and so in that sense his argument still holds some water, even if he didn't actually present it that way. All you need is to reuse addresses, the rest happens "by itself".
Not sure what you mean by "harder to deny", but afaik Bitcoin offers a strong nonrepudiation guarantee as part and parcel of what makes it so great. There's no denyin' anything.
Wednesday, 7 May 2014
There was an article or tweet of yours where you expounded about bitcoin-taking whore or her clients to be able to deny anything happened at all but i can't find it...or just my misrepresentation again :/
Wednesday, 7 May 2014
You mean Whore strat or The discreet escort, or how Bitcoin makes prostitution unprosecutable ?
Anyway, yes, the principle of a service reusing addresses strengthens the anonimity of the users at the expense of fixing the service in place. Obviously if the discreet escort keeps always using the same address, it'll be the case that after the 5th failed bust on the same nominal address she may end up in trouble. But, here's the complex part : contrary to what our intuition shows us, it'd seem that, perversely, the discreet escort is actually the client in this relationship! At least Bitcoin seems to indicate so. Whoever is paying her would be the service.