Pages:
Author

Topic: How to hide public key of Bitcoin Address? (Read 593 times)

legendary
Activity: 3472
Merit: 10611
August 24, 2023, 11:25:06 PM
#28
(same as when in 2nd WW allies made with german Enigma machine, they didn't refute all german steps to don't put on check the important advantage they already have.)
That example can be used to refute your post.
Such high computation power to break strong cryptography (at the time) is not easy to come by and is not available to everyone. It is always owned (in secret) by governments and is used for much important matters like state secrets and espionage not to steal bitcoins from a single address after a year of computation! They can press a button to print more money without spending anything.

By the time such capability becomes known, all systems will start migrating to newer and stronger algorithms and by the time the hardware catches up the old algorithms are a thing of the past. Like today that you can break the WWII era encryption on your PC, nobody uses such algorithms.

That's not to mention for the time being the computing power, known or unknown, is not close to be able to sold ECDLP within reasonable timeframe.
hero member
Activity: 630
Merit: 731
Bitcoin g33k
In a well-designed cryptographic system like Bitcoin, knowing the public key should not expose any significant vulnerability. In fact, public keys are meant to be just that—public. However, there are some subtle aspects to consider weakness of a known pubkey in regard to quantum computing. Brute-forcing the private key of a known public key with current classical computers is practically impossible due to the sheer amount of computational power required. While classical computers are currently incapable of breaking public-key cryptography like the elliptic curve algorithm used in Bitcoin within a reasonable time frame, future quantum computers might be able to do so. Also, if there's a yet-unknown mathematical vulnerability in the elliptic curve algorithm, having the public key could conceivably make it easier to exploit.

However, if quantum computers that can break elliptic curve cryptography become available, then having your public key exposed would be a significant risk. Note that if quantum computers reach this stage, the entire cryptographic basis for Bitcoin (and many other systems) would need to be reconsidered. But here comes the important part and certainly is most interesting for you:

If the private key was initially generated using a flawed or predictable random number generator, then an attacker who could guess this could more feasibly derive the private key. However, this is more about the vulnerability in key generation than in the public key being known. For your understanding:

knowing the public key of a 64bit private key allows you to brute-force the correct key in within some minutes (=reasonable time)
knowing the public key of a 234bit private key nowadays is secure because with available technology it's not possible to brute-force and find the correct key in a reasonable time.

That being said --> always use a 256 bit key unless there is a good reason to do so
legendary
Activity: 2268
Merit: 18771
I have been studying Bitcoin Taproot addresses and it seems or not because I have read YES and NO that is not possible to hide public key until first transaction because all Taproot addresses expose it naturally (if someone can explain/clarify it, I would appreciate).
You can hide any scripts which allow an output to be spent, but you cannot hide the public key. As I've said in an earlier post in this thread, a taproot address is simply the tweaked public key in a different encoding.

Satoshi Nakamoto use to say to use the address only one time for max security and there is a reason for that for sure.
The whitepaper says keys should be used once only for privacy reasons, not for security reasons.

I disagree with that, imagine there is a quantic computer that can brake it in 1 year, all addresses already transacted at least 1 year would be exposed
A quantum computer which takes a year to solve an ECDLP will then be able to take the coins from a single address after one year, not from every vulnerable address.

In a time that many ppl is talking about possibility of future quantic attacks for bitcoin, Satoshi already have made the 1st step against quantic attack hiding the public key until first and possible only move if we just move the exchange to a new address.
There are hundreds of reasons your public keys will be exposed. Transactions, signing messages, BIP32, sharing xpubs, light wallets, address reuse, multi-sig or other scripts, the list goes on. No wallet or piece of software handles your public keys as if they are secret information. They are meant to be public, and the security of your coins does not rely on them not being so.
member
Activity: 264
Merit: 16
when you send bitcoins from legacy Address

Bitcoins are not sent FROM addresses.  This is a fundamental misunderstanding of how bitcoin works. Continuing down this path while trying to understand Bitcoin at a technical level is only going to cause you more confusion.

How can i hide my public key while still Re-using the same address

Do not re-use addresses.  If you want to re-use an address, then either make sure that you use software that will allow you to simultaneously spend ALL unspent outputs that were created from that address in a single transaction, OR accept that you will be giving up a bit of privacy because you chose to re-use an address.

Addresses are NOT account numbers.  Bitcoin is not a bank account.  Think of an address like an invoice number.  It's something that you give to someone else so that you can keep track of the payment that they make to you.  You wouldn't typically re-use an invoice number, so don't re-use an address.

