Tool or method for finding public key of Bitcoin address

[release]

Hi guys. Just wandering  if their is a tool, script or method for finding the uncompressed public key of Bitcoin address. I have heard that you can if an addressed has sent funds. I haven't got a clue on how to find this information. Thanks

[1714530412]

1714530412

[1714530412]

1714530412

[witcher_sense]

Hi guys. Just wandering  if their is a tool, script or method for finding the uncompressed public key of Bitcoin address. I have heard that you can if an addressed has sent funds. I haven't got a clue on how to find this information. Thanks

In essence, bitcoin address is a hash of public key. Given that hash function is a one-way function, there are no methods or tools exist to calculate it "back". When you send your bitcoins, you are signing a message with your private key and also reveal your public key, so that everyone in the network can verify that you actually have a private key, meaning that you have a right to spend coins.

[ranochigo]

I actually posted[1] about this a few days back I think.

So the format of P2PKH sigscript is the signature followed by the public key. So basically, extract the sigscript, identify the signature and there should be a OP_Pushbytes_65 (since we're talking about uncompressed) which is 41 in hex. You should get the public key pertaining to that specific address.

You can probably write a script to separate and identify the public key pretty easily.

[1] https://bitcointalk.org/index.php?topic=5302887.msg55912788#msg55912788

[release]

Any way that's available I just thought that getting it from sigscript was only way possible

[release]

I actually posted[1] about this a few days back I think.

So the format of P2PKH sigscript is the signature followed by the public key. So basically, extract the sigscript, identify the signature and there should be a OP_Pushbytes_65 (since we're talking about uncompressed) which is 41 in hex. You should get the public key pertaining to that specific address.

You can probably write a script to separate and identify the public key pretty easily.

[1] https://bitcointalk.org/index.php?topic=5302887.msg55912788#msg55912788

Ok I get that but the full  public key is 130 characters. Is it the first 65 (X value)

[BlackHatCoiner]

Hi guys. Just wandering  if their is a tool, script or method for finding the uncompressed public key of Bitcoin address. I have heard that you can if an addressed has sent funds. I haven't got a clue on how to find this information. Thanks

An address that has never spent any coins hasn't revealed its public key. Public keys are hashed multiple times to get our addresses. Specifically, these are the steps of how we end up with an address:

1) We generate a 256-bit private key.

Code:

18e14a7b6a307f426a94f8114701e7c8e774e7f9a47e2c2035db29a206321725

2) We, then, perform ECDSA to get our public key (compressed):

Code:

0250863ad64a87ae8a2fe83c1af1a8403cb53f53e486d8511dad8a04887e5b2352

(Compressed means only the x coordinate. We don't have to carry the y since it can be calculated from y² = x³ + 7. Since y² returns 2 different values, we use the prefix 02 or 03 in front of the compressed public key to determine if y is odd or even)

3) We hash that compressed public key with SHA-256:

Code:

0b7c28c9b7290c98d7438e70b3d3f7c848fbd7d1dc194ff83f4f7cc9b1378e98

4) After that, we perform RIPEMD-160 hashing to the SHA-256 result:

Code:

f54a5851e9372b87810a8e60cdd2e7cfd80b6e31

5) Add version byte in front of RIPEMD-160 hash (00 for Main Network):

Code:

00f54a5851e9372b87810a8e60cdd2e7cfd80b6e31

6) Again, SHA-256 to the previous result:

Code:

ad3c854da227c7e99c4abfad4ea41d71311160df2e415e713318c70d67c6b41c

7) We hash the SHA-256 result with SHA-256 again:

Code:

c7f18fe8fcbed6396741e58ad259b5cb16b7fd7f041904147ba1dcffabf747fd

8) The first 4 bytes of the last SHA-256 result is address' checksum:

Code:

c7f18fe8

9) Extend the RIPEMD-160 hash from part 5 with these 4 bytes:

Code:

00f54a5851e9372b87810a8e60cdd2e7cfd80b6e31c7f18fe8

10) Convert this to base58 and here you go:

Code:

1PMycacnJaSqwwJqjawXBErnLsZ7RkXUAs

[from bitcoin.it]

Got a little off-topic, but anyway. As far as I know, you can find the uncompressed public key from the scriptSig of a transaction (P2PKH address).

