Encrypt a message to bitcoin address holder.

[jickiticky]

Hi Fellas!

Trying to find a way in which i can encrypt a message to someone who holds a btc address.

i have no issue with encrypting and decrypting using pubkey/privkey, but you dont know the pubkey to unused addresses and those are the ones that im targetting.

Any ideas are welcome, aslong as the decryption is possible only on the other end.

Transmission of the data is not in the scope and neither is strength of the said encryption. It should be decent ofc, if it can withstand 1-2 months of bruteforcing thats enough, 6 months would be really good and if we step into years, then its as good as unbreakable for this usage scenario.

and why the heck are pubkeys secret anyways since they will be visible on blockchain after 1st tx....

If you know of any protocol built into btc that can be used for this, that would be even better i guess.


Thanks

[1715133086]

1715133086

[1715133086]

1715133086

[1715133086]

1715133086

[1715133086]

1715133086

[1715133086]

1715133086

[n0nce]

and why the heck are pubkeys secret anyways since they will be visible on blockchain after 1st tx....

They're not secret; that's why they are called public keys. You can just publish one of your Bitcoin public keys (or addresses) anywhere and people can encrypt messages for you with it. It's this simple

Trying to find a way in which i can encrypt a message to someone who holds a btc address.

To encrypt something for someone you need to know their public key or address.

This also sounds like a cool idea: https://dealancer.medium.com/how-to-using-bitcoin-key-pairs-to-for-encrypted-messaging-a0a980e627b1

[BlackHatCoiner]

If the address has at least one spent output, it has revealed its public key and you can easily get it. Otherwise, you'll have to ask them give it to you which introduces other possible scenarios such as the man-in-the-middle attack. Internet providers can attack you like so if you hide the message by just exchanging public keys.

But, yeah. You can easily verify that a public key has not been modified if its address has UTXOs. For instance, you can run a node and verify that for the given public key, it indeed returns you your friend's address which provably has funds.

They're not secret; that's why they are called public keys. You can just publish one of your Bitcoin public keys (or addresses) anywhere

Having just the addresses isn't enough. There're one-way functions involved in the process of the address' generation. The public key cannot be derived from the address.

[jickiticky]

Thank you both for stating what i wrote in my 1st post, twice.

How do i get public key to someone who hasnt broadcasted a tx yet or who i dont have contact with?

Other options are welcome to, but the solution should be encrypted so that only the other side can decrypt it, just how pub/privkey system works.

I was thinking perhaps bitcoin has some functionality built for this?

Thanks

[n0nce]

How do i get public key to someone who hasnt broadcasted a tx yet or who i dont have contact with?

You don't have to get it to them. You have to get the public key from them.

I was thinking perhaps bitcoin has some functionality built for this?

If the question was if it's possible to encrypt a message if you only have the recipient's address, then no, an address is not enough to encrypt a message.

If your question was if it's possible to derive public key from address, then also no, here's a good explanation: https://bitcoin.stackexchange.com/a/48865.

In general this starts to sound a bit like an XY Problem to me. Maybe just take one step back and tell us what you actually want to do? It's often easier to find a solution this way.

[BitMaxz]

How do i get public key to someone who hasnt broadcasted a tx yet or who i dont have contact with?

You don't understand what they said above you can't be able to check the pubkey without any transaction being made.

The only way to know the pubkey on the target address if he created a transaction is by checking the sigscript.

Sample this transaction https://www.blockchain.com/btc/tx/350992007c1b72eee120aff791e376973fdd1721d21f1b0d9e4589d8527defec

Scroll down and look for ASM tab then inputs under sigscript you can find this

Code:

3045022100f86b485871d292be600ec823c392bb1f9558c8948d862b11e495d0cd1cd230d10220675032fff8082d0c128bb81ee5ef9d6de95429674cf563529e80aff984023ae601
03f31a0483767831b5ad12f53897af2f89b1225bf074806bb1a21ad7cae0d3d5c7

Then copy this one

Code:

03f31a0483767831b5ad12f53897af2f89b1225bf074806bb1a21ad7cae0d3d5c7

it's a public key in hex you can verify it by using this tool https://iancoleman.io/bitcoin-key-compression/ paste it on that tool it should show the Bitcoin address.

That's the only way to know the public key of someone's Bitcoin address I can't seem to find any tool yet to know the public key of any address without spend transactions.

[pooya87]

Transmission of the data is not in the scope and neither is strength of the said encryption.

The only way you could use an address would be if you used a system where the password (for encryption) were derived using the address and a secondary secret communicated between 2 parties separately.

For example a very simple implementation would be:
1. Alice sends secondary password through snail mail to Bob
2. Alice derives encryption password using SHA256(secondary password | address)
3. Alice encrypts the message using password from step 2
4. Alice sends the encrypted message to Bob
5. Bob repeats step 2 by having both inputs
6. Bob decrypts the message using step 5

Obviously it is so much easier and a lot safer to have their public key and encrypt a message that way using an algorithm such as ECIES.

I can't seem to find any tool yet to know the public key of any address without spend transactions.

It doesn't exist because it is not possible to reverse a hash.

[BlackHatCoiner]

That's the only way to know the public key of someone's Bitcoin address I can't seem to find any tool yet to know the public key of any address without spend transactions.

