Encrypted Messaging with Bitcoin

[Jpja]

If I do not know the private key of address 1abcd.... is it possible for me to encrypt a message so that only the holder of the private key is able to decrypt the message?

[pedrog]

Yes, it is, that's how public-key cryptography works:

https://en.wikipedia.org/wiki/Public-key_cryptography

[DannyHamilton]

If I do not know the private key of address 1abcd.... is it possible for me to encrypt a message so that only the holder of the private key is able to decrypt the message?

Only if you know the public key.

It would make much more sense to use a cryptographic system that was designed for such a purpose though.

[Jpja]

The public key is not the same as the address, right? And an address' public key is only known after it has been sent from?

Why it makes sense ... imagine you want to contact the owner of an address. With messaging built into wallets, this will be possible. More specifically, I'm the developer of CounterTools, a Bitcoin wallet with Counterparty functionality. Occasionally people want to contact the owner of an asset.

I'll emphasis that messaging better be off-chain. It's faster and saves fees.

[CIYAM]

Assuming you do have the public key of the user you are going to send the message to then you can use the following: https://github.com/ciyam/ciyam/blob/master/src/crypto_keys.cpp#L550 in order to get a "shared secret".

This "shared secret" is what you'd then use to do your message encryption (using AES256 or similar) although you might also want to add salt.

[kushti]

Ciyam is right, do secp256k1-based ECDH then AES

[AliceWonderMiscreations]

Okay this is basic but am I correct in assuming that once you spend an input, the public key for the associated address is exposed?

I'm assuming that is the case, always have assumed that was the case, but...

[CIYAM]

Okay this is basic but am I correct in assuming that once you spend an input, the public key for the associated address is exposed?

Assuming it is a normal P2PKH tx then yes - the public key (and a valid signature) are provided in order to spend the UTXO (so assuming you know that user X owned UTXO Y and has spent it then you would know a public key for that user and could construct a message to send to them noting that in order for them to decode that message they would also need the public key for the private key you used to create the ECDH shared secret).

Of course the message format that you might choose would probably include both public keys to make it easier for the recipient.