Bitcoin Forum
January 21, 2020, 08:35:50 AM *
News: Latest Bitcoin Core release: 0.19.0.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Encrypt a message with bitcoin public key?  (Read 2287 times)
jorschs
Member
**
Offline Offline

Activity: 324
Merit: 11


View Profile
November 06, 2015, 07:35:10 PM
 #1

Hi,

just wanted to ask if it's possible to encrypt a message using somebody's bitcoin address in order he is the only one able to read that message using his secret key. I mean, just like RSA..

I guess that should work but was doing a little search about and found this: https://bitcointalk.org/index.php?topic=238714.0

Thank you.
1579595750
Hero Member
*
Offline Offline

Posts: 1579595750

View Profile Personal Message (Offline)

Ignore
1579595750
Reply with quote  #2

1579595750
Report to moderator
1579595750
Hero Member
*
Offline Offline

Posts: 1579595750

View Profile Personal Message (Offline)

Ignore
1579595750
Reply with quote  #2

1579595750
Report to moderator
Once a transaction has 6 confirmations, it is extremely unlikely that an attacker without at least 50% of the network's computation power would be able to reverse it.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1579595750
Hero Member
*
Offline Offline

Posts: 1579595750

View Profile Personal Message (Offline)

Ignore
1579595750
Reply with quote  #2

1579595750
Report to moderator
1579595750
Hero Member
*
Offline Offline

Posts: 1579595750

View Profile Personal Message (Offline)

Ignore
1579595750
Reply with quote  #2

1579595750
Report to moderator
DannyHamilton
Legendary
*
Offline Offline

Activity: 2324
Merit: 1675



View Profile
November 06, 2015, 07:39:35 PM
Last edit: November 09, 2015, 10:24:33 PM by DannyHamilton
 #2

Hi,

just wanted to ask if it's possible to encrypt a message using somebody's bitcoin address in order he is the only one able to read that message using his secret key. I mean, just like RSA..

I guess that should work but was doing a little search about and found this: https://bitcointalk.org/index.php?topic=238714.0

Thank you.

A bitcoin address is NOT a public key (that can be used for asymmetric encryption).

Therefore, if the only thing you have is the bitcoin address, then you won't be able to encrypt the file.  You'll need the person to provide you with the public key that the address was generated from.

Even if you have the public key, you've already discovered from the page you linked to that ECDSA is a signature algorithm and is not designed for encryption.  If you really want to do so, even though it's a bad idea, you can take a look at this:

https://github.com/jackjack-jj/jeeq

jorschs
Member
**
Offline Offline

Activity: 324
Merit: 11


View Profile
November 06, 2015, 07:43:34 PM
 #3

Thank you DannyHamilton, very helpfull explanation.
achow101
Moderator
Legendary
*
expert
Offline Offline

Activity: 2016
Merit: 3010


bc1qshxkrpe4arppq89fpzm6c0tpdvx5cfkve2c8kl


View Profile WWW
November 06, 2015, 08:07:15 PM
 #4

As DannyHamilton said, you would need to get the public key from the person who owns the address. Either they give it to you or you can see if they spent from the address and pull the public key from the scriptsig in one of their transactions.

In order to encrypt something, you would need to use some encryption algorithm that can use such public keys, like PGP. It is possible to use a bitcoin public key as a PGP public key, but it is not recommended since those key pairs are only 256 bit when a PGP key is at least 1024, if not higher for more security.

bit22gen
Jr. Member
*
Offline Offline

Activity: 45
Merit: 1


View Profile
November 06, 2015, 08:14:18 PM
 #5

It is possible to perform public key encryption using elliptic curves,
it is called ECIES, see for example:

http://www.johannes-bauer.com/compsci/ecc/

Encryption with the bitcoin elliptic curve is for example implemented in the Electrum wallet.

Use "Tools->Encrypt/Decrypt message".

