How to hide public key of Bitcoin Address?

[NinjaBitcoiner]

I know revealing public key is safe. I know that but still i have few questions.
So currently BTC has 3 Address formats as follows
1. Legacy Address (begins with 1... a.k.a P2PKH )
2. Non-Native Segwit Address (begins with 3... a.k.a P2SH )
3. Segwit Address (begins with bc1... a.k.a P2WPKH)

Questions
1.) I know 100% that when you send bitcoins from legacy Address (P2PKH) then your public key gets revealed in transaction signature So this is also true in case of other Address formats (P2SH and P2WPKH) ?

2.) I see Some Addresses do not reveal the public key even if they have spent their bitcoins like this address here - https://www.blockchain.com/btc/address/3BJKWL5ipkVe2bjkRSt6ZNbVWQaRrEFjMs     So How can this be possible?

3.) How can i hide my public key while still Re-using the same address for spending? I suppose it's possible because the address i mentioned in question 2 is able to achieve that.

[1714828623]

1714828623

[1714828623]

1714828623

[1714828623]

1714828623

[1714828623]

1714828623

[hosseinimr93]

1.) I know 100% that when you send bitcoins from legacy Address (P2PKH) then your public key gets revealed in transaction signature So this is also true in case of other Address formats (P2SH and P2WPKH) ?

Yes, your public key is always revealed. Since nodes need your public key for verifying your transaction, you have to reveal it.

2.) I see Some Addresses do not reveal the public key even if they have spent their bitcoins like this address here - https://www.blockchain.com/btc/address/3BJKWL5ipkVe2bjkRSt6ZNbVWQaRrEFjMs     So How can this be possible?

The address in question is a multi-signature address and has been generated using three different public keys.
I don't know how, but it should be possible to derive all the three public keys from data of a transaction made from that address.

3.) How can i hide my public key while still Re-using the same address for spending? I suppose it's possible because the address i mentioned in question 2 is able to achieve that.

I don't see any reason for hiding the public key and I said above, you have to reveal your public key whenever you make a transaction.

[jackg]

None of your examples hide the public key and there's no way of doing that without using a different coin.

2.) I see Some Addresses do not reveal the public key even if they have spent their bitcoins like this address here - https://www.blockchain.com/btc/address/3BJKWL5ipkVe2bjkRSt6ZNbVWQaRrEFjMs     So How can this be possible?

The address in question is a multi-signature address and has been generated using three different public keys.
I don't know how, but it should be possible to derive all the three public keys from data of a transaction made from that address.

It seems they make up the redeem script and can be unscramble that way..

From https://en.bitcoin.it/wiki/BIP_0067#Specification:

Code:

022df8750480ad5b26950b25c7ba79d3e37d75f640f8e5d9bcd5b150a0f85014da
   03e3818b65bcc73a7d64064106a859cc1a5a728c4345ff0b641209fba0d90de6e9 
   021f2f6e1e50cb6a953935c3601284925decd3fd21bc445712576873fb8c6ebc18

You get (after sorting)

Code:

OP_2 021f2f6e1e50cb6a953935c3601284925decd3fd21bc445712576873fb8c6ebc18 

022df8750480ad5b26950b25c7ba79d3e37d75f640f8e5d9bcd5b150a0f85014da 

03e3818b65bcc73a7d64064106a859cc1a5a728c4345ff0b641209fba0d90de6e9 OP_3 OP_CHECKMULTISIG

Which is a redeem script

[pooya87]

3.) How can i hide my public key while still Re-using the same address for spending? I suppose it's possible because the address i mentioned in question 2 is able to achieve that.

I don't see any reason for hiding the public key and I said above, you have to reveal your public key whenever you make a transaction.

Correct but even if you didn't have to include the public key alongside the signature in your transactions, the public key could still be derived from the ECDSA signature that you had provided. In fact this is how signing messages work, you only provide the address + message + signature and in order to verify that message others could easily derive your public key and perform the verification.
That is how ECDSA and asymmetric cryptography work.

[NinjaBitcoiner]

None of your examples hide the public key and there's no way of doing that without using a different coin.

2.) I see Some Addresses do not reveal the public key even if they have spent their bitcoins like this address here - https://www.blockchain.com/btc/address/3BJKWL5ipkVe2bjkRSt6ZNbVWQaRrEFjMs     So How can this be possible?

The address in question is a multi-signature address and has been generated using three different public keys.
I don't know how, but it should be possible to derive all the three public keys from data of a transaction made from that address.

It seems they make up the redeem script and can be unscramble that way..

