What is this jabroni on about?:
https://stacker.news/items/451691
#AskNostr
Discussion
As far as I understand, in the past, P2PK ('Pay to Pubkey') was the standard, for sending Bitcoin TX's.
Nowadays, we tend to use P2PKH ('Pay to Pubkey Hash').
Basically, in the case of P2PKH, the public key is hashed, adding an additional layer of complexity/security.
The 999 btc that were just moved, were spent from an old style P2PK address.
The author is posing the question, were these coins spent by their rightful owner, or has the weaker P2PK encryption been broken/brute forced.
I don't think it's anything more than speculation at this point.
Even if it were brute force, most modern wallets use P2PKH as standard now, which some suggest is closer to being quantum resistant.
Thanks for the explanation, I think I understand.
I have problem understanding the meaning of 'pay to', I already understand the idea of a hash thanks to the 'one-way blender' analogy that I picked up somewhere.
Does this mean that when you see somebodies public key, that this is actually already hashed, that you are seeing a hashed pubkey?
I don't really understand the attack-vector by having unhashed public keys, I thought the public key is fine to be shared and distributed? I know I'm missing something here T_T.
i think the additional round of hashing on top of the public key makes it (possibly exponentially) more difficult, from a brute force perspective.
exactly. when you pay someone, 99 times out of 100, you're paying a hash of their public key (xpub), (+ an incremental derivation path, so as to be able to produce many addresses from a single key).
as far as I understand, if you paid their public key directly, you would be able to calculate all of their future receive addresses. just the same way a 'watch only' wallet does, by having you import your xpub.
Okay , I know someones recieve addresses, bad opsec, but how does that improve a brute force?
What kind of computing power is needed to brute force a private key , isn't the entropy massive ?
I could be wrong... but.. I think a private key is derived from the public key. therefore, if the public key is known, as is the case in P2PK, when you have a straight forward attack vector to brute force the private key.
in the case of P2PKH, the private key remains hidden, as the funds are sent to a hash of the pubkey, instead.
this extra layer of obfuscation means you first have to work out the pubkey, before you can set about brute forcing the private key...
shocking typos....
** then you have a straight forward attack vector....
** in the case of P2PKH, the **public** key remains hidden
a mediocre analogy would be using a PO Box.
if you published your home address online, in the open (P2PK), and I wanted to break into your property, and steal your stuff, I can just look at your address, and I immediately know where to go, to start my intrusion. (I still actually need to do the work of breaking in...)
In constrast, P2PKH would be like using a PO Box, instead of your actual home address.
I could travel to your PO Box, but even when I get there, I still have a tonne of work to do, to figure out your actual home address. All of that needs to be done, before I can even begin the work of breaking in....