In order to encrypt the public key should be used, not the bitcoin address.
The public key is a hex string that starts with "02", "03" or "04".

bit22gen
Jr. Member
*
Offline Offline

Activity: 45
Merit: 1


View Profile
November 06, 2015, 08:42:40 PM
 #6

Here is the python code for the electrum ECIES encryption:

https://github.com/mazaclub/electrum-nmc/blob/master/lib/bitcoin.py

See encrypt_message() and decrypt_message().



==============================
 def encrypt_message(self, message, pubkey):

        pk = ser_to_point(pubkey)
        if not ecdsa.ecdsa.point_is_valid(generator_secp256k1, pk.x(), pk.y()):
            raise Exception('invalid pubkey')

        ephemeral_exponent = number_to_string(ecdsa.util.randrange(pow(2,256)), generator_secp256k1.order())
        ephemeral = EC_KEY(ephemeral_exponent)
        ecdh_key = point_to_ser(pk * ephemeral.privkey.secret_multiplier)
        key = hashlib.sha512(ecdh_key).digest()
        iv, key_e, key_m = key[0:16], key[16:32], key[32:]
        ciphertext = aes_encrypt_with_iv(key_e, iv, message)
        ephemeral_pubkey = ephemeral.get_public_key(compressed=True).decode('hex')
        encrypted = 'BIE1' + ephemeral_pubkey + ciphertext
        mac = hmac.new(key_m, encrypted, hashlib.sha256).digest()

        return base64.b64encode(encrypted + mac)
==============================

jorschs
Member
**
Offline Offline

Activity: 324
Merit: 11


View Profile
November 06, 2015, 09:29:37 PM
 #7

Thank you all. As far as security is a concern for me I understand from your words that using public key for encryption purposes is not a good idea. Once again tank you for your kind help.
bit22gen
Jr. Member
*
Offline Offline

Activity: 45
Merit: 1


View Profile
November 06, 2015, 09:41:46 PM
 #8

The PGP keys use RSA instead of ECC, and RSA require much longer key size for the same security:

See for example:
http://www.linuxjournal.com/content/elliptic-curve-cryptography

The bitcoin 256 bit key corresponds to a 3072 RSA key.

Comparison of RSA and ECC key sizes from the article:

 RSA Key Size      ECC Key Size
===================================
1024              160
2048              224
3072              256
7680              384
15360              512

jorschs
Member
**
Offline Offline

Activity: 324
Merit: 11


View Profile
November 06, 2015, 10:10:26 PM
 #9

Then I could have a good level of security with a 256 bit bitcoin key?
bit22gen
Jr. Member
*
Offline Offline

Activity: 45
Merit: 1


View Profile
November 06, 2015, 10:24:14 PM
 #10

The security of the ECIES encryption is equally strong as the ECDSA that bitcoin use.

You would have to compute the discrete logarithm in order to break it.

In bitcoin use there is an additional layer of security since the bitcoin address is computed from the public key using a one way function.

However, if a bitcoin address is reused, the additional layer of protection is lost since the public key is possible to compute
when the signed message is given in the transaction.

And bitcoin addresses are beeing reused without any reports of stolen funds.

Older wallets reuse addresses without any reports of missing bitcoins.
In that case there is no additional protection layer, and the security of the bitcoin elliptic curve protects the bitcoins.

More information about the security of the bitcoin elleptic curve can be found here:
https://bitcointalk.org/index.php?topic=380482.0
gmaxwell
Moderator
Legendary
*
qt
Offline Offline

Activity: 2940
Merit: 3051



View Profile
November 06, 2015, 11:04:48 PM
 #11

A bitcoin address is NOT a public key.
A bitcoin address absolutely IS a (serialization of a) public key,  it is a public key for the Bitcoin Script digital signature system. This system CANNOT be used for encryption, but signatures only.

If it were not a public key, you couldn't use it to identify the party authorized to release bitcoins. Smiley

The bitcoin address commits to, via hashing, an ECC public key, a cryptographic system used inside the Bitcoin digital system.  These keys could potentially be used for message encryption, if you were to get that EC public point somehow.