Ok I get that but the full  public key is 130 characters. Is it the first 65 (X value)

You can do it pretty easily here: iancoleman.io/bitcoin-key-compression. You can also convert compressed public keys to uncompressed with the equation I mentioned above.

[release]

I am referring to addresses that have spent coins and therefore exposed public key.

[ranochigo]

Ok I get that but the full  public key is 130 characters. Is it the first 65 (X value)

I think it'll be easier to represent it in a transaction with an uncompressed public key.

Let's inspect this address: 1MsHWS1BnwMc3tLE8G35UXsS58fKipzB7a

TXID: 3410bc9f7671d30225678a870f8d695cad1af6f64b0a319a487d3b86540794ab
ScriptSig: 48

3045022100a9830934fffb69c597f68a1d5f5b6621a5d384ba4a4c81c316c08f652ed8036202206 cef70d41b95bfd53c6ee3cc0a69ab7c96d9a1ef18ffbf100505851ba53d266b01 - Signature

41

044f355bdcb7cc0af728ef3cceb9615d90684bb5b2ca5f859ab0f0b704075871aa385b6b1b8ead8 09ca67454d9683fcf2ba03456d6fe2c4abe2b07f0fbdbb2f1c1 - Public key.

Yes, you can interpret the last 130 characters (or 65 bytes) of a scriptsig as the public key. Clients generating uncompressed public keys are a rarity nowadays, given bech32 and the inefficiency of uncompressed public keys.

[release]

Ok I think I have found how to do that now. How about a method to do the reverse (turn uncompressed public key into address)? So I can verify that the public key I am gathering is correct.

[HCP]

Ok I think I have found how to do that now. How about a method to do the reverse (turn uncompressed public key into address)?

This online tool will do it for you: https://gobittest.appspot.com/Address

Just ignore the box labelled "0 - Private ECDSA Key"... and put the public key in the box labelled "1 - Public ECDSA Key" and then press "Send"... it'll show you the step by step guides and the address at the bottom... but the method is basically the same as BlackHatCoiner posted above:

1 - Public ECDSA Key

Code:

044F355BDCB7CC0AF728EF3CCEB9615D90684BB5B2CA5F859AB0F0B704075871AA385B6B1B8EAD809CA67454D9683FCF2BA03456D6FE2C4ABE2B07F0FBDBB2F1C1

2 - SHA-256 hash of 1

Code:

34D7F0FE7AFE22D2BE114044D87F928C7F9044B0F104696E51594890F38CCD15

3 - RIPEMD-160 Hash of 2

Code:

E4E517EE07984A4000CD7B00CBCB545911C541C4

4 - Adding network bytes to 3

Code:

00E4E517EE07984A4000CD7B00CBCB545911C541C4

5 - SHA-256 hash of 4

Code:

A3FEB7F37B0EC2B6C7E8B7F8C24C5A2F57FAD84BD56861EE5872B335C9F720D0

6 - SHA-256 hash of 5

Code:

532576DD2D179AD8377DEC7EA13D447D1345A857AA5A904B4ED4AC67B5888B75

7 - First four bytes of 6

Code:

532576DD

8 - Adding 7 at the end of 4

Code:

00E4E517EE07984A4000CD7B00CBCB545911C541C4532576DD

9 - Base58 encoding of 8

Code:

1MsHWS1BnwMc3tLE8G35UXsS58fKipzB7a

[o_e_l_e_o]

Ok I get that but the full  public key is 130 characters. Is it the first 65 (X value)

A full public key is 130 hexadecimal characters, which corresponds to 520 bits. This is composed of the following three things concatenated (joined) together:

Code:

