Understanding risks associated with public keys

19 replies 117 views
leo51Senior Member
Posts: 194 · Reputation: 1171
#1Jun 30, 2020, 05:29 PM
I know this might sound like a silly question, but I really want to understand more about it. There are security concerns in the blockchain world that aren’t always easy to find through a quick online search, so I’d appreciate some patience here. So, have you ever heard of any actual hacks or breaches that successfully targeted a Bitcoin wallet just by using someone’s public keys? Or maybe you’ve seen info somewhere that warns against sharing your public keys online? Overall, are there real dangers linked to making your Bitcoin public keys visible?
2 Reply Quote Share
pixel2014Hero Member
Posts: 857 · Reputation: 4132
#2Jul 1, 2020, 10:02 PM
No. No such thing as of now. The possible threats against public keys are quantum computers, but the QC that can derive private keys from their public keys are not yet existing. If you make bitcoin transaction, the public key of the private key you used to sign the transaction will be exposed to the public.
4 Reply Quote Share
hash_bossLegendary
Posts: 1166 · Reputation: 5261
#3Jul 2, 2020, 12:42 AM
No. But if such article exist, i would assume it's created for FUD purpose because public key of Bitcoin address revealed when you spend your Bitcoin or sign message and share it online. Excluding quantum computer, AFAIK there's no such threat whether in general or in theory, assuming the attacker only know public key of address.
2 Reply Quote Share
im_altSenior Member
Posts: 130 · Reputation: 817
#4Jul 2, 2020, 03:03 AM
this is actually funny you know, you will never hear any of such complains because the public key are just as good as our name or identity  on the network, the funds are not locked on them therefore exposing them have no any significant effect, did you realize that the address are the hash of the public key? if exposure of public key can be a problem then exposing your address is also a problem but its not. the only concern was if public key will be work back to get the private key since the public key was actually derived from the private key using the elliptical multiplication. but even the quantum computers that have the possibilities have not successfully done that  yet, its just speculations.
3 Reply Quote Share
ape_2018Senior Member
Posts: 412 · Reputation: 1728
#5Jul 2, 2020, 08:46 AM
Bitcoin private key > Bitcoin public key > Bitcoin address. These processes are one-way from private key > public key, and from public key > public address. You can not get the private key from the public key or public address, while to send bitcoins, private key must be accessible for signing a Bitcoin transaction. https://github.com/bitcoinbook/bitcoinbook/blob/develop/ch04_keys.adoc
3 Reply Quote Share
bull_2019Senior Member
Posts: 296 · Reputation: 1992
#6Jul 2, 2020, 12:58 PM
Same answer .. Nope The whole public key trend became popular once again because of Quantum computers trend. There’s passibility of future threat when your public key is exposed  but again it’s a future possibility and not a present threat/ issue.. Generally, before the whole QC thing, your BTC address has always been mapped to a public key. Reusing it to receive from a different source, before or after spending from it, is a threat to your privacy itself. Exposing the public key opens the door to another possible future threat. But there’s nothing like what you just mentioned.. Article &Threads about that are just for future speculation and there’re couple of it on this board already including the Technical boards, just do your search you will find them.
3 Reply Quote Share
d4n_w0lfFull Member
Posts: 90 · Reputation: 462
#7Jul 2, 2020, 01:17 PM
No, I have not came across any news of hack through public keys. Most hacked I read is on exchanges, a malware injected to the system of the victim  where private keys and other important data were hijacked. So far all are speculations or theoretical assumption.  Other than the theory about the threat that quantum computers can acquire private keys using Bitcoin public keys[1], there is no other news about Bitcoin being hacked through public keys.
4 Reply Quote Share
paul_maxiSenior Member
Posts: 156 · Reputation: 896
#8Jul 2, 2020, 06:47 PM
I see other members before posting it's only a theory but that is not true, it has been done already and proven by one developer who received Q-Day Prize for his work. Things are going to get more serious because of AI improvements and we can expect to see this happening more in future. https://www.thestreet.com/crypto/technology/researcher-uses-quantum-computer-to-crack-key-that-protects-bitcoin It's best not to use taproot addresses and avoid address reuse, as protection from future attacks.
2 Reply Quote Share
sam.bullSenior Member
Posts: 390 · Reputation: 1323
#9Jul 2, 2020, 08:23 PM
Actually it's mathematically possible to derive a private key from a public key But computationally infeasible today on Scep256k1. Hence why we haven't seen or heard about any cases of a breach as a result of Using Pubkey to get private key. Address reuse tend to affect privacy and now with QC on the horizon poses future threat.
6 Reply Quote Share
d4rk5tackSenior Member
Posts: 259 · Reputation: 1325
#10Jul 3, 2020, 12:19 AM
The reality is you can’t even hide your public key. Once you send a bitcoin out from an address the public key is actually revealed. This is because you’re unlocking the script type and this reveals the public key, you can only conceal when this script type remain lock. To understand it easily, nodes needs your public key to verify your transaction even if it’s not included along side the signature in the transaction it’s easily derived from the ECDSA signature provided. Public key can even be publicly seeing from the sending addresses on block explorer either in the witness for Segwit addresses or last characters of the ScriptSig of legacy addresses. So there is no way to actually conceal a public key of an address that has spent coins from the public and that’s why in the face of quantum risk anticipation address not been reuse is the solution for that now
3 Reply Quote Share
hash_bossLegendary
Posts: 1166 · Reputation: 5261
#11Jul 4, 2020, 08:36 PM
I would start to worry if they crack keys with much higher bits. Did i miss something? What actually exposed on Taproot address is "tweaked public key", which is different from public key. I don't think quantum computer can be used to get private key or actual public key only from "tweaked public key".