But then you need to ask the question _WHY_ you would want to do this?  It is usually strongly recommended that people not reuse the same keys for different application because the composite usage can result in insecurity. There are many pre-existing encryption systems which are competently constructed, and you could sign their public keys using a bitcoin signmessage.

Many of the "sign with bitcoin keys" things which have been constructed have been outright incompetent and insecure. So why would you not use standard tools but instead something novel and custom that probably has had no competent cryptographic review.\

The PGP keys use RSA instead of ECC, and RSA require much longer key size for the same security:
PGP now also supports ECC keys.

The security of the ECIES encryption is equally strong as the ECDSA that bitcoin use.
You would have to compute the discrete logarithm in order to break it.
This is not, pedantically, true.  ECIES requires a secure message authentication scheme, a secure message cipher, and a strong random number generator. If any of these (or their implementations) have weaknesses then you can compromise the confidentiality of encrypted messages without being able to find a discrete log.
makcik
Full Member
***
Offline Offline

Activity: 140
Merit: 100


View Profile
November 07, 2015, 04:14:41 PM
 #12

Bitcoins have provided a secure way always for making transactions safer between wallets. As everyone knows, bitcoins uses address as keys for sending and receiving bitcoins. Now, you may want to send a message to the person whom you are sending bitcoins. Fortunately, this is possible now because of ECDSA system from cryptocurrency.
In this system, you can encrypt the message with your wallet address or public key and the person will have to enter your address or private key to see that message. It's a quite interesting feature and maintains 100% privacy with the people.
gmaxwell
Moderator
Legendary
*
qt
Offline Offline

Activity: 2940
Merit: 3051



View Profile
November 07, 2015, 06:27:14 PM
Last edit: November 09, 2015, 08:15:08 PM by gmaxwell
 #13

Now, you may want to send a message to the person whom you are sending bitcoins. Fortunately, this is possible now because of ECDSA system from cryptocurrency.
It is not-- a bitcoin address cannot be used for (asymmetric) encryption.  They could send you the related EC point as well, but since they must send you additional data in any case at the time they send you the address, they could just as well send a public key for a system specifically designed for message encryption.
luv2drnkbr
Hero Member
*****
Offline Offline

Activity: 794
Merit: 1001



View Profile
November 09, 2015, 03:10:11 PM
 #14

OP, you could use EC multiplication to multiply their public key with your private key, which would produce the same public key output that they would get by multiplying their private key by your public key.  So you use that resulting public key as the encryption password/key and encrypt with AES or something.  The very act of decryption also authenticates the message as being from you.  If you want to send a message anonymously, just generate a new random key and include its public key in cleartext with the encrypted message.

DannyHamilton
Legendary
*
Offline Offline

Activity: 2324
Merit: 1675



View Profile
November 09, 2015, 03:27:08 PM
 #15

a bitcoin address cannot be used for encryption.

A bitcoin address absolutely can be used for encryption. As long as only the sender and receiver know the bitcoin address, it can be used as a symmetric-key with 160 bits of entropy.  This system doesn't work well if the key has already been used in a transaction, and since there's a need to give the key to the other party via a secure channel there really isn't much benefit to using a bitcoin address as the key. However, as long as we are playing with semantics in this thread, it isn't entirely accurate to say that a bitcoin address can't be used for encryption.

 Wink

gmaxwell
Moderator
Legendary
*
qt
Offline Offline

Activity: 2940
Merit: 3051



View Profile
November 09, 2015, 08:15:21 PM
 #16

Happy? Tongue
DannyHamilton
Legendary
*
Offline Offline

Activity: 2324
Merit: 1675



View Profile
November 09, 2015, 10:24:52 PM
 #17

Happy? Tongue

Yep.  Fixed mine too...

https://bitcointalk.org/index.php?topic=1239463.msg12904696#msg12904696

Happy?

 Grin

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!