From https://en.bitcoin.it/wiki/BIP_0067#Specification:

Code:

022df8750480ad5b26950b25c7ba79d3e37d75f640f8e5d9bcd5b150a0f85014da
   03e3818b65bcc73a7d64064106a859cc1a5a728c4345ff0b641209fba0d90de6e9 
   021f2f6e1e50cb6a953935c3601284925decd3fd21bc445712576873fb8c6ebc18

You get (after sorting)

Code:

OP_2 021f2f6e1e50cb6a953935c3601284925decd3fd21bc445712576873fb8c6ebc18 

022df8750480ad5b26950b25c7ba79d3e37d75f640f8e5d9bcd5b150a0f85014da 

03e3818b65bcc73a7d64064106a859cc1a5a728c4345ff0b641209fba0d90de6e9 OP_3 OP_CHECKMULTISIG

Which is a redeem script

So this redeem script is same as public key?
I mean for multi-sig wallet it's harder to find public key if there's output transactions?

1.) I know 100% that when you send bitcoins from legacy Address (P2PKH) then your public key gets revealed in transaction signature So this is also true in case of other Address formats (P2SH and P2WPKH) ?

Yes, your public key is always revealed. Since nodes need your public key for verifying your transaction, you have to reveal it.

2.) I see Some Addresses do not reveal the public key even if they have spent their bitcoins like this address here - https://www.blockchain.com/btc/address/3BJKWL5ipkVe2bjkRSt6ZNbVWQaRrEFjMs     So How can this be possible?

The address in question is a multi-signature address and has been generated using three different public keys.
I don't know how, but it should be possible to derive all the three public keys from data of a transaction made from that address.

3.) How can i hide my public key while still Re-using the same address for spending? I suppose it's possible because the address i mentioned in question 2 is able to achieve that.

I don't see any reason for hiding the public key and I said above, you have to reveal your public key whenever you make a transaction.

If all 3 address's types reveals public key when you send bitcoins then what's the additional advantage of using newer btc address types say Taproot one's (except the lower fees benefit) ?

[LoyceV]

3.) How can i hide my public key while still Re-using the same address for spending?

Why do you want to hide the public key?
You're looking in the wrong direction for a solution, the real solution is to not reuse the same address.

For what it's worth: I'm reusing certain addresses too, because it's convenient.

[pooya87]

So this redeem script is same as public key?
I mean for multi-sig wallet it's harder to find public key if there's output transactions?

Bitcoin scripts are essentially smart contracts. Each time you create a transaction you are providing an "unlocking script" that provides required data and commands that can "unlock" the coins that are available on the blockchain. This script can be a simple signature + public key or a more complex one that contains conditions (branches), timelocks, hash operations alongside public keys and signatures, etc.

If all 3 address's types reveals public key when you send bitcoins then what's the additional advantage of using newer btc address types say Taproot one's (except the lower fees benefit) ?

Lower tx weight hence lower fee.
Help increase block capacity (improve scaling).
Faster verification time for full nodes.
Avoid malleability problems.
Access to new features introduced in newer address types such as public key aggregation in Schnorr signatures.

[hosseinimr93]

I mean for multi-sig wallet it's harder to find public key if there's output transactions?

No. It's not really hard.
As mentioned by jackg, you should use the redeem script to get the public keys.

I didn't know how it can be done. I just made a search and found out it's really easy.
Click here to see one of the transactions made from the address you referred to in the OP.
See the input with the index number 135. The sigscript includes 3 hex data. The last one is the redeem script.

Redeem script:

Code:

522102707f8c41a9ce80bd85c335ce37617388fe8fd5c7b6079f730fc8b7159867cb3e2102f61a255027b492203f04396474e032e759367ad32cdb1b317074e216718f9b532102ae11e6f80d33717c8dffcbd4e480b95f82f9fe7478cb166beebddd5b062c9f9653ae

For getting the public keys, all you need to do is to decode the redeem script using coinb.in tool.
The three public keys used for generating the address in question are as follows.

Code:

02707f8c41a9ce80bd85c335ce37617388fe8fd5c7b6079f730fc8b7159867cb3e
02f61a255027b492203f04396474e032e759367ad32cdb1b317074e216718f9b53
02ae11e6f80d33717c8dffcbd4e480b95f82f9fe7478cb166beebddd5b062c9f96

[NinjaBitcoiner]

I mean for multi-sig wallet it's harder to find public key if there's output transactions?

No. It's not really hard.
As mentioned by jackg, you should use the redeem script to get the public keys.