3 Reply Quote Share
sat_2011Full Member
Posts: 119 · Reputation: 334
#12Jul 6, 2020, 11:01 PM
With the current computing power, it is impossible since Bitcoin wallet uses Elliptic curve cryptography, and it could take billions of years for hacker to have access to your BTC wallet, that's if there's a chance it may happen. Yes, exposed public keys can experience a dust attack, and there's a possible future threat for almost all exposed public keys when it's the era of quantum computers. However, a lot of research and preparation are currently working at the moment to provide a quantum resistant wallet.
2 Reply Quote Share
d4n_w0lfFull Member
Posts: 90 · Reputation: 462
#13Jul 7, 2020, 10:26 PM
It is still in a theoretical stage or assumption stage since the one cracked was only a 15 bit key, while Bitcoin is operating a much higher 256-bit scale. We cannot compare or use this case to say cracking Bitcoin is done already.  I believe saying that "it is done" already is somehow an overstatement Bitcoin security is still solid until it is cracked, all statements about Bitcoin can be hack/crack by QC are still a theoretical possibility until this theory happens and Bitcoin security is cracked.  Good advice, it is better to know how to start protecting our Bitcoins now than feel sorry when the threat happens.
6 Reply Quote Share
lonewhaleSenior Member
Posts: 328 · Reputation: 1624
#14Jul 9, 2020, 12:56 AM
Why there is difference between "Bitcoin public key" and "Bitcoin address" ?
4 Reply Quote Share
gr3g.0rbitHero Member
Posts: 1025 · Reputation: 2646
#15Jul 11, 2020, 05:46 AM
He's probably talking about its consensus validity, rather than the standard. Because in that theoretical scenario; if a miner decides to work with a hacker with a power QC, they can spend Taproot UTXOs using their tweaked public key's private key pair by directly including the transaction in their block. But then, its reputation will plummet since it's easy to tell that the miner is an accomplice because it's spent via non-standard way. (Co)Incidentally, some online articles are going with FUD-route that they snipped the "tweaked" from the tweaked public key. Claiming that public keys are exposed in Taproot.
4 Reply Quote Share
hash_bossLegendary
Posts: 1166 · Reputation: 5261
#16Jul 11, 2020, 07:17 PM
I seem to read about it somewhere else, but i don't remember the detail. Is it related with how some Taproot address use "default" spending condition (just like P2WPKH) or something else? Yeah, i've seen it so many times where there's zero mention about tweaked keys.
0 Reply Quote Share
nova365Full Member
Posts: 82 · Reputation: 551
#17Jul 11, 2020, 10:45 PM
If your wallet key is exposed online then your wallet has no value, the people will own your wallet. So keeping your wallet key safe is the most important thing, remember the more secure you keep your wallet key the more secure your Bitcoin wallet will be and your assets will be safe. So Bitcoin wallet is where you are keeping your assets for a long time, you are holding Bitcoin for a long time that is why it is necessary to keep your key safe. The most important thing in a Bitcoin wallet is the wallet key so it is best to keep it safe.
1 Reply Quote Share
gr3g.0rbitHero Member
Posts: 1025 · Reputation: 2646
#18Jul 13, 2020, 03:14 PM
Something like that. As per BIP341 standard, under 4th guideline of "Constructing and spending Taproot outputs", it's recommended to tweak the internal pubKey even if there's no script path. But as it mentioned, those guidelines aren't consensus critical but the reference client seem to follow this as policy. Don't know if this is enough of a reference for this: github.com/bitcoin/bitcoin/issues/24822#issuecomment-1094430469
5 Reply Quote Share
im_apeHero Member
Posts: 629 · Reputation: 3824
#19Jul 13, 2020, 04:27 PM
Public key as the name suggests is meant to be public. Stick to the usual recommendation of avoiding address reuse for your privacy and you'll be golden. That's all you need to know, the rest is a rabbit hole of cutting edge technologies for computation and solving complex mathematical problems Just the other day I read a news that Iran has produced the first Organoid Intelligence (that is a lab-grown brain using living human neurons) and that got me sucked into reading about OI and it is both fascinating and "brain-melting". The scientists say that OI is a million times faster and more energy efficient. And it is more suitable for adaptive biocomputing! It can learn and rewire itself which makes it excellent for finding solutions. Can OI find the solution to ECDLP? I'd say if anything has the chance to find the solution, it is going to be OI. And then another fascinating technology called Parallelized DNA-based Computation can solve it so much faster than QC... Anyway read up on OI if you are a fan of these advanced frontier sciences like me, but the important thing to know is that the threat is real but it is not close. That's a very important distinction. All popular cryptography algorithms that are commonly used today will become obsolete at some point as computation power grows and technologies advance (just like their predecessors did) but it won't happen overnight. It takes a lot of time and we will have enough time to migrate... hopefully.
5 Reply Quote Share
tomforkMember
Posts: 38 · Reputation: 215
#20Jul 13, 2020, 07:06 PM
No one has successfully stole bitcoin because the owner revealed their public keys. Public keys and wallet address are meant to share so people can be able to send you bitcoin. Knowing your public keys does not give anyone as Access to spend your coin because it is, private key that is the main secret that signs every transaction. Exposing your public keys does not mean there is absolutely zero risk. It’s  reduce your privacy because anybody can trace your wallet for you and your transaction history on the Blockchain. Some security experts also says that quantum computing becomes more powerful enough in the future, exposing your private keys can become more vulnerable, although that scenario has never been practical today. So the best thing to protect isn’t your public keys rather your private keys and your seed phrase. Once  it’s seen, your funds may likely disappear. Wallet address and public keys are okay to share whenever someone wants to send you your bitcoin.
1 Reply Quote Share

Related topics