6

A one time address is supposed to be, well, used only once.

If you send two transactions to the same one time address, will both transactions be accepted into the block chain? I know that if they were, only one would be spendable.

user36303
  • 34,928
  • 2
  • 58
  • 123
Christopher King
  • 3,120
  • 14
  • 65

2 Answers2

4

First, to clarify again, the question is about one-time addresses, i.e. stealth addresses, which are different than the public addresses. The public addresses can be reused freely, whereas the stealth addresses cannot. For consistency, I'll only use the term stealth address (one-time address) in this answer.

To answer your question, we first need a bit of background. In Monero, key images prevent double spending in the blockchain. Key images are generated by the receiver (Bob) of a transaction, to see if the outputs that belong to him are spendable. Or to put differently, if they aren't already spent. The receiver wants to verify this, because he will most likely want to spend his funds somewhere in the future. From core-team member luigi1111's article:

To check if P is spent, Bob computes its "key image" and queries the blockchain to see if it is marked as spent. Key image I = xHp(P).

Note that P is Bob's stealth address, with P = Hs(rA)G + B.

Where:

  • P -- the final stealth address (one-time output key, the destination where funds will actually be sent);
  • Hs* -- a hashing algorithm that returns a scalar (i.e., the hash output is interpreted as an integer and reduced modulo l);
  • r -- the new random scalar Alice chose for this transaction;
  • A -- Bob's public view key;
  • G -- the standard Ed25519 base point;
  • B -- Bob's public spend key.

From the formulas we can infer that, if the sender (Alice) uses the same stealth address of the receiver (Bob) for two transactions, Bob's outputs of one of the transactions will be burned. That is, both transactions will generate the same key image for Bob. Therefore, only Bob's outputs of one of the transactions are subsequently spendable. Now back to your question, given that stealth addresses are randomly generated, is it highly unlikely that Alice received the funds she has subsequently sent to Bob on a reused stealth address as well. Therefore, the key images generated by Alice are unique and she would be able to send two different transactions to the same stealth address of Bob, which thus will both be accepted into the blockchain.

I previously mentioned that stealth addresses are randomly generated and therefore should not be able to collide, or put differently, reused. One may ask themselves, how would a stealth address appear twice? To answer this, I'll use the comment of reddit user TheKing01:

Technically, stealth address reuse is already possible if you're dumb. A sender can use a one time address more than once if they aren't careful. (It does help though that it is happening all inside simplewallet, so their is no chance for human error in this regard. Either using third party buggy clients or using a bad random number generator could be a problem though).

There is a good way to prevent this type of failure though; simply check if the one time address you are using is already on the block chain (this can be done automatically). If it is, you know there is a problem.

Community
  • 1
dEBRUYNE
  • 15,417
  • 18
  • 60
  • 114
2

If two outputs are sent to the same one time address, they will be accepted by the blockchain. However, only one of them may be spent. It is equivalent to burning coins. The wallet is setup so that, if it detects this, the largest value output is used (assuming the first one is not spent before the second one arrives).

user36303
  • 34,928
  • 2
  • 58
  • 123