Prefix byte - always 04 for uncompressed public keys
x coordinate - 256 bit number (64 characters)
y coordinate - 256 bit number (64 characters)

A compressed public key is 66 hexadecimal characters, which corresponds to 264 bits. This is composed of the following two things concatenated together:

Code:

Prefix byte - either 02 or 03, depending on whether the y coordinate is even or odd respectively
x coordinate - 256 bit number (64 characters)

Because of the nature of the elliptic curve that bitcoin uses, each x coordinate can produce two valid y coordinates, one of which will be even and one of which will be odd. Knowing the x coordinate and whether y is even or odd allows you to calculate the correct y coordinate.

This online tool will do it for you: https://gobittest.appspot.com/Address

If you don't care about the steps and just want the final result, then the link BlackHatCoiner shared above - https://iancoleman.io/bitcoin-key-compression/ - might be better, since it will automatically compress or uncompress your public key and provide both addresses.

[release]

Thanks that helps. The issue I am still having is that when a address sends btc and I look at the scriptsig and extract the last 130 hex characters and enter it it the tools suggested in this thread it doesn't have any relation to the address or it's an invalid public key.

[ranochigo]

The issue I am still having is that when a address sends btc and I look at the scriptsig and extract the last 130 hex characters and enter it it the tools suggested in this thread it doesn't have any relation to the address or it's an invalid public key.

Are you sure that it's an uncompressed key? Is it a bech32 or other forms of address type? Most of the keys are compressed public keys and you'll be looking at 66 hex characters or 33 bytes. Could you give an example of the transaction in question?

[pooya87]

You will continue being confused and will face new problems any time you see a different transaction from the last one you saw when you jump in at the middle instead of starting at the beginning!
You should start by first understanding the structure of a transaction (https://developer.bitcoin.org/reference/transactions.html#raw-transaction-format) then follow it up by learning how bitcoin scripts work (https://en.bitcoin.it/wiki/Script) and finally start looking at transactions to try and find the public keys in them.

[HCP]

Thanks that helps. The issue I am still having is that when a address sends btc and I look at the scriptsig and extract the last 130 hex characters and enter it it the tools suggested in this thread it doesn't have any relation to the address or it's an invalid public key.

As a worked example... have a look at this recent tranasction: https://www.blockchain.com/btc/tx/bee2768770f68a31543eda6fd40da75e4432f434cf8c3312497cdeebb4a2ac6c

If we look at the sigscript:

Code:

47304402200c794238b992fbdda63b1606edc07c5b48a29e003e7cf9d4894baa7baf3b063b022012ed8593d439dc05e3639d60434028e8b0a2207a139ec58bf5e719e019f09485012102ebb666614f5faff4aa43e5f1be868ebc5f1be67c8553924410d8d0111a9912d2

Firstly we try the final 130 chars:

Code:

8593d439dc05e3639d60434028e8b0a2207a139ec58bf5e719e019f09485012102ebb666614f5faff4aa43e5f1be868ebc5f1be67c8553924410d8d0111a9912d2

Doesn't begin with "04", so it's not an uncompressed key... not surprising, given that it is a relatively recent transaction and most legacy addresses used today will be using "compressed" keys.


Then we try the final 66:

Code:

02ebb666614f5faff4aa43e5f1be868ebc5f1be67c8553924410d8d0111a9912d2

"02", so it's likely a compressed public key... if we put that into the Address tool I listed earlier, we can see it outputs:



Which matches the bitcoin address from the transaction:




NOTE: This tool was not designed for "compressed" keys... it will complain that it has an "invalid public key length":


But it will still generate the correct address.




