How to hide public key of Bitcoin Address?

[o_e_l_e_o]

Also like you ask there's no harm if public key in known. So why to hide it? I know this BUT it wouldn't hurt to conceal it for privacy reasons does it?

We don't hide it. It's simply that you can lock coins behind some script types without revealing it, but it is revealed after you unlock those script type. Concealing it brings no additional privacy since the only thing an attacker with your public key can work out is your address, which is public knowledge already.

See if the bitcoin devs didn't care about it they wouldn't introduce Taproot which essentially enables multi-sig wallet to conceal their pub keys and aggregate them into 1 key and no one can find out the real pub keys which is great IMO and helps in privacy.

The privacy gain here comes from not being able to tell if the address is multi-sig or single-sig, not from obfuscating the individual public keys. And indeed, taproot addresses are simply an encoding of the (tweaked) public key, so any time you receive to a taproot address your public key is already exposed.

[1714477916]

1714477916

[1714477916]

1714477916

[Lida93]

3.) How can i hide my public key while still Re-using the same address for spending? I suppose it's possible because the address i mentioned in question 2 is able to achieve that.

The phrase "public key" as it's called vividly express that it's something that necessarily need not be hidden, else it should not have been called public key but something away far from it. If we're been charged for every new address produced for transaction order than transaction fee then I'll have understood your reasons for wanting to re-using same address.  Perhaps you should focus energy on keeping your private keys safe cause your assets depends on it than public keys.

Maybe you haven't revealed your real intention to what you seek and why.

[WhyFhy]

2.) I see Some Addresses do not reveal the public key even if they have spent their bitcoins like this address here - https://www.blockchain.com/btc/address/3BJKWL5ipkVe2bjkRSt6ZNbVWQaRrEFjMs     So How can this be possible?

The address in question is a multi-signature address and has been generated using three different public keys.
I don't know how, but it should be possible to derive all the three public keys from data of a transaction made from that address.

OP you may want to ignore this post as it may be a little off topic but it got me thinking,

Supposedly its possible, however I haven't found a great solution. If I do, I'll let you know.
Ive messed with all the mergers/calculators like https://github.com/ThePiachu tools
One of the problems with vanity addresses is that there are 6 derivatives from 1 key.
Finding the others first is a common problem.
I used to wonder though, if each derivative is in fact a new master key to a new set of 6 derivatives
and some type of formula is found to solve for all 6 derived keys from a master key wouldn't this potentially compromise some security?
for example, find an accurate child derivative sum it up somehow for the master sum then the master sum gives access to all the child derivatives?
I've often wondered if this were made possible and each derivative is also a master key with a set of derivatives if crawling this structure would have overlapped another
set of keys in use. (a collision approach?)

If Infinity= 0
Infinity x Infinity= 0
Infinity/6^6= 0

Even if, everything's still all good however collision possibilities still increase. (I think?  )

edit, just to be clear as far as I know or anyone does, It's not possible to determine the master private key from a derived private key or address. The relationship between the master private key and the derived private keys is one-way. This is a speculation of what if.

  
 I found this a while back while researching BTC pay servers.

Code:

ExtKey masterKey = new ExtKey();
Console.WriteLine("Master key : " + masterKey.ToString(Network.Main));
for (int i = 0 ; i < 5 ; i++)
{ 
 ExtKey key = masterKey.Derive((uint)i);
 Console.WriteLine("Key " + i + " : " + key.ToString(Network.Main));
}
Master key : 
xprv9s21ZrQH143K3JneCAiVkz46BsJ4jUdH8C16DccAgMVfy2yY5L8A4XqTvZqCiKXhNWFZXdLH6VbsCs
qBFsSXahfnLajiB6ir46RxgdkNsFk 
Key 0 : 
xprv9tvBA4Kt8UTuEW9Fiuy1PXPWWGch1cyzd1HSAz6oQ1gcirnBrDxLt8qsis6vpNwmSVtLZXWgHbqff9
rVeAErb2swwzky82462r6bWZAW6Ty 
Key 1 : 
xprv9tvBA4Kt8UTuHyzrhkRWh9xTavFtYoWhZTopNHGJSe3KomssRrQ9MTAhVWKFp4d7D8CgmT7TRza
uoAZXp3xwHQfxr7FpXfJKpPDUtiLdmcF 
Key 2 : 
xprv9tvBA4Kt8UTuLoEZPpW9fBEzC3gfTdj6QzMp8DzMbAeXgDHhSMmdnxSFHCQXycFu8FcqTJRm2ka
mjeE8CCKzbiXyoKWZ9ihiF7J5JicgaLU 
Key 3 : 
xprv9tvBA4Kt8UTuPwJQyxuZoFj9hcEMCoz7DAWLkz9tRMwnBDiZghWePdD7etfi9RpWEWQjKCM8wH
vKQwQ4uiGk8XhdKybzB8n2RVuruQ97Vna 
Key 4 : 
xprv9tvBA4Kt8UTuQoh1dQeJTXsmmTFwCqi4RXWdjBp114rJjNtPBHjxAckQp3yeEFw7Gf4gpnbwQTgDp
GtQgcN59E71D2V97RRDtxeJ4rVkw4E 
Key 5 : 
xprv9tvBA4Kt8UTuTdiEhN8iVDr5rfAPSVsCKpDia4GtEsb87eHr8yRVveRhkeLEMvo3XWL3GjzZvncfWVK
nKLWUMNqSgdxoNm7zDzzD63dxGsm 

https://finbuzzactu.files.wordpress.com/2017/06/blockchain-programming-in-csharp.pdf

[cfbtcman]

Interesting subject here, so I decided to post.