I didn't know how it can be done. I just made a search and found out it's really easy.
Click here to see one of the transactions made from the address you referred to in the OP.
See the input with the index number 135. The sigscript includes 3 hex data. The last one is the redeem script.

Redeem script:

Code:

522102707f8c41a9ce80bd85c335ce37617388fe8fd5c7b6079f730fc8b7159867cb3e2102f61a255027b492203f04396474e032e759367ad32cdb1b317074e216718f9b532102ae11e6f80d33717c8dffcbd4e480b95f82f9fe7478cb166beebddd5b062c9f9653ae

For getting the public keys, all you need to do is to decode the redeem script using coinb.in tool.
The three public keys used for generating the address in question are as follows.

Code:

02707f8c41a9ce80bd85c335ce37617388fe8fd5c7b6079f730fc8b7159867cb3e
02f61a255027b492203f04396474e032e759367ad32cdb1b317074e216718f9b53
02ae11e6f80d33717c8dffcbd4e480b95f82f9fe7478cb166beebddd5b062c9f96

Ok so these 3 public keys you mentioned actually belongs to these address
02707f8c41a9ce80bd85c335ce37617388fe8fd5c7b6079f730fc8b7159867cb3e      -     17eHCSk6dL8naLmCUwUbHHWjykAsJGadoP
02f61a255027b492203f04396474e032e759367ad32cdb1b317074e216718f9b53   -    1KAXSrx2mcYSmyeS2YU442UH66EASTBoSK
02ae11e6f80d33717c8dffcbd4e480b95f82f9fe7478cb166beebddd5b062c9f96       -    1ADCkNGrDGVBEadFvQ2gMkXSZnfdNST3PJ


What is the public key of actual address that i mentioned in OP which is the address 3BJKWL5ipkVe2bjkRSt6ZNbVWQaRrEFjMs ?

Access to new features introduced in newer address types such as public key aggregation in Schnorr signatures.

Specifically regarding this feature, i want to ask that so this bascially helps in privacy right?
Say we aggregate 3 pub keys into 1 then it can be reversed too? I mean you can reverse this to find individual 3 pub keys back?
https://river.com/learn/what-are-schnorr-signatures/

[hosseinimr93]

What is the public key of actual address that i mentioned in OP which is the address 3BJKWL5ipkVe2bjkRSt6ZNbVWQaRrEFjMs ?

That address is a multi-signature address and for generating that, you need all the three public keys.

In a m of n multi-signature address, there are n private keys and n public keys and you need m of the private keys to spend fund from that.
The address in question is 2 of 3 multi-signature. So, there are 3 public keys and 3 private keys and for spending fund from it, 2 of private keys are required.

[pooya87]

Access to new features introduced in newer address types such as public key aggregation in Schnorr signatures.

Specifically regarding this feature, i want to ask that so this bascially helps in privacy right?
Say we aggregate 3 pub keys into 1 then it can be reversed too? I mean you can reverse this to find individual 3 pub keys back?

Yes, in a way it improves privacy. It also gives you the option to have different branches that could spend the output but only use and reveal one of them when spending it.
It is still not possible to know how many or which public keys were used to get the aggregated public key though, so it is irreversible.

[NinjaBitcoiner]

What is the public key of actual address that i mentioned in OP which is the address 3BJKWL5ipkVe2bjkRSt6ZNbVWQaRrEFjMs ?

That address is a multi-signature address and for generating that, you need all the three public keys.

In a m of n multi-signature address, there are n private keys and n public keys and you need m of the private keys to spend fund from that.
The address in question is 2 of 3 multi-signature. So, there are 3 public keys and 3 private keys and for spending fund from it, 2 of private keys are required.

Got it. Thanks for the explanation
So basically using multi-Sig cold wallet on airgapped machine provides the ultimate security?
I was thinking what if someone generate the same private key as my address in case of single address (which is very very unlikely) but using multi-sig makes this impossible,yes?
If an address is multi sig of say 3 address then attacker has to find 3 private keys correct?
Also bitcoin send to individual address which generate multi-Sig can also be spent individually right?

[hosseinimr93]

So basically using multi-Sig cold wallet on airgapped machine provides the ultimate security?

With using a multi-signature wallet, you may increase your security, but I recommend you use it if it's really required.
Multi-signature addresses are usually used when a transaction should be signed by multiple parties.
If you generate a single-signature wallet on an air-gapped device and keep your keys safe, it's secure enough.

I was thinking what if someone generate the same private key as my address in case of single address (which is very very unlikely) but using multi-sig makes this impossible,yes?

Whether you use a single-signature address or a multi-signature address, that's impossible.

