Bitcoin Forum
June 14, 2024, 11:06:58 PM *
News: Latest Bitcoin Core release: 27.0 [Torrent]
 
   Home   Help Search Login Register More  
Bitcoin Forum > Bitcoin > Bitcoin Discussion > Question regarding security of public key exposure during signing
Pages: [1]
« previous topic next topic »
  Print  
Author Topic: Question regarding security of public key exposure during signing  (Read 350 times)
cbtc645 (OP)
Newbie
*
Offline Offline

Activity: 1
Merit: 0


View Profile
May 02, 2016, 05:12:34 PM
 #1
Hello,

I've recently been reading Blockchain Programming in C# (NBitcoin) and came across this tidbit:

Elliptic Curve Cryptography, the cryptography used by your public key and private key) is
vulnerable to a modified Shor's algorithm for solving the discrete logarithm problem on
elliptic curves. In plain English, it means that, with a quantum computer, in theory, it is
possible in some distant future to retrieve a private key from a public key.
By publishing the public key only when the coin are spend, such attack is rendered
ineffective. (assuming addresses are not reused)

I'd like some clarification here: is the public key only exposed during a transaction because of the transaction signature? To my understanding a public key may be retrieved from an ECDSA signature. The public key cannot be derived from the script hash due to the hash being an irreversible operation.

If the above is true, then does that mean in the distant future, signing messages for the purpose of verification as well as holding funds on an address which has already been used may be compromised?

Thanks in advance for any clarification.
akumaburn
Sr. Member
****
Offline Offline

Activity: 281
Merit: 250


The Gold Standard of Digital Currency.


View Profile
May 02, 2016, 05:39:29 PM
 #2
Yes.

Even now it is feasible if you have a true quantum computer with enough Qubits.

I hear the military is racing to find Quantum Proof encryption for this very reason.

More reading:
http://www.claymath.org/sites/default/files/pvsnp.pdf
http://blog.computationalcomplexity.org/2007/02/on-np-in-bqp.html
https://en.wikipedia.org/wiki/Grover%27s_algorithm

EDIT (more reading Smiley ):
https://eprint.iacr.org/2015/1018.pdf
DannyHamilton
Legendary
*
Offline Offline

Activity: 3416
Merit: 4658



View Profile
May 02, 2016, 07:12:03 PM
 #3
Quote from: cbtc645 on May 02, 2016, 05:12:34 PM
If the above is true, then does that mean in the distant future, signing messages for the purpose of verification as well as holding funds on an address which has already been used may be compromised?

Yes.

Signing a message with the private key for an address, or re-using an address that has sent bitcoins in the past will reveal the public key.

This is one of several reasons why it is a "best practice" to NEVER re-use an address.  You should always generate a new address for EVERY transaction output that you receive.
Pages: [1]
  Print  
Bitcoin Forum > Bitcoin > Bitcoin Discussion > Question regarding security of public key exposure during signing
 « previous topic next topic »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!