Does this mean that the private key generates a public key, and the public key is hashed into an address? So that you can't actually derive a public key from the address, and therefore can never determine an address's related private key?
Discussion
exactly
I'm looking at the white paper, and it only shows the sender signing a combination of his utxo's hash and the recipient's public key. Where does the address come into the picture and how does the signature work out if the recipient's public key is obfuscated in that signature?
I think you explained that in your note but it went over my head.
The addresses are the out points, there is usually 2 but there can be any number, and each of these addresses designate the spending key for next time. The signature itself, when combined with the hash of the transaction, reveals the public key the address is derived from, and thus proves the right of ownership.
The public key is hidden until the tx is lredy history. This means also that quantum computers don't matter so long as you don't reuse and continue to hold coins at the dress.
The signature logarithm is based on a specific number series that is derived from a tiny seed, which is too small to manipulate to back door it, meaning to hide numbers in it that allow multiple solutions. The other ones used in blockchins do not have this property.
The vulnerability that was discovered that led to segwit related to the ECDSA signatures, which llow a much larger set of other solutions that is referred to as malleability. Schnorr signatures, like used in nostr, and taproot, don't have this problem. They can also be used in the same way here the txid hash and signature reveal the public key, but lso make it easy to function like a keychain, creating a mechanism for encoding multiple codes tied to a single key, which can be used to represent the lternte pths of execution of a smart contract.
Geniuses... F'n geniuses...
Your A key isn't hitting
yeah, touchscreen display is not great on the edge... you can tell i'm using it because it puts capital letters and especially missing teh A and often breaks a sentence by putting a full stop in there
yeah just wanted to clear something, each utxo has to be signed on, and that reveals the public key, the specification of where they go is defined by the out points
in the transaction there is inpoints, which are the address that is spent to, and outpoints, which is where you are sending them... if you have had two payments go to an address, you can spend those with one signature that authorises that address balance to move
so if you are spending a larger amount, you will often have several signatures to create, and usually all but one will be going to one destination, by joining utxo's to spend them into one new balance at a new addresn, so yeah they can be split and joined, and from the point of view of an observer, it can be unclear which is change and which is payment, also, this is one of the core problems with chain analysis, because a better design of transaction can defeat any notion of which is payment and which is change, in fact, for example you could conceivably ask someone to give you 3 addresses to send to, and make 4 of your own change addresses, and who's gonna know which is which?
this is a neat thing you can do with Bitcoin Core also, in the settings enable coin control and you can be selective about everything, including, if you create several of your own change addresses manually, make it entnirely impossible to determine what is "spending" and what is not.
Thank you, I needed that simplification
that's right, UNTIL you move the coins from that new address when it receives them, then the public key is publicised