It's impossible to reverse a hash as written above by pooya87, but it also has to do with the address' type. If it's P2PK (which isn't used anymore) you can find the public key in the scriptPubKey without having any spent outputs. Those Satoshi-considered addresses are said to be in danger of theft due to their public key exposal.

Any other type, like P2SH or P2PKH, hashes the public key.

[vjudeu]

Any other type, like P2SH or P2PKH, hashes the public key.

That will change soon, because in P2TR all public keys are exposed.

[pooya87]

it also has to do with the address' type. If it's P2PK (which isn't used anymore) you can find the public key in the scriptPubKey

Technically P2PK is not an address, it is a script itself and obviously any script that contains the public key is the same.

That will change soon, because in P2TR all public keys are exposed.

Good point but keep in mind that there are currently 2 ways of spending a P2TR output, the key path spending where it would be similar to any other single sig output, and the script path spending where things could be a lot more complicated and the public key could be the aggregated key, the owner of that address may not be able to decrypt an encrypted message with this pubkey.

[TheArchaeologist]

Any other type, like P2SH or P2PKH, hashes the public key.

Nah, P2SH doesn't hash the public key it hashes a script hence the "Pay to script hash".

[PrimeNumber7]

For all intents and purposes, what you are asking is not possible. The process to get from the public key to the bitcoin address is compromised of hash functions, which are intended to be "one way".

The closest thing to what you are asking for is to require a signature to a very specific signed message you ask the keyholder to sign and your server would deliver the message, unencrypted. This would obviously not be encrypted, it would just be hidden. Once you have the signature, you would have access to the public key, and could then encrypt a message to the pubkey.

[HCP]

For all intents and purposes, what you are asking is not possible.

Exactly. If all you have is an address that has never spent any UTXOs... then it is simply not possible.

As everyone knows, without the public key, OP won't be able to encode anything that the private key holder will be able to decode using their private key.

Public Key -> Address is possible
Address -> Public Key is not

So, the private key holder needs to make that public key available to you in some way (either by explicitly sending it to you or by way of that public key already being "available" on the blockchain in a pre-existing transaction).

[PrimeNumber7]

For all intents and purposes, what you are asking is not possible.

Exactly. If all you have is an address that has never spent any UTXOs... then it is simply not possible.

As everyone knows, without the public key, OP won't be able to encode anything that the private key holder will be able to decode using their private key.

Public Key -> Address is possible
Address -> Public Key is not

Many people do not understand the difference between a hashing function and an encryption function. It doesn’t help that bitcoin uses both to get an address from a private key.

With an encryption function, you can trivially encrypt data to a public key that can only be decrypted by the private key. A hashing function takes an arbitrary amount of data and reduces it to a fixed amount of data. The data input into a hashing function cannot decrypt anything.

The size of the hash of 10 bits of data is the same as the hash of 10 TB of data, and everything in between. The only way to know if the hash of data is correct is to have access to the underlying data.

The OPs question as to why the public key of an address is initially secret can be rewritten to “why does bitcoin address generation involve one-way hashing functions”.  To that question, I don’t know, maybe another bitcoin expert can chime in on this.

[pooya87]

a hashing function and an encryption function. It doesn’t help that bitcoin uses both to get an address from a private key.

There is no encryption scheme defined in Bitcoin protocol.
To get an address from a private key we use Elliptic Curve Point multiplication to get public key and then a hash function to get the hash and an encoding algorithm to get the address (no encryption were used).

[PrimeNumber7]

a hashing function and an encryption function. It doesn’t help that bitcoin uses both to get an address from a private key.

There is no encryption scheme defined in Bitcoin protocol.
To get an address from a private key we use Elliptic Curve Point multiplication to get public key and then a hash function to get the hash and an encoding algorithm to get the address (no encryption were used).

You can encrypt data to a public key passed through the EDSCA function and the input to said function can decrypt said data.

In order to get the public key, the private key is passed through the EDSCA function.

[pooya87]

You can encrypt data to a public key passed through the EDSCA function and the input to said function can decrypt said data.

In order to get the public key, the private key is passed through the EDSCA function.

ECDSA is the digital signature algorithm not an encryption function nor is the function used to get public key from private key. https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm

To get public key we simply multiply private key by generator point https://en.wikipedia.org/wiki/Elliptic_curve_point_multiplication

To encrypt using ECC we use an algorithm such as ECIES which uses AES for encryption and the only time Elliptic Curve Cryptography (ECC) comes in is when we compute the AES encryption key by multiplying the public key with an ephemeral key.

[jickiticky]

Alright fellas.

So lets assume that i have the pubkey now. What type of encryption strength are we talking about?

Brute-forcing it would require what type of computational power?

Thanks

[pooya87]

So lets assume that i have the pubkey now. What type of encryption strength are we talking about?
Brute-forcing it would require what type of computational power?

It depends on the implementation. The implementation I've seen is from Electrum which uses ECIES with an underlying AES-128 (128-bit key + 128-bit IV) which is a very strong encryption algorithm.
The encryption key used in AES is created using the same elliptic curve cryptography used by bitcoin and has the same security.

See this answer on SE for cost and computational power needed to break it but it doesn't take into account the 128-bit initialization vector.