Post
Topic
Board Bitcoin Technical Support
Merits 24 from 7 users
Re: Address reuse (Bitcoin Core)
by
ranochigo
on 04/08/2024, 03:43:22 UTC
⭐ Merited by LoyceV (12) ,BlackHatCoiner (4) ,ABCbits (2) ,Pmalek (2) ,pooya87 (2) ,vapourminer (1) ,DdmrDdmr (1)
Is it safe to use an address twice (privacy excluded)?
Yes.
I have read that if the random nonce k used for the ECDSA signature is not chosen at random then someone can calculate the private key.

Is this really a problem in practice?

I make a test transaction for new addresses to make sure that they work correctly.

I use Bitcoin Core 27.1.
That is true. If your nonce is known, then you can calculate the private key from your signature. However, Bitcoin Core is open source and a simple bug like this would probably be caught on early and should never make it into a stable release.

The problem concerning address reuse, which is often blown out of proportion is the possibility of repeated nonce in the signature. When nonce are being repeated, you can calculate the private key from two different signature. This is only in the case where nonce are non-random and being reused across multiple transactions. This is a problem with poorly implemented CSPRNG with certain poorly designed wallets in the past. However, Bitcoin Core uses RFC 6979 to ensure every signature is distinct and deterministic. As such, the chances of repeated nonce is zero.