There are a couple of key practices everyone should stick to when dealing with bitcoin transactions:
1. Avoid using the same addresses more than once.
2. Don’t spend from the same UTXO or address multiple times.
So is there a method to see if any of your public addresses got exposed (like in Sparrow wallet or something else)?
Basically, since you might not remember every single transaction you’ve done (like if you’ve reused an address or spent from the same one more than once), is there a way to check that in your transaction history?
how to find out if your public keys are out there
18 replies 57 views
I am not sure I am understanding you correctly.
All bitcoin transactions are recorded in the blockchain and are visible to the public. So, once you receive a transaction, anyone in the world can see your address and your transaction.
You can easily use any block explorer to see whether an address has been reused or not.
If that is true then what good does it do to not re-use addresses? This is confusing.
Everyone says you can protect your bitcoin from quantum hacking by not revealing your public address.
To do that, don't re-use addresses and don't spend from the same address more than once.
That is what they tell you to do on the Trezor website, and many other credible sources.
So what is the point of taking all these security measures if everything you do is exposed anyway?
I have no idea how to do that.
humbleledgerLegendary
Posts: 1027 · Reputation: 6554
#4Mar 2, 2023, 10:12 PM
"Everyone" says that's your public key, not your address.
Here's a legacy address holding 55,078.81978073 BTC with exposed public key. As long as they don't worry about quantum computing, I don't worry about it.
When you reuse an address, people can link your transactions with each other and that's why it may violate your privacy.
Assume that I want to sell something to you and give you my bitcoin address. If I use that address in the future for other transactions, you can know that those transactions are mine.
You are confusing address with public key.
Your address is revealed once you receive a bitcoin transaction and your public key is revealed once you make a transaction.
There are many block explorers that can be used for checking bitcoin transactions.
You can paste any of your bitcoin addresses in mempool.space or blockchair.com to see all bitcoin transaction associated with that.
Yes, that is my understanding.
Yeah I got them mixed up.
So what if you send say $100 of bitcoin to yourself, then later spend $20 from that same UTXO
(also to yourself) within the same wallet. Is your public key exposed?
(A couple of years ago I created a couple of hidden wallets for security purposes. So I was sending a bunch of
UTXOs from my main (parent) wallet to the new hidden wallets. In case you're wondering the reason for all
the self sending transactions.)
I know I can use block explorer, but I don't know how. I was just wondering if there was a simpler
way to do it without having to learn the block explorer.
Yes.
It's really simple to use block explorers to check bitcoin transactions. All you need to do is to paste your address or transaction ID.
Your wallet should also display your transaction history and you can also create a watch-only wallet with your addresses or your master public key, if you don't want to have your private keys on an online device due to security reasons.
Is there any way to guard your coins against potential quantum threats after the public key is exposed?
Other than using Coinjoin?
humbleledgerLegendary
Posts: 1027 · Reputation: 6554
#9Mar 5, 2023, 10:02 AM
Move them to a new address.
So simply move every UTXO in my sparrow wallet to a brand new address or addresses?
Because the new address is only receiving, hasn't been spent from yet? I think I got it.
So the private key public key that was previously exposed is useless to a hacker, since it no longer has any bitcoin?
EDIT: correction
humbleledgerLegendary
Posts: 1027 · Reputation: 6554
#11Mar 5, 2023, 06:41 PM
You mean the public key. If your private key is exposed, your funds are stolen instantly. But really, if you're confused about the difference between addresses, public keys and private keys, you shouldn't be worrying about quantum computing at all. There are much bigger risks factors, like the hot wallet you're using.
Yeah sorry I meant public key. I mistyped.
Sparrow isn't a hot wallet. It requires a physical hardware wallet to sign transactions.
(It's just an interface and management tool).
If I knew how to use a block explorer I wouldn't be in the tech support forum asking the question.
They don't exactly come with instructions (but they probably should).
Let me put it very simply for anyone who knows, what does a public key look like? What is an example of one?