What is the main reason to dont reuse addresses, the exposition of public key?
member
Activity: 264
Merit: 16
Interesting subject here, so I decided to post.

I have been studying Bitcoin Taproot addresses and it seems or not because I have read YES and NO that is not possible to hide public key until first transaction because all Taproot addresses expose it naturally (if someone can explain/clarify it, I would appreciate).

I read some comments, about that is not important and pubkeys should be public, bla bla bla...

Satoshi Nakamoto use to say to use the address only one time for max security and there is a reason for that for sure.

Many ppl is speaking that with a quantic attack many bitcoin would be taken and bitcoin would go to zero if someone have enough powerful quantic computer.

I disagree with that, imagine there is a quantic computer that can brake it in 1 year, all addresses already transacted at least 1 year would be exposed, but all the other would be safe and if someone someday have access to a quantic with power to brake bitcoin for sure he will not start to stole every bitcoins he can and make market go down, of course they would be subtil and just make surgical stoles, the type of attacks the owner will complaint and everybody will think he just was hacked by some APP or he is dumb, nobody will believe that it was a quantic attack (same as when in 2nd WW allies made with german Enigma machine, they didn't refute all german steps to don't put on check the important advantage they already have.)

In a time that many ppl is talking about possibility of future quantic attacks for bitcoin, Satoshi already have made the 1st step against quantic attack hiding the public key until first and possible only move if we just move the exchange to a new address.

So, if Taproot addresses always expose the public key, I don't know about you, but I would not use them to save my bitcoins in a cold wallet, maybe for another applications could be good enough, but not for cold wallets.

What you think about it?

hero member
Activity: 1439
Merit: 513
December 27, 2022, 10:11:22 AM
#23

2.) I see Some Addresses do not reveal the public key even if they have spent their bitcoins like this address here - https://www.blockchain.com/btc/address/3BJKWL5ipkVe2bjkRSt6ZNbVWQaRrEFjMs     So How can this be possible?



The address in question is a multi-signature address and has been generated using three different public keys.
I don't know how, but it should be possible to derive all the three public keys from data of a transaction made from that address.


OP you may want to ignore this post as it may be a little off topic but it got me thinking,

Supposedly its possible, however I haven't found a great solution. If I do, I'll let you know.
Ive messed with all the mergers/calculators like https://github.com/ThePiachu tools
One of the problems with vanity addresses is that there are 6 derivatives from 1 key.
Finding the others first is a common problem.
I used to wonder though, if each derivative is in fact a new master key to a new set of 6 derivatives
and some type of formula is found to solve for all 6 derived keys from a master key wouldn't this potentially compromise some security?
for example, find an accurate child derivative sum it up somehow for the master sum then the master sum gives access to all the child derivatives?
I've often wondered if this were made possible and each derivative is also a master key with a set of derivatives if crawling this structure would have overlapped another
set of keys in use. (a collision approach?)

If Infinity= 0
Infinity x Infinity= 0
Infinity/6^6= 0

Even if, everything's still all good however collision possibilities still increase. (I think?  Grin)

edit, just to be clear as far as I know or anyone does, It's not possible to determine the master private key from a derived private key or address. The relationship between the master private key and the derived private keys is one-way. This is a speculation of what if.

  
 I found this a while back while researching BTC pay servers.