If an address is multi sig of say 3 address then attacker has to find 3 private keys correct?

It depends.
If the address is a 3 of 3 multi-signature address, all the three private keys would be required.
If the address is a 1 of 3 multi-signature address, a single private key would be enough.

Also bitcoin send to individual address which generate multi-Sig can also be spent individually right?

Yes. Each of private keys used for generating the multi-signature address can be used for generating a single-signature address individually.

[LoyceV]

So basically using multi-Sig cold wallet on airgapped machine provides the ultimate security?
I was thinking what if someone generate the same private key as my address in case of single address (which is very very unlikely) but using multi-sig makes this impossible,yes?

The chance of you messing up the multisig, and losing access to your funds, is much larger than the chance of someone finding your cold wallet's private key. The latter is just not going to happen (unless you make a mistake), the former can easily happen.

From your topics, you seem to have a hard time understanding how secure Bitcoin is. Maybe you should spend some time trying to brute-force the private key to a funded address, to convince yourself it's not going to happen.

[aysg76]

Why do you want to hide the public key?
You're looking in the wrong direction for a solution, the real solution is to not reuse the same address.

Right the public keys will be revealed in each transaction as said above and there is no fear in it at all so I don't see anything to hide in it.They are derived from one way hash function under which you can generate public key from private keys but the reverse is not at all possible.

So @OP you don't need to worry about public key hiding and the only thing you should focus on is keeping your seed phrases secret if you are using non custodial wallets so be safe in that case.

As said by @LoyceV also you should burner address that once you have utilised it for the task or submitted it somewhere use different address from it which will help you more.

[NinjaBitcoiner]

So basically using multi-Sig cold wallet on airgapped machine provides the ultimate security?
I was thinking what if someone generate the same private key as my address in case of single address (which is very very unlikely) but using multi-sig makes this impossible,yes?

The chance of you messing up the multisig, and losing access to your funds, is much larger than the chance of someone finding your cold wallet's private key. The latter is just not going to happen (unless you make a mistake), the former can easily happen.

From your topics, you seem to have a hard time understanding how secure Bitcoin is. Maybe you should spend some time trying to brute-force the private key to a funded address, to convince yourself it's not going to happen.

Now i am not having a hard time understanding how secure bitcoin is But it wouldn't hurt to know more about cryptography in general. Does it? and it's a technical sub forum.
Also like you ask there's no harm if public key in known. So why to hide it? I know this BUT it wouldn't hurt to conceal it for privacy reasons does it?
See if the bitcoin devs didn't care about it they wouldn't introduce Taproot which essentially enables multi-sig wallet to conceal their pub keys and aggregate them into 1 key and no one can find out the real pub keys which is great IMO and helps in privacy. Even no one can find out if it's the multi-sig tx or single sig

[BlackHatCoiner]

So basically using multi-Sig cold wallet on airgapped machine provides the ultimate security?

Using multi-sig in one machine makes little sense. Multi-sig provides extra security, provided that transactions are signed in multiple devices. 

If an address is multi sig of say 3 address then attacker has to find 3 private keys correct?

If the address is a 1 of 3 multi-signature address, a single private key would be enough.

Important to mention that an attacker needs the two other public keys as well, in contrast with single-sig, wherein just having the private key is enough to move the money.

[citb0in]

maybe OP is concerned about public key because he did read about cracking tools that rely on pubkey (like kangaroo or BSGS) ?

[DannyHamilton]

when you send bitcoins from legacy Address

Bitcoins are not sent FROM addresses.  This is a fundamental misunderstanding of how bitcoin works. Continuing down this path while trying to understand Bitcoin at a technical level is only going to cause you more confusion.

How can i hide my public key while still Re-using the same address

Do not re-use addresses.  If you want to re-use an address, then either make sure that you use software that will allow you to simultaneously spend ALL unspent outputs that were created from that address in a single transaction, OR accept that you will be giving up a bit of privacy because you chose to re-use an address.

Addresses are NOT account numbers.  Bitcoin is not a bank account.  Think of an address like an invoice number.  It's something that you give to someone else so that you can keep track of the payment that they make to you.  You wouldn't typically re-use an invoice number, so don't re-use an address.

[bettercrypto]

3.) How can I hide my public key while still using the same address for spending? I think it is possible because the address I mentioned in question 2 achieves that.

In my understanding, this is not possible, in my few years in cryptocurrency I have never seen a pubic key hidden in every transaction done by enthusiasts here in the crypto space.

    And I also don't understand why you want your public key hidden? The only thing I know that is really hidden and cannot be shown is the seed phrase words and password, that's all but not the public key.