SwiftMinerSenior Member
Posts: 259 · Reputation: 1036
#13Mar 6, 2023, 02:30 AM
To start with nope. Firstly nodes you are connected to can see your full transaction history which is basically same major data your public keys gives. Aside from this, the bitcoin network uses a public ledger so if someone is watching your addresses there no way you can tell except they probably create a watch only wallet with your public keys and create an unsigned transaction ( which is very unlikely).
As for address reuse you don't have to worry much since your wallet automatically shuffles them out to improve privacy the problem could come in when you receive from a particular address over and over again.
You are wrong. It can be used as a hot wallet or a cold one depending on if you use internet or not.
Been using sparrow for years, never heard of it being used as a hot wallet.
Either way I have never used it as one, but arguing about it is pointless. Doesn't answer
my original question which is very simple (what does a public key look like).
SwiftMinerSenior Member
Posts: 259 · Reputation: 1036
#15Mar 6, 2023, 10:24 AM
Sighs... Sparrow is just an open source wallet. Your use case now depends if it would be classified as a hot wallet or a cold wallet. Consider having two sparrow wallets one you use to pay readily for transactions and orders and another which you store your coins in. If you have the first constantly connected to the internet to make transactions then it's a hot wallet. For the second it's a cold wallet if you refuse to connect it to the internet because of risks of losing your hodlings.
This wasn't your original question. Anyways public keys have different format as considering if it's compressed or not . Just toggle to your wallet details you'll find it there if that's what you are looking for.
public keys are usually exposed when you send btc, I say as a general rule, because in most cases it is, however there are transactions that do not expose their public keys of their addresses, currently you should not be worried about any vulnerability related to quantum regarding whether your public key is exposed or not, it is more of a privacy issue than a risk of losing money, since with your public key you would only be in danger if you use software with a bug that makes your private keys insecure or signs your transactions in an insecure way, such as repeating 2 signatures with the same nonce, therefore if you are not worried about the privacy issue, and you use appropriate tools you could keep 1 address in use without problems, although it is a bad practice in terms of privacy, it does not involve a risk in cryptographic security.
Quantum threat requires a lot of computing power to successfully break through, so don't bother about it for now.
When you ask questions and ready to learn, you don't argue. When replies are given here try to confirm instead of thinking to argue, every body wants to learn also, heard of BIP 360 which covers the question you asked about quantum threat.
You don't know that, which is why it is better to be prepared as best as possible. Better to be safe than sorry.
The quantum breakthough could come at any moment. It is impossible to predict when that moment will come.
It could be 10 years from now or it could be in ten days, or it could be never.
Unless you are a psychic no one can predict the future of when or if the quantum threat will be real.
Then why are you here arguing with me? If you don't have the answer to the
very simple question that I asked then don't waste my time.
gr3g.0rbitHero Member
Posts: 1025 · Reputation: 2646
#19Mar 7, 2023, 02:40 AM
Another correction: #2 should be rephrased because a UTXO can only be spent once while an address (pubKeyhash) can be associated with multiple UTXO.
As its acronym means "Unspent Transaction Output", it's pointing to a specific unspent output of a transaction and not the pubKeyhash itself.
Removing "...UTXO or..." should be good enough because the new meaning could mean: to spend all of the address' UTXO if it's used to receive more than once.
Then to pair that with #1, do not use it again to receive bitcoins after spending.
That depends on the wallet that you're using.
Some only requires you to check the address list, some requires you to check every address' history for "outbound" transactions.
In Sparrow for example, you can go to its 'Addresses' tab and look for addresses that can be expanded (">" button).
That indicates that it has transaction history, from there, check if it has an expandable "Receive from" transaction which mean that there's a "Spent by" transaction that spent it.
The gist is, if it's used to send at least once, its public key is already exposed.
Related topics
- Recovering keys from a reformatted drive with Pywallet 8
- bitcoin-qt sync issues and slow speeds 6
- Recovering a Bitcoin wallet and address 8
- Creating a list of non-zero wallets and their balances using Python 4
- CipherSeed: A Comprehensive Guide to Super-Secure Crypto Wallet Backups 5
- Curious about recovering BTC from 2010/2011 7