Code:
ExtKey masterKey = new ExtKey();
Console.WriteLine("Master key : " + masterKey.ToString(Network.Main));
for (int i = 0 ; i < 5 ; i++)
{
 ExtKey key = masterKey.Derive((uint)i);
 Console.WriteLine("Key " + i + " : " + key.ToString(Network.Main));
}
Master key :
xprv9s21ZrQH143K3JneCAiVkz46BsJ4jUdH8C16DccAgMVfy2yY5L8A4XqTvZqCiKXhNWFZXdLH6VbsCs
qBFsSXahfnLajiB6ir46RxgdkNsFk
Key 0 :
xprv9tvBA4Kt8UTuEW9Fiuy1PXPWWGch1cyzd1HSAz6oQ1gcirnBrDxLt8qsis6vpNwmSVtLZXWgHbqff9
rVeAErb2swwzky82462r6bWZAW6Ty
Key 1 :
xprv9tvBA4Kt8UTuHyzrhkRWh9xTavFtYoWhZTopNHGJSe3KomssRrQ9MTAhVWKFp4d7D8CgmT7TRza
uoAZXp3xwHQfxr7FpXfJKpPDUtiLdmcF
Key 2 :
xprv9tvBA4Kt8UTuLoEZPpW9fBEzC3gfTdj6QzMp8DzMbAeXgDHhSMmdnxSFHCQXycFu8FcqTJRm2ka
mjeE8CCKzbiXyoKWZ9ihiF7J5JicgaLU
Key 3 :
xprv9tvBA4Kt8UTuPwJQyxuZoFj9hcEMCoz7DAWLkz9tRMwnBDiZghWePdD7etfi9RpWEWQjKCM8wH
vKQwQ4uiGk8XhdKybzB8n2RVuruQ97Vna
Key 4 :
xprv9tvBA4Kt8UTuQoh1dQeJTXsmmTFwCqi4RXWdjBp114rJjNtPBHjxAckQp3yeEFw7Gf4gpnbwQTgDp
GtQgcN59E71D2V97RRDtxeJ4rVkw4E
Key 5 :
xprv9tvBA4Kt8UTuTdiEhN8iVDr5rfAPSVsCKpDia4GtEsb87eHr8yRVveRhkeLEMvo3XWL3GjzZvncfWVK
nKLWUMNqSgdxoNm7zDzzD63dxGsm
https://finbuzzactu.files.wordpress.com/2017/06/blockchain-programming-in-csharp.pdf
hero member
Activity: 938
Merit: 605
Leading Crypto Sports Betting & Casino Platform
December 27, 2022, 06:48:11 AM
#22
3.) How can i hide my public key while still Re-using the same address for spending? I suppose it's possible because the address i mentioned in question 2 is able to achieve that.

The phrase "public key" as it's called vividly express that it's something that necessarily need not be hidden, else it should not have been called public key but something away far from it. If we're been charged for every new address produced for transaction order than transaction fee then I'll have understood your reasons for wanting to re-using same address.  Perhaps you should focus energy on keeping your private keys safe cause your assets depends on it than public keys.

Maybe you haven't revealed your real intention to what you seek and why.
legendary
Activity: 2268
Merit: 18771
December 17, 2022, 07:56:16 AM
#21
Also like you ask there's no harm if public key in known. So why to hide it? I know this BUT it wouldn't hurt to conceal it for privacy reasons does it?
We don't hide it. It's simply that you can lock coins behind some script types without revealing it, but it is revealed after you unlock those script type. Concealing it brings no additional privacy since the only thing an attacker with your public key can work out is your address, which is public knowledge already.

See if the bitcoin devs didn't care about it they wouldn't introduce Taproot which essentially enables multi-sig wallet to conceal their pub keys and aggregate them into 1 key and no one can find out the real pub keys which is great IMO and helps in privacy.
The privacy gain here comes from not being able to tell if the address is multi-sig or single-sig, not from obfuscating the individual public keys. And indeed, taproot addresses are simply an encoding of the (tweaked) public key, so any time you receive to a taproot address your public key is already exposed.
sr. member
Activity: 1498
Merit: 271
DGbet.fun - Crypto Sportsbook
December 16, 2022, 10:56:54 AM
#20
Quote
3.) How can I hide my public key while still using the same address for spending? I think it is possible because the address I mentioned in question 2 achieves that.

In my understanding, this is not possible, in my few years in cryptocurrency I have never seen a pubic key hidden in every transaction done by enthusiasts here in the crypto space.

    And I also don't understand why you want your public key hidden? The only thing I know that is really hidden and cannot be shown is the seed phrase words and password, that's all but not the public key.
legendary
Activity: 3472
Merit: 4801
December 08, 2022, 04:14:48 PM
#19
when you send bitcoins from legacy Address

Bitcoins are not sent FROM addresses.  This is a fundamental misunderstanding of how bitcoin works. Continuing down this path while trying to understand Bitcoin at a technical level is only going to cause you more confusion.

How can i hide my public key while still Re-using the same address

Do not re-use addresses.  If you want to re-use an address, then either make sure that you use software that will allow you to simultaneously spend ALL unspent outputs that were created from that address in a single transaction, OR accept that you will be giving up a bit of privacy because you chose to re-use an address.