Now, let's look at this much older transaction: https://www.blockchain.com/btc/tx/b9d69463c500b81dc2ff600d0b528b15fb816c4dab11e424151de0bcbea7f26f

The sigscript of the first input is:

Code:

473044022018c35ebde490ca56f6d073a20ec3199f461ee9c99d2c020fdecd8711bdb9cc5802205fd0ce0f61ee2566cafd4254bc1d34a4fcf02d2a55c281a0a95a8c332bff2443014104f52193d56ffda6ef5fbc3b4ada7768c347321f47f1a999b0ca9b8374d8228275ee2c1ecf45c718538288667ad367f97a00116bd0630c76cc01f26161ce70057a

The last 130 chars are:

Code:

04f52193d56ffda6ef5fbc3b4ada7768c347321f47f1a999b0ca9b8374d8228275ee2c1ecf45c718538288667ad367f97a00116bd0630c76cc01f26161ce70057a

Starts with 04... quite likely an uncompressed public key... So, feeding that into the tool:



And we can see the address checks out:

[AH00RA]

thanks for your response.

if we have a transaction like this :
https://www.blockchain.com/explorer/addresses/btc/13zb1hQbWVsc2S7ZTZnP2G4undNNpdh5so

then we have just input in this wallet address but we do not see any output from wallet,
so we can not gain any 130 or 66 character pubkey from sigscript.

we have only pkscript like this :
Pkscript
OP_DUP
OP_HASH160
20d45a6a762535700ce9e0b216e31994335db8a5
OP_EQUALVERIFY
OP_CHECKSIG

i want to ask you ,
 if we have only HASH160 then How to findout publickey (comprssd or uncomprssd) for that address ??

[digaran]

thanks for your response.

if we have a transaction like this :
https://www.blockchain.com/explorer/addresses/btc/13zb1hQbWVsc2S7ZTZnP2G4undNNpdh5so

then we have just input in this wallet address but we do not see any output from wallet,
so we can not gain any 130 or 66 character pubkey from sigscript.

we have only pkscript like this :
Pkscript
OP_DUP
OP_HASH160
20d45a6a762535700ce9e0b216e31994335db8a5
OP_EQUALVERIFY
OP_CHECKSIG

i want to ask you ,
 if we have only HASH160 then How to findout publickey (comprssd or uncomprssd) for that address ??

Well, a bite that big might choke you, first you need to grow some teeth before starting to chew. 😉
If you haven't figured out how these puzzles and in general Bitcoin works, whatever you are attempting is not going to work.
Now to answer your question, if an address has any output( sending out) then you can derive the public key by going to this site called Bitcointools.site in there you can insert address and if that address has any spent transaction recorded on block chain, it will show it to you.

Technically though, the only way to find that address's public key aka puzzle #66, you either brute force to find the private key or you'd try to break 2 hash functions to get the "public key". To reverse 2 hash functions, you'd need to at least brute force 2^81 different  hashes, but brute forcing for private key would only take a maximum 2^66 key generation processes.
If by any chance you are from middle east, you might find your native language topic here :
https://bitcointalk.org/index.php?board=11.0

[pooya87]

if we have only HASH160 then How to findout publickey (comprssd or uncomprssd) for that address ??

Since hash algorithms are irreversible, it is not possible to compute the message (public key in case of the output script you posted) from the hash digest.

[AH00RA]

ok.
brute forcing private keys of a btc ddress may take less than public keys but some codes need to work with pubkeys...
for example , keyhunt in bsgs mode, works faster than other tools in this case.
so this tool has an input file or single pubkey to work on it and find the privatekey .

Now for these puzzles (that have no output transactions) we have no pubkeys and we can not use bgsg mode of keyhunt.
is this correct ??

[ecdsa123]

ok.
brute forcing private keys of a btc ddress may take less than public keys but some codes need to work with pubkeys...
for example , keyhunt in bsgs mode, works faster than other tools in this case.
so this tool has an input file or single pubkey to work on it and find the privatekey .

Now for these puzzles (that have no output transactions) we have no pubkeys and we can not use bgsg mode of keyhunt.
is this correct ??

No. The answer is , yes you can try use BSGS in this example.

I have designed my own version in Sagemath + Python for find public key when we only knows "hash160 ripemd".

this is another solution but is not fast. and even when you will find , you only find one of 2**96 possibilites