exactly. when you pay someone, 99 times out of 100, you're paying a hash of their public key (xpub), (+ an incremental derivation path, so as to be able to produce many addresses from a single key).
as far as I understand, if you paid their public key directly, you would be able to calculate all of their future receive addresses. just the same way a 'watch only' wallet does, by having you import your xpub.
Okay , I know someones recieve addresses, bad opsec, but how does that improve a brute force?
What kind of computing power is needed to brute force a private key , isn't the entropy massive ?
I could be wrong... but.. I think a private key is derived from the public key. therefore, if the public key is known, as is the case in P2PK, when you have a straight forward attack vector to brute force the private key.
in the case of P2PKH, the private key remains hidden, as the funds are sent to a hash of the pubkey, instead.
this extra layer of obfuscation means you first have to work out the pubkey, before you can set about brute forcing the private key...
shocking typos....
** then you have a straight forward attack vector....
** in the case of P2PKH, the **public** key remains hidden
a mediocre analogy would be using a PO Box.
if you published your home address online, in the open (P2PK), and I wanted to break into your property, and steal your stuff, I can just look at your address, and I immediately know where to go, to start my intrusion. (I still actually need to do the work of breaking in...)
In constrast, P2PKH would be like using a PO Box, instead of your actual home address.
I could travel to your PO Box, but even when I get there, I still have a tonne of work to do, to figure out your actual home address. All of that needs to be done, before I can even begin the work of breaking in....
