IOTA has announced an upcoming proposal for reusable wallet addresses. This would allow users to maintain a single address without privacy or security repercussions. Hans Moog laid out the proposal on the official blog:
“The future we [at IOTA] envision requires us to think ahead and often take the ‘difficult route.’ But we … share the same concerns and needs as others. It would be nice to have the option of at least one reusable address (like a traditional bank account) that can safely be used.”
Such a feature would solve a long-standing problem that affects many blockchains.
Reusing a cryptocurrency address poses a privacy risk on most blockchains. Since blockchain ledgers are public, anyone can view any transaction that has taken place. If you use an address more than once, people can connect the dots between transactions. This could expose the identities of you and your transaction partners.
If your address has a rich transaction history and your partners have publicly known addresses, it is possible for other people to discover your identity. Chainalysis, for example, is a company that has devoted itself to tracking Bitcoin transactions and discovering identities.
IOTA’s blockchain is significantly different from that of Bitcoin, but one principle is the same: the transaction ledger is public and can be analyzed. This is true of most cryptocurrencies apart from a few privacy coins that keep transaction data hidden. As such, address reuse is a nearly universal privacy issue in the crypto world.
It must be noted that IOTA has an additional problem: whenever you make an IOTA transaction, part of your private key becomes public. Each time you use an address, more and more of your private key is revealed, which could potentially allow attackers to brute-force your address and access your funds. This means that wallet reuse is not just a privacy issue on IOTA — it is an outright security issue.
Suggested Reading : Learn more about how to buy IOTA here.
Generally, cryptocurrency users are encouraged to create a different address for each transaction. In one respect, this is simple: addresses can be freely generated. The IOTA wallet actually creates new addresses automatically for users. However, this is not especially convenient, as people often need to make regular payments to (or receive payments at) a fixed address.
Apart from privacy and security concerns, there is nothing that actually prevents users from utilizing the same address over and over. Since many people are not overly concerned with privacy, some crypto users reuse addresses for convenience. Fortunately, IOTA may soon provide a safer way of reusing addresses:
“We are currently investigating a possible solution to these problems on the protocol level, which requires only minor adjustments to the IOTA protocol. This may allow us to reuse special addresses an unlimited amount of times without reducing security, or even breaking quantum-resistance.”
As noted above, IOTA addresses reveal part of their public key each time a transaction is made. Since funds should not be sent from an address multiple times, the entire balance of an IOTA address should be emptied all at once. As a result, unspent IOTA funds are sent to a “remainder” address after each transaction.
This may sound inconvenient, but IOTA’s wallet software does everything automatically—sending money from your IOTA wallet is a fairly straightforward process. This system cannot, however, ensure you receive funds at your most recent address: people can still send money to your “used” and therefore unsafe address.
IOTA’s proposal would generate a new public key every time an address is used. For most cryptocurrencies (including IOTA, at the moment) the public key is the address itself. But IOTA could separate the two concepts: reusable addresses would have an ever-changing public key.
In other words, users could rely on a single fixed and reusable address while the public key takes on the hard work of keeping up-to-date.
IOTA’s proposal illustrates this with a simple metaphor. IOTA addresses can be thought of as a house with a diamond door: “extremely secure” but “also transparent.” Hackers can’t break through the hard diamond, but they could in theory cut a key based on what they see through the door.
Right now, IOTA users pack up and move to a new house every time they open the door. Under the new “reusable address” system, users would simply change the lock. (Or, rather, IOTA would do it for you.)
Reusable addresses would offer several practical and user-friendly advantages. Because they are persistent, reusable addresses can be stored in address books, written on paper, or linked to email-like aliases. They could basically be shared in ways that do not facilitate frequent updates.
There are, however, disadvantages, especially where privacy is concerned. Even if reusable addresses are secure against theft, they would allow users to keep all of their funds in one place. This could allow observers to identify users, à la Chainalysis. To prevent this, IOTA suggests that users could “sweep” their excess funds to non-reusable addresses, similar to how one might divide funds between hot and cold wallets.
IOTA’s proposal is not meant to fully replace the old address system. Reusable addresses would be an optional feature that facilitates everyday spending. The feature would, in short, introduce user-friendliness without sacrificing any of IOTA’s security commitments. However, you won’t be able to use this feature quite yet: it is still just a proposal.