I know this might sound like a silly question, but I really want to understand more about it. There are security concerns in the blockchain world that aren’t always easy to find through a quick online search, so I’d appreciate some patience here.
So, have you ever heard of any actual hacks or breaches that successfully targeted a Bitcoin wallet just by using someone’s public keys?
Or maybe you’ve seen info somewhere that warns against sharing your public keys online? Overall, are there real dangers linked to making your Bitcoin public keys visible?
Understanding risks associated with public keys
19 replies 117 views
No.
No such thing as of now.
The possible threats against public keys are quantum computers, but the QC that can derive private keys from their public keys are not yet existing.
If you make bitcoin transaction, the public key of the private key you used to sign the transaction will be exposed to the public.
No. But if such article exist, i would assume it's created for FUD purpose because public key of Bitcoin address revealed when you spend your Bitcoin or sign message and share it online.
Excluding quantum computer, AFAIK there's no such threat whether in general or in theory, assuming the attacker only know public key of address.
this is actually funny you know, you will never hear any of such complains because the public key are just as good as our name or identity on the network, the funds are not locked on them therefore exposing them have no any significant effect, did you realize that the address are the hash of the public key? if exposure of public key can be a problem then exposing your address is also a problem but its not. the only concern was if public key will be work back to get the private key since the public key was actually derived from the private key using the elliptical multiplication. but even the quantum computers that have the possibilities have not successfully done that yet, its just speculations.
Bitcoin private key > Bitcoin public key > Bitcoin address.
These processes are one-way from private key > public key, and from public key > public address. You can not get the private key from the public key or public address, while to send bitcoins, private key must be accessible for signing a Bitcoin transaction.
https://github.com/bitcoinbook/bitcoinbook/blob/develop/ch04_keys.adoc
Same answer .. Nope
The whole public key trend became popular once again because of Quantum computers trend. Theres passibility of future threat when your public key is exposed but again its a future possibility and not a present threat/ issue..
Generally, before the whole QC thing, your BTC address has always been mapped to a public key. Reusing it to receive from a different source, before or after spending from it, is a threat to your privacy itself. Exposing the public key opens the door to another possible future threat.
But theres nothing like what you just mentioned.. Article &Threads about that are just for future speculation and therere couple of it on this board already including the Technical boards, just do your search you will find them.
No, I have not came across any news of hack through public keys. Most hacked I read is on exchanges, a malware injected to the system of the victim where private keys and other important data were hijacked.
So far all are speculations or theoretical assumption. Other than the theory about the threat that quantum computers can acquire private keys using Bitcoin public keys[1], there is no other news about Bitcoin being hacked through public keys.
I see other members before posting it's only a theory but that is not true, it has been done already and proven by one developer who received Q-Day Prize for his work.
Things are going to get more serious because of AI improvements and we can expect to see this happening more in future.
https://www.thestreet.com/crypto/technology/researcher-uses-quantum-computer-to-crack-key-that-protects-bitcoin
It's best not to use taproot addresses and avoid address reuse, as protection from future attacks.
Actually it's mathematically possible to derive a private key from a public key
But computationally infeasible today on Scep256k1.
Hence why we haven't seen or heard about any cases of a breach as a result of
Using Pubkey to get private key.
Address reuse tend to affect privacy and now with QC on the horizon poses future threat.
The reality is you cant even hide your public key. Once you send a bitcoin out from an address the public key is actually revealed. This is because youre unlocking the script type and this reveals the public key, you can only conceal when this script type remain lock.
To understand it easily, nodes needs your public key to verify your transaction even if its not included along side the signature in the transaction its easily derived from the ECDSA signature provided. Public key can even be publicly seeing from the sending addresses on block explorer either in the witness for Segwit addresses or last characters of the ScriptSig of legacy addresses.
So there is no way to actually conceal a public key of an address that has spent coins from the public and thats why in the face of quantum risk anticipation address not been reuse is the solution for that now
I would start to worry if they crack keys with much higher bits.
Did i miss something? What actually exposed on Taproot address is "tweaked public key", which is different from public key. I don't think quantum computer can be used to get private key or actual public key only from "tweaked public key".
With the current computing power, it is impossible since Bitcoin wallet uses Elliptic curve cryptography, and it could take billions of years for hacker to have access to your BTC wallet, that's if there's a chance it may happen.
