Bitcoin Forum

So specifically I am using BitcoinJS to sign a transaction and get the raw HEX data. Now, since I don't want to run my own full bitcoin nodes, I am considering using one of the many services out there that pushes the hex data and broadcasts it to the bitcoin network (such as: https://www.localbitcoinschain.com/tx/send).

Now, my question is: Is this safe at all?

Could someone derive my private key from the hex data? (I'm assuming not right? Since it shouldn't be possible to decrypt once signed?)

I just want to make sure if it's safe to use any of these services to broadcast my bitcoin transactions and making sure no one gets access to the user's funds if the user decides to push tx through these services)


Thanks in advance!

Yes it is safe.
It is impossible for someone to find your private key just from the transaction id/hex.
In fact, Raw TX are even displayed on block explorers like: blockchain.info (https://blockchain.info/tx/9021b49d445c719106c95d561b9c3fac7bcb3650db67684a9226cd7fa1e1c1a0?format=hex) (?format=hex added) which doesn't expose anything about security other than the transaction history.

There are some privacy concerns as the service could link the transaction with you (well, your IP address), but it's no worse than using a web wallet or Electrum with a public server.

Short answer: Yes, it is safe.

Long answer:
It doesn't matter whether you broadcast the TX yourself into the network (via own node) or you give your TX to an online service which broadcasts it for you.
Both does the same: Distributing your transaction.

The transaction has to be broadcasted to get propagated across the whole network.
If there would be a way to derive the private key out of a signed transaction (which has to be propagated between all nodes), btc would be broken.

A transaction basically contains inputs, outputs, verification (to prove the ownership).
There are no confidential information within a transaction.

In additional to the potentailly privacy issues mentioned above, localbitcoins (or whatever other similar service you may use) can potentially censor your transaction, which may be difficult for you to detect. They can do this for any reason, or for no reason, and because of the privacy issues mentioned above, they have the potential to censor your transaction for a reason specific to *you*.

With the above being said, I am not aware of any service you describe ever engaging in this practice for reasons other than their systems are misconfigured.

This is the data that ultimately makes its way onto the blockchain once your transaction is confirmed, and you cannot keep this private as this is your actual transaction. It is possible to effectively expose your private key with your signed transaction (hex data), however this will only happen if there is a problem with *your* wallet software you used to sign the transaction.

How (and why) should an online service (like localbitcoins) 'censor' a transaction just because it didnt get broadcastet by OP's node, but someone else's node?
I don't see a single reason why someone would 'block' transactions just because 'a 3rd party' broadcastet it.
Im not even sure if thats completely transparent (who exactly broadcastet this TX first; IP maybe? )?

The only information that can be derived from the tx is only public addresses and the amount you are sending, there is no way to get the private key from it's content.
You can check how raw transactions decode here:
https://blockchain.info/decode-tx
or here
https://live.blockcypher.com/btc/decodetx/

You can push your tx here:
https://live.blockcypher.com/btc/pushtx
https://blockchain.info/pushtx
https://blockdozer.com/insight/tx/send
https://coinb.in/#broadcast

Hope this information helps you.

The pushtx service cant stole your private key, but the problem is they can track you by your public address, ip address and in the worst case they can censor you transaction, creating a fake confirmed transaction in their system of blockchain explorer while the other wallet didnt received anything.

A "pushtx" service could censor a transaction by simply not broadcasting said transaction, possibly while saying the transaction was actually pushed, or by saying the transaction is somehow invalid. When a user uses a pushtx service, the only way the network sees the subject transaction is vis the node(s) of the pushtx service.

Why this type of service would want to censor a particular transaction could be a number of reasons. Maybe the service does not like the person, or maybe it is suspicious of the history of certain inputs that are being spent, or any other arbitrary reason.

In case you'll run into some problems mentioned by previous posters (getting your transactions censored, etc.), you can also push transactions via some lightweight wallets like Electrum. It has the same drawbacks as other tx pushers - Electrum servers will know your IP address, but you can choose out of many different servers and easily switch them, so it's more flexible than using one service all the time.

Any specific push tx services you guys would recommend?? So that there is no way we can run into that specific problem (of censorship)?

But not web-based, preferably something that can be used through an API or something similar.


Thanks in advance!

https://bitcointalk.org/index.php?topic=1938621.0

This post contains links to several tx pushing services (including mine), AND a link to Coding Enthusiast's Pusher, which is an application that uses a bunch of API's to allow you to push your tx to several nodes...