One the most confusing things in IOTA is how addresses are used. Contrary to traditional blockchain-based systems such as Bitcoin, where your wallet addresses can be reused, IOTA’s addresses should only be used once (for outgoing transactions). That means there is no limit to the number of transactions an address can receive, but as soon as you’ve used funds from that address to make a transaction, this address should not be used anymore. The reason for this is, by making an outgoing transaction (if you send IOTAs), a part of the private key of that specific address is revealed, and it opens the possibility that someone may bruteforce (“hack”) the full private key to gain access to all funds on that address. The more outgoing transactions you make from the same address, the easier it will be to bruteforce the private key. It should be noted that having access to the private key of an address will not reveal your seed or the private key of the other addresses within your seed (account).
To summarize: It is safe to receive any number of transactions to a given address until an outgoing transaction (a “send” transaction) is made. After that, this address should no longer be used!
Perhaps you are now wondering “What if I make a payment to someone; do I need to worry about the safety of the rest of my IOTA?”
The answer would be, "No, the wallet takes care of everything, and your tokens remain absolutely safe."
The animated image below demonstrates what happens when you make a transfer in the wallet.
Before we go into further detail of what above animation is about, we should know what an Address Index is.
When a new address is generated it is calculated from the combination of a seed + Address Index, where the Address Index can be any positive Integer (including “0”).
The wallet usually starts from Address Index 0, but it will skip any Address Index where it sees that the corresponding address has already been attached to the Tangle.
The above animation demonstrates that we start with a balance of 174 IOTAs, then we send 24 IOTAs to Bob.
The transaction now deducts all 174 IOTAs from the first address of our seed / “account” and, after splitting them, sends 150 IOTAs to the next address within our account while the other 24 IOTAs get sent to Bob’s address. This way, our first address, which is now considered used, is left with a balance of 0 while our new address now holds the remainder of our balance.
The same thing happens with the next transaction, where we send 60 IOTAs to Alice.
Now that we know how addresses are used by the wallet, we can also learn why our balance appears to drop to 0 after a snapshot. When a snapshot happens, all transactions will get deleted from the Tangle, leaving only the record of how many IOTAs are owned by each address.
If a snapshot was made after our transaction to Alice, the snapshot would record that our address “EJMQH…” has 90 IOTAs.
However, the next time the wallet scans the Tangle to look for used addresses, the transactions will be gone because of the snapshot, so the wallet won't know anymore that address “EJMQH…” belongs to us.
This is the reason that we need to regenerate 3 addresses (Address Index 0, 1 and 2) so that the wallet can check the balance of each address to know that these 90 IOTAs are ours. The more transactions we make before a snapshot, the further away our balance moves from Address Index 0, and the more addresses we will need to (re-)generate after the snapshot.
Thanks to Pascal for writing this article.
If you have any comments or suggestions for "How do Addresses work?", please let us know in the comments section below. You may also contact us by submitting a Ticket, or by commenting on the Forum. We would be happy to hear from you.
Thanks for reading.