While bitcoin is commonly viewed as electronic cash, bitcoin users don’t actually receive their “change” back instantly when spending less than what’s in their wallet. Instead, bitcoin change is digitally redeposited in a change address.
What you say? For example, consider what would happen if you went to Starbucks and sought to purchase a fancy $5 coffee. If your bitcoin wallet holds $50, the cashier will retrieve $5 from your account and credit your bitcoin address with $45 in “change.” However, this change is not available for spending until bitcoin confirmations complete – ensuring that the funds are delivered to the intended address. This can take seconds, minutes or more.
Given how the network is set up, “spending” bitcoins requires that you use your full unspent output by making it the input for any new transaction. Your wallet continually looks for unspent outputs and adds up their total value to show you the sum available for purchases,
Obviously, the similarities between bitcoin and cash run deep. In a whitepaper, Satoshi Nakamoto even described bitcoin as an “electronic cash system.” Understanding the close connection between bitcoin and physical cash is the key to understanding change addresses. To simplify this even more, a bitcoin address can be thought of as the digital equivalent of a cash envelope.
Consider the coffee example above, where the buyer has $50 worth of bitcoins in his wallet and pays Starbucks the entire sum. The buyer’s bitcoin balance will drop to zero and Starbucks will increase by $5. After the transaction, Starbucks can give the unspent output received from the buyer to someone else. However, the buyer will not be allowed to take back the unspent output transferred, nor will he/she be able to spend it again.
There is another option on spending bitcoins that allows the coffee buyer to split his payment, a feature fully supported by bitcoin. The buyer uses $5 in bitcoin to get his daily Grande Vanilla Latte fix, and returns the change to his bitcoin wallet. Unfortunately, receiving such change makes the transaction visible on the blockchain. Transaction privacy depends upon the strict separation between addresses and personal IDs, a model referred to as pseudonymity.
If an observer wants to penetrate the privacy veil, he/she can link bitcoin addresses to personal IDs to determine the parties to a transaction. Users may seek to fortify their privacy by sending change to newly-created addresses. S
However, someone seeking to link personal IDs to addresses will need to gather additional secondary information (and expend more resources) when all parties
Change Address Strategies
Although change addresses play a key role in improving privacy, experts say wallet developers can implement this feature in a number of ways. Four strategies are currently in use:
- Single-Address Wallets use a single address to receive both payments and change. Additional addresses may
addedwhen a receiving address is manually added, or a private key is imported. An example is the now-unsupported MultiBit Classic.
- Random Address Pool Wallets use a fixed-size pool of randomly-generated addresses. Change is sent to the next available empty address, causing the creation of a new empty address to take its place. The best-known example was
bitcoin-Qt ,until its key-handling functionality was upgraded.
- Deterministic Address Pool Wallets contain a practically infinite pool of deterministically-generated addresses. A subset of this pool contains addresses reserved for receiving change. Examples include Electrum and Armory.
- Hybrid Wallets use multiple strategies, depending on context. MultiBit, Mycelium, and Electrum are examples.
New Wallet Developments
Fortunately, a new bitcoin protocol will soon eliminate change addresses. This new version of Bitcoin Core incorporates a “Branch and Bound” algorithm. Created by BitGo engineer Mark Erhardt, this algorithm offers two key improvements to Bitcoin Core:
- First, the fee for each chunk is calculated before it’s selected to be added to the transaction; this prevents new chunks from being added later
- Second, the algorithm attempts to match different chunks so they add up to the exact amount needed for the transaction, theoretically avoiding the need for change addresses. See the bitcoin exchange guide here
Let’s hope the industry and financial regulators sort this out soon. Doing so will ultimately protect transaction privacy and strengthen bitcoin adoption.