Yes, exposed public keys can experience a dust attack, and there's a possible future threat for almost all exposed public keys when it's the era of quantum computers. However, a lot of research and preparation are currently working at the moment to provide a quantum resistant wallet.
It is still in a theoretical stage or assumption stage since the one cracked was only a 15 bit key, while Bitcoin is operating a much higher 256-bit scale. We cannot compare or use this case to say cracking Bitcoin is done already. I believe saying that "it is done" already is somehow an overstatement
Bitcoin security is still solid until it is cracked, all statements about Bitcoin can be hack/crack by QC are still a theoretical possibility until this theory happens and Bitcoin security is cracked.
Good advice, it is better to know how to start protecting our Bitcoins now than feel sorry when the threat happens.
Why there is difference between "Bitcoin public key" and "Bitcoin address" ?
gr3g.0rbitHero Member
Posts: 1025 · Reputation: 2646
#15Jul 11, 2020, 05:46 AM
He's probably talking about its consensus validity, rather than the standard.
Because in that theoretical scenario; if a miner decides to work with a hacker with a power QC,
they can spend Taproot UTXOs using their tweaked public key's private key pair by directly including the transaction in their block.
But then, its reputation will plummet since it's easy to tell that the miner is an accomplice because it's spent via non-standard way.
(Co)Incidentally, some online articles are going with FUD-route that they snipped the "tweaked" from the tweaked public key.
Claiming that public keys are exposed in Taproot.
I seem to read about it somewhere else, but i don't remember the detail. Is it related with how some Taproot address use "default" spending condition (just like P2WPKH) or something else?
Yeah, i've seen it so many times where there's zero mention about tweaked keys.
If your wallet key is exposed online then your wallet has no value, the people will own your wallet. So keeping your wallet key safe is the most important thing, remember the more secure you keep your wallet key the more secure your Bitcoin wallet will be and your assets will be safe.
So Bitcoin wallet is where you are keeping your assets for a long time, you are holding Bitcoin for a long time that is why it is necessary to keep your key safe. The most important thing in a Bitcoin wallet is the wallet key so it is best to keep it safe.
gr3g.0rbitHero Member
Posts: 1025 · Reputation: 2646
#18Jul 13, 2020, 03:14 PM
Something like that.
As per BIP341 standard, under 4th guideline of "Constructing and spending Taproot outputs", it's recommended to tweak the internal pubKey even if there's no script path.
But as it mentioned, those guidelines aren't consensus critical but the reference client seem to follow this as policy.
Don't know if this is enough of a reference for this: github.com/bitcoin/bitcoin/issues/24822#issuecomment-1094430469
Public key as the name suggests is meant to be public. Stick to the usual recommendation of avoiding address reuse for your privacy and you'll be golden. That's all you need to know, the rest is a rabbit hole of cutting edge technologies for computation and solving complex mathematical problems
Just the other day I read a news that Iran has produced the first Organoid Intelligence (that is a lab-grown brain using living human neurons) and that got me sucked into reading about OI and it is both fascinating and "brain-melting". The scientists say that OI is a million times faster and more energy efficient. And it is more suitable for adaptive biocomputing! It can learn and rewire itself which makes it excellent for finding solutions.
Can OI find the solution to ECDLP? I'd say if anything has the chance to find the solution, it is going to be OI. And then another fascinating technology called Parallelized DNA-based Computation can solve it so much faster than QC...
Anyway read up on OI if you are a fan of these advanced frontier sciences like me, but the important thing to know is that the threat is real but it is not close. That's a very important distinction. All popular cryptography algorithms that are commonly used today will become obsolete at some point as computation power grows and technologies advance (just like their predecessors did) but it won't happen overnight. It takes a lot of time and we will have enough time to migrate... hopefully.
No one has successfully stole bitcoin because the owner revealed their public keys. Public keys and wallet address are meant to share so people can be able to send you bitcoin. Knowing your public keys does not give anyone as
Access to spend your coin because it is, private key that is the main secret that signs every transaction.
Exposing your public keys does not mean there is absolutely zero risk. Its reduce your privacy because anybody can trace your wallet for you and your transaction history on the Blockchain.
Some security experts also says that quantum computing becomes more powerful enough in the future, exposing your private keys can become more vulnerable, although that scenario has never been practical today.
So the best thing to protect isnt your public keys rather your private keys and your seed phrase. Once its seen, your funds may likely disappear. Wallet address and public keys are okay to share whenever someone wants to send you your bitcoin.