[narrator]

Address reuse only becomes a problem in the theoretical case that someone can determine the private key from a signature. This would only happen if there was some sort of breakthrough in cryptoanalysis of elliptic curve cryptography, which while theoretically possible, is unlikely.

[Obi_Juan_Kenobi]

The idea is that you don't want to be secure now, but also in the future. The ECC Bitcoin uses is vulnerable to Shor's algorithm, and thus quantum computation. Quantum computing at that scale is a fair ways off, most likely, but on a timescale of a couple decades or more, a successful attack seems quite reasonable.

Bitcoin can soft-fork, allowing address generation with a different algorithm. It's not any sort of existential threat to Bitcoin. But it does require that you move your coins to a new address if you reuse an address, else you are vulnerable.

[julian_1]

Not to mention, that such a discovery would be significant enough - that a protocol upgrade and fork would be inevitable, in order to protect addresses retroactively.

[45h34jh53k4j]

or you reuse the nonce in ECDSA.

This burned sony, and burned people that had faulty wallet code that submitted transactions with the duplicate nonces.

If you only published, and signed a transaction once, you would be immune to fail by ECDSA nonce reuse.

Its good to rotate the publickey/address per transaction in bitcoin