I have been studying Bitcoin Taproot addresses and it seems or not because I have read YES and NO that is not possible to hide public key until first transaction because all Taproot addresses expose it naturally (if someone can explain/clarify it, I would appreciate).

I read some comments, about that is not important and pubkeys should be public, bla bla bla...

Satoshi Nakamoto use to say to use the address only one time for max security and there is a reason for that for sure.

Many ppl is speaking that with a quantic attack many bitcoin would be taken and bitcoin would go to zero if someone have enough powerful quantic computer.

I disagree with that, imagine there is a quantic computer that can brake it in 1 year, all addresses already transacted at least 1 year would be exposed, but all the other would be safe and if someone someday have access to a quantic with power to brake bitcoin for sure he will not start to stole every bitcoins he can and make market go down, of course they would be subtil and just make surgical stoles, the type of attacks the owner will complaint and everybody will think he just was hacked by some APP or he is dumb, nobody will believe that it was a quantic attack (same as when in 2nd WW allies made with german Enigma machine, they didn't refute all german steps to don't put on check the important advantage they already have.)

In a time that many ppl is talking about possibility of future quantic attacks for bitcoin, Satoshi already have made the 1st step against quantic attack hiding the public key until first and possible only move if we just move the exchange to a new address.

So, if Taproot addresses always expose the public key, I don't know about you, but I would not use them to save my bitcoins in a cold wallet, maybe for another applications could be good enough, but not for cold wallets.

What you think about it?

[cfbtcman]

when you send bitcoins from legacy Address

Bitcoins are not sent FROM addresses.  This is a fundamental misunderstanding of how bitcoin works. Continuing down this path while trying to understand Bitcoin at a technical level is only going to cause you more confusion.

How can i hide my public key while still Re-using the same address

Do not re-use addresses.  If you want to re-use an address, then either make sure that you use software that will allow you to simultaneously spend ALL unspent outputs that were created from that address in a single transaction, OR accept that you will be giving up a bit of privacy because you chose to re-use an address.

Addresses are NOT account numbers.  Bitcoin is not a bank account.  Think of an address like an invoice number.  It's something that you give to someone else so that you can keep track of the payment that they make to you.  You wouldn't typically re-use an invoice number, so don't re-use an address.

What is the main reason to dont reuse addresses, the exposition of public key?

[o_e_l_e_o]

I have been studying Bitcoin Taproot addresses and it seems or not because I have read YES and NO that is not possible to hide public key until first transaction because all Taproot addresses expose it naturally (if someone can explain/clarify it, I would appreciate).

You can hide any scripts which allow an output to be spent, but you cannot hide the public key. As I've said in an earlier post in this thread, a taproot address is simply the tweaked public key in a different encoding.

Satoshi Nakamoto use to say to use the address only one time for max security and there is a reason for that for sure.

The whitepaper says keys should be used once only for privacy reasons, not for security reasons.

I disagree with that, imagine there is a quantic computer that can brake it in 1 year, all addresses already transacted at least 1 year would be exposed

A quantum computer which takes a year to solve an ECDLP will then be able to take the coins from a single address after one year, not from every vulnerable address.

In a time that many ppl is talking about possibility of future quantic attacks for bitcoin, Satoshi already have made the 1st step against quantic attack hiding the public key until first and possible only move if we just move the exchange to a new address.

There are hundreds of reasons your public keys will be exposed. Transactions, signing messages, BIP32, sharing xpubs, light wallets, address reuse, multi-sig or other scripts, the list goes on. No wallet or piece of software handles your public keys as if they are secret information. They are meant to be public, and the security of your coins does not rely on them not being so.

[citb0in]

In a well-designed cryptographic system like Bitcoin, knowing the public key should not expose any significant vulnerability. In fact, public keys are meant to be just that—public. However, there are some subtle aspects to consider weakness of a known pubkey in regard to quantum computing. Brute-forcing the private key of a known public key with current classical computers is practically impossible due to the sheer amount of computational power required. While classical computers are currently incapable of breaking public-key cryptography like the elliptic curve algorithm used in Bitcoin within a reasonable time frame, future quantum computers might be able to do so. Also, if there's a yet-unknown mathematical vulnerability in the elliptic curve algorithm, having the public key could conceivably make it easier to exploit.

However, if quantum computers that can break elliptic curve cryptography become available, then having your public key exposed would be a significant risk. Note that if quantum computers reach this stage, the entire cryptographic basis for Bitcoin (and many other systems) would need to be reconsidered. But here comes the important part and certainly is most interesting for you:

If the private key was initially generated using a flawed or predictable random number generator, then an attacker who could guess this could more feasibly derive the private key. However, this is more about the vulnerability in key generation than in the public key being known. For your understanding:

knowing the public key of a 64bit private key allows you to brute-force the correct key in within some minutes (=reasonable time)
knowing the public key of a 234bit private key nowadays is secure because with available technology it's not possible to brute-force and find the correct key in a reasonable time.

That being said --> always use a 256 bit key unless there is a good reason to do so

[pooya87]

(same as when in 2nd WW allies made with german Enigma machine, they didn't refute all german steps to don't put on check the important advantage they already have.)

That example can be used to refute your post.
Such high computation power to break strong cryptography (at the time) is not easy to come by and is not available to everyone. It is always owned (in secret) by governments and is used for much important matters like state secrets and espionage not to steal bitcoins from a single address after a year of computation! They can press a button to print more money without spending anything.

By the time such capability becomes known, all systems will start migrating to newer and stronger algorithms and by the time the hardware catches up the old algorithms are a thing of the past. Like today that you can break the WWII era encryption on your PC, nobody uses such algorithms.

That's not to mention for the time being the computing power, known or unknown, is not close to be able to sold ECDLP within reasonable timeframe.