bitcoin core – Would reusing addresses result in a lower fee?

Addresses do not exist at the protocol level. You’ll pay exactly the same fee whether you used the same or different addresses to withdraw. What matters is that there are many outputs you have to spend; whether those are assigned to the same addresses or distinct ones is a human abstraction – for the protocol it makes no difference.

To explain, it’s important to see that Bitcoin does not have anything you could call an “account model”. It is more like cash: every transaction gives you one or more coins (or various values) and “uses” previously created coins. These coins are also called UTXOs: unspent transaction outputs.

For example, if you pay me 1 mBTC twice (to the same address, or to different addresses), I will have in my wallet two coins of 1 mBTC each. If I now want to pay someone else 1.5 mBTC, I (or my wallet software, transparently) will construct a transaction that consumes both 1 mBTC outputs/coins/UTXOs, and creates two new ones: one valued 1.5 mBTC assigned to the payee, and perhaps 0.49 mBTC to another output back to myself (usually a fresh address, called a change address), and the remaining 0.01 mBTC is turned into fees.

Why do I mention that addresses don’t exist at the protocol level: they are just shorthand notations for locking scripts. Every coin/UTXO/output has an embedded script that defines the conditions under which it can be spent. When a transaction spends multiple outputs, it needs to satisfy the conditions for all of them.

It would be possible to define a protocol improvement that allows spending multiple outputs to the same script at reduced cost, by permitting a single signature that signs for all inputs at once. This hasn’t been done for two reasons:

  • Research around Cross-Input Signature Aggregation (CISA) will likely make this sort of benefit available to any inputs, even when they’re using different addresses.
  • It would institute an incentive to adopt privacy-damaging practices.