Addresses are NOT account numbers.  Bitcoin is not a bank account.  Think of an address like an invoice number.  It's something that you give to someone else so that you can keep track of the payment that they make to you.  You wouldn't typically re-use an invoice number, so don't re-use an address.
hero member
Activity: 630
Merit: 731
Bitcoin g33k
November 22, 2022, 12:45:57 PM
#18
maybe OP is concerned about public key because he did read about cracking tools that rely on pubkey (like kangaroo or BSGS) ?
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
November 19, 2022, 12:32:13 PM
#17
So basically using multi-Sig cold wallet on airgapped machine provides the ultimate security?
Using multi-sig in one machine makes little sense. Multi-sig provides extra security, provided that transactions are signed in multiple devices. 

If an address is multi sig of say 3 address then attacker has to find 3 private keys correct?
If the address is a 1 of 3 multi-signature address, a single private key would be enough.
Important to mention that an attacker needs the two other public keys as well, in contrast with single-sig, wherein just having the private key is enough to move the money.
member
Activity: 77
Merit: 10
November 18, 2022, 08:31:23 AM
#16
So basically using multi-Sig cold wallet on airgapped machine provides the ultimate security?
I was thinking what if someone generate the same private key as my address in case of single address (which is very very unlikely) but using multi-sig makes this impossible,yes?
The chance of you messing up the multisig, and losing access to your funds, is much larger than the chance of someone finding your cold wallet's private key. The latter is just not going to happen (unless you make a mistake), the former can easily happen.

From your topics, you seem to have a hard time understanding how secure Bitcoin is. Maybe you should spend some time trying to brute-force the private key to a funded address, to convince yourself it's not going to happen.

Now i am not having a hard time understanding how secure bitcoin is But it wouldn't hurt to know more about cryptography in general. Does it? and it's a technical sub forum.
Also like you ask there's no harm if public key in known. So why to hide it? I know this BUT it wouldn't hurt to conceal it for privacy reasons does it?
See if the bitcoin devs didn't care about it they wouldn't introduce Taproot which essentially enables multi-sig wallet to conceal their pub keys and aggregate them into 1 key and no one can find out the real pub keys which is great IMO and helps in privacy. Even no one can find out if it's the multi-sig tx or single sig Cool
legendary
Activity: 1974
Merit: 2124
November 18, 2022, 06:45:49 AM
#15

Why do you want to hide the public key?
You're looking in the wrong direction for a solution, the real solution is to not reuse the same address.
Right the public keys will be revealed in each transaction as said above and there is no fear in it at all so I don't see anything to hide in it.They are derived from one way hash function under which you can generate public key from private keys but the reverse is not at all possible.

So @OP you don't need to worry about public key hiding and the only thing you should focus on is keeping your seed phrases secret if you are using non custodial wallets so be safe in that case.

As said by @LoyceV also you should burner address that once you have utilised it for the task or submitted it somewhere use different address from it which will help you more.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
November 18, 2022, 06:10:55 AM
#14
So basically using multi-Sig cold wallet on airgapped machine provides the ultimate security?
I was thinking what if someone generate the same private key as my address in case of single address (which is very very unlikely) but using multi-sig makes this impossible,yes?
The chance of you messing up the multisig, and losing access to your funds, is much larger than the chance of someone finding your cold wallet's private key. The latter is just not going to happen (unless you make a mistake), the former can easily happen.

From your topics, you seem to have a hard time understanding how secure Bitcoin is. Maybe you should spend some time trying to brute-force the private key to a funded address, to convince yourself it's not going to happen.
legendary
Activity: 2380
Merit: 5213
November 18, 2022, 05:21:16 AM
#13
So basically using multi-Sig cold wallet on airgapped machine provides the ultimate security?
With using a multi-signature wallet, you may increase your security, but I recommend you use it if it's really required.
Multi-signature addresses are usually used when a transaction should be signed by multiple parties.
If you generate a single-signature wallet on an air-gapped device and keep your keys safe, it's secure enough.


I was thinking what if someone generate the same private key as my address in case of single address (which is very very unlikely) but using multi-sig makes this impossible,yes?
Whether you use a single-signature address or a multi-signature address, that's impossible.


If an address is multi sig of say 3 address then attacker has to find 3 private keys correct?
It depends.
If the address is a 3 of 3 multi-signature address, all the three private keys would be required.
If the address is a 1 of 3 multi-signature address, a single private key would be enough.


Also bitcoin send to individual address which generate multi-Sig can also be spent individually right?
Yes. Each of private keys used for generating the multi-signature address can be used for generating a single-signature address individually.
member
Activity: 77
Merit: 10
November 18, 2022, 05:04:25 AM
#12
What is the public key of actual address that i mentioned in OP which is the address 3BJKWL5ipkVe2bjkRSt6ZNbVWQaRrEFjMs ?
That address is a multi-signature address and for generating that, you need all the three public keys.

