Hi all,

I've written this python library that encrypts messages for a particular Bitcoin public key from a particular public key.  The message content is provably from the sender's Bitcoin address.  It is also hidden as ciphertext en route.  Only the recipient Bitcoin address can decrypt the contents.

Here's how it works.

a secret shared key between sender and receiver is created in the following way:

  - the sender scrapes the Blockchain (or some other source) for the recipient's public key.  Any transaction signed with pay_to_pubkey hash reveals the address's public key.  I wrote a small utility that scrapes this key, if available from transaction scripts, using the Blockchain.info API (although any other source would suffice).

 - Using the recipient's public key, the sender multiplies that point on the elliptic curve by his private key (ie the integer it represents).  A new point is created.

 - The new created point's coordinates map to a 32 byte string that is the shared secret key.

 - Meanwhile the sender broadcasts his public key as part of the encrypted message.  The recipient uses his private key to mulitply by the public point of the sender.  He should arrive at the same point calculated by the sender.  This maps again to the shared secret key.

Then I use AES-CBC to symmetrically encrypt the message contents using the shared secret key.

Finally, a timestamp is included in the encrypted message.  Received messages are only valid within X seconds of their creation by the sender.  This is a simple method to limit reply attacks to a brief window. 

This was my first foray into crypto, so I'd appreciate feedback and corrections.  Don't use this library as a finished product, as it has not been reviewed.  There could well be glaring errors I've missed.  I'm not a professional cryptographer so... take it with a grain of salt.

Great answer.  Thank you.

Hi, I'm writing code that needs to deserialize raw Bitcoin transactions in python AND gives the destination address of an output.  I am already doing this with pybitcointools, but outputs are shown in the form:

{'value': 1000000, 'script': '76a914b0dcbf97eabf4404e31d952477ce822dadbe7e1088ac'}    only.  Note how the destination address is not shown.

By contrast, Bitcoin has decoderawtransaction, and it DOES yield the destination address.  ,
"vout" : [
{
"value" : 0.01000000,
"n" : 0,
"scriptPubKey" : {
"asm" : "OP_DUP OP_HASH160 b0dcbf97eabf4404e31d952477ce822dadbe7e10 OP_EQUALVERIFY OP_CHECKSIG",
"hex" : "76a914b0dcbf97eabf4404e31d952477ce822dadbe7e1088ac",
"reqSigs" : 1,
"type" : "pubkeyhash",
"addresses" : [
"1H8ANdafjpqYntniT3Ddxh4xPBMCSz33pj"
]




However, I'm trying to write code that does not trust nodes to do any deserializing on my behalf.  The code is not running a full node, and I don't want it merely to trust another node to deserialize correctly.  I want to do it myself, again, without running the full node. 

I also know how to confirm a public key and public-key-script.  But, of course, I don't have access to the public key of any random Bitcoin public address.  Currently I have no idea how native Bitcoin figures out the destination address if all that is written is the script itself.  Maybe it's simply that pybitcointools is neglecting to include part of the data that exists in the raw transaction.  In that case, I need help better deserializing the raw transaction.

Thanks!

http://barisser.com/BTC.php

I wrote this in response to common, fallacious arguments against Bitcoins since the latest crash.  A lot of articles in mainstream news sources seem to draw some unfair conclusions from the recent speculative bubble.

Check it out, give me feedback, written for the Bitcoin skeptic.

Thanks.