Public key and address difference

[martinex]

I need a convincing and satisfying answer on the difference between public key and address because In the course of studying I'm trying to assume public key is the same as address. Though address is just a way of representing our public key which was derived from our private key using the mathematical elliptical curve multiplication.
Please I need more clarification on it.

Regarding the differences, our seniors have probably already explained them. The next question is which wallets support this, if the rumors, as mentioned by our senior, Cookdata, happen sooner or later, and are they true? And next, how quickly can someone guess the private key if they use one?

Essentially, don't overuse exchange wallets if you really want to store your BTC. Using a blue wallet is better, even if it's not fully ready for migration. One thing you need to know is that Bitcoin is indeed powerful, but what Satoshi has provided for us and everyone else is probably just an initial design and isn't perfect if we consider his current needs.

Yes, it may have been perfect at the time, but the flaws and problems that emerged after the incident were beyond his own expectations.

[satscraper]

You don't need to know "internal, tweaked Taproot key".

Looks like you mixed things up. The internal key is the original ^{(i.e., untweaked)} public key.

Which means, that tweaking is officially recommended, but it is not obligatory, so it is not enforced everywhere. And as long as it is the case, 1:1 mapping is possible.

Public key tweaking is the essence of Taproot’s design, i.e. it is not optional. If Taproot address were derived directly from encoding the public key into Bech32m, the resulting address would be invalid and all nodes would reject the transaction.

P.S. Show me where it says tweaking is optional.

[stwenhao]

Show me where it says tweaking is optional.

It is better: I can show you a valid transaction: https://mempool.space/tx/f0e7351b7829826057a984fde7c03d1c67e8235224c5e3791122a072d1e1a3ff

The public key in use is just the secp256k1 generator: 0279be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798

If tweaking the key is obligatory, then why bc1p0xlxvlhemja6c4dqv22uapctqupfhlxm9h8z3k2e72q4k9hcz7vqzk5jj0 is spendable? You can verify, that the Schnorr signature is valid, and it is uses the private key, equal to one. Nothing is tweaked, and the signature is valid.

If tweaking the key would be mandatory, then nobody would know the private key, so nobody could spend it. But it is simply not the case.

BIPs just give you a recommended way of deriving addresses from private keys, but tweaking is never enforced on consensus level, it is only enforced by the most popular wallets. Which means, that 1:1 mapping between public keys and addresses is possible, even if you cannot get it by default.

Related topic: https://bitcointalk.org/index.php?topic=5372405.0

As you can see, you can spend coins from a tweaked key, and also from some untweaked one. It is all about building a Bitcoin Core version, which would allow you using "rawtr()", instead of "tr()". And then, spending coins from addresses like bc1p0xlxvlhemja6c4dqv22uapctqupfhlxm9h8z3k2e72q4k9hcz7vqzk5jj0 is possible, and the client will give you a standard, valid signature, if you just import raw, untweaked key properly.

[satscraper]

Which means, that 1:1 mapping between public keys and addresses is possible, even if you cannot get it by default.

Cheese.

[stwenhao]

It's probably a pretty bad idea to use it unless you must and you really know what you're doing... however.

Of course. And I agree, that it is a bad idea. But it is possible (and valid by consensus, which means, that there is some room for future attacks). And: if anyone can get a raw private key, then knowing the tweaked key is not needed at all, to move the coins (so, closing eyes, and saying "we are safe, because everything is always tweaked" is wrong, because consensus rules don't check it). Which also means, that each Taproot address is as strong, as this untweaked key is, as long as spending by key is possible (so, you can import raw, untweaked version to a different wallet, and move the coins, without knowing, how exactly the key was tweaked; the private key to the untweaked version is the only consensus-checked thing).

Which also means, that there is not that much difference between "<pubkey> OP_CHECKSIG" security, and Taproot address security. The main improvements are related to signature checking, because Schnorr signatures are used instead of ECDSA legacy versions. But from secp256k1 point of view, if you know some private key for P2PK, then you can move coins from a related Taproot address as well. So, if secp256k1 will ever be broken, then both, P2PK and P2TR, will be broken in a similar way.

By the way: tweaking P2PK public keys is also possible. The main reason why it is not widely used, is because these things were discovered later, and there are too many untweaked P2PK public keys, to introduce it now. But technically, blocking untweaked Taproot keys from being spent, is not that much different, than blocking untweaked P2PK keys; the main difference is "the default implementation" and "historical context", everything else is pretty much equivalent.

And it lies in a similar category, as "blocking non-HD keys", because "tweaked keys" and "HD-keys" are similar: you have just regular public keys, and all of that tweaking is just implementation-defined: consensus never enforces any of that. As well as consensus never enforces deterministic signatures.

Which means, that "keys are always tweaked, so we are safe" is comparable to saying, that "HD wallets are used, so we don't have to worry about randomly generated keys". Because there are many ways to tweak keys: what you can read in BIPs is just an example, and not something, which is checked by consensus rules. So, if instead of SHA-256("TapTweak") you would use SHA-256("Hello World"), then it would work in a similar way, because it is never enforced anywhere.

[Cryptomultiplier]

I need a convincing and satisfying answer on the difference between public key and address because In the course of studying I'm trying to assume public key is the same as address. Though address is just a way of representing our public key which was derived from our private key using the mathematical elliptical curve multiplication.
Please I need more clarification on it.

The purpose of public key is to verify that a particular transaction was signed and accepted by the corresponding private key just so as to prove that the funds actually belongs to you. It is like a signature and is gotten and generated from ones private keys.

The address is that 13 or 14 numbers that includes alphabets and numbers that we often share to others to receive payments or use as payment address when we apply for signature campaigns on this forum. A bitcoin address would always start with numbers like 1, 3 or bc1q. An Etherum address would be something like 0x.