In a m of n multi-signature address, there are n private keys and n public keys and you need m of the private keys to spend fund from that.
The address in question is 2 of 3 multi-signature. So, there are 3 public keys and 3 private keys and for spending fund from it, 2 of private keys are required.

Got it. Thanks for the explanation
So basically using multi-Sig cold wallet on airgapped machine provides the ultimate security?
I was thinking what if someone generate the same private key as my address in case of single address (which is very very unlikely) but using multi-sig makes this impossible,yes?
If an address is multi sig of say 3 address then attacker has to find 3 private keys correct?
Also bitcoin send to individual address which generate multi-Sig can also be spent individually right?
legendary
Activity: 3472
Merit: 10611
November 18, 2022, 04:57:35 AM
#11
Access to new features introduced in newer address types such as public key aggregation in Schnorr signatures.
Specifically regarding this feature, i want to ask that so this bascially helps in privacy right?
Say we aggregate 3 pub keys into 1 then it can be reversed too? I mean you can reverse this to find individual 3 pub keys back?
Yes, in a way it improves privacy. It also gives you the option to have different branches that could spend the output but only use and reveal one of them when spending it.
It is still not possible to know how many or which public keys were used to get the aggregated public key though, so it is irreversible.
legendary
Activity: 2380
Merit: 5213
November 18, 2022, 04:49:10 AM
#10
What is the public key of actual address that i mentioned in OP which is the address 3BJKWL5ipkVe2bjkRSt6ZNbVWQaRrEFjMs ?
That address is a multi-signature address and for generating that, you need all the three public keys.

In a m of n multi-signature address, there are n private keys and n public keys and you need m of the private keys to spend fund from that.
The address in question is 2 of 3 multi-signature. So, there are 3 public keys and 3 private keys and for spending fund from it, 2 of private keys are required.
member
Activity: 77
Merit: 10
November 18, 2022, 04:44:03 AM
#9
I mean for multi-sig wallet it's harder to find public key if there's output transactions?
No. It's not really hard.
As mentioned by jackg, you should use the redeem script to get the public keys.

I didn't know how it can be done. I just made a search and found out it's really easy.
Click here to see one of the transactions made from the address you referred to in the OP.
See the input with the index number 135. The sigscript includes 3 hex data. The last one is the redeem script.

Redeem script:
Code:
522102707f8c41a9ce80bd85c335ce37617388fe8fd5c7b6079f730fc8b7159867cb3e2102f61a255027b492203f04396474e032e759367ad32cdb1b317074e216718f9b532102ae11e6f80d33717c8dffcbd4e480b95f82f9fe7478cb166beebddd5b062c9f9653ae

For getting the public keys, all you need to do is to decode the redeem script using coinb.in tool.
The three public keys used for generating the address in question are as follows.

Code:
02707f8c41a9ce80bd85c335ce37617388fe8fd5c7b6079f730fc8b7159867cb3e
02f61a255027b492203f04396474e032e759367ad32cdb1b317074e216718f9b53
02ae11e6f80d33717c8dffcbd4e480b95f82f9fe7478cb166beebddd5b062c9f96

Ok so these 3 public keys you mentioned actually belongs to these address
02707f8c41a9ce80bd85c335ce37617388fe8fd5c7b6079f730fc8b7159867cb3e      -     17eHCSk6dL8naLmCUwUbHHWjykAsJGadoP
02f61a255027b492203f04396474e032e759367ad32cdb1b317074e216718f9b53   -    1KAXSrx2mcYSmyeS2YU442UH66EASTBoSK
02ae11e6f80d33717c8dffcbd4e480b95f82f9fe7478cb166beebddd5b062c9f96       -    1ADCkNGrDGVBEadFvQ2gMkXSZnfdNST3PJ


What is the public key of actual address that i mentioned in OP which is the address 3BJKWL5ipkVe2bjkRSt6ZNbVWQaRrEFjMs ?



Access to new features introduced in newer address types such as public key aggregation in Schnorr signatures.
Specifically regarding this feature, i want to ask that so this bascially helps in privacy right?
Say we aggregate 3 pub keys into 1 then it can be reversed too? I mean you can reverse this to find individual 3 pub keys back?
https://river.com/learn/what-are-schnorr-signatures/
Pages:
Jump to: