Is that safe to expose public key to the mainnet

2

Because every time when someone want to spend some money under an address, he need to provide public key and sent the content to the mainnet. (Please correct me if that is not correct)

Where can I look to see a revealed public key?

If there is some remaining money under this address, is that possible that the other will copy the public key and generate another request(with this copy) to use those money?

Carpemer

Posted 2016-01-13T12:59:41.333

Reputation: 117

Answers

2

To claim (spend) the bitcoin from an address one needs to create a transaction and provide two things:

  • a public key (from which the address you are trying to access is actually derived from**) and
  • a signature of the transaction (with the private key that corresponds to the above public key**)

When you spent some money from an address the rest will typically go back to the originating address as change (see section Output here).

You are correct that the public key will be exposed after the first transaction. An attacker would have your public key. However, this poses no threat since the public key can be, well, public without compromising security. This is how public key cryptography works.

It is the signature that provides the real security. To create such a signature one needs the private key corresponding to the public key. And that is never revealed in the blockchain.

The above two links provide a lot of detail of how public key cryptography and bitcoin transaction work.

** Note that a bitcoin address is created from the public key with a one-way function (the reverse is not possible). Similarly, a public key is created from the private key with a one-way function. i.e. with the private key one can re-create the rest.

karask

Posted 2016-01-13T12:59:41.333

Reputation: 2 089

"the second component is an ECDSA signature over a hash of a simplified version of the transaction." It should be the sign of previous transaction, Is that correct?Carpemer 2016-01-14T14:51:12.633

Yes, that is correct.karask 2016-01-15T09:56:35.363

1

Regular Bitcoin transactions are push payments. There is no way to withdraw money from an address, it must be sent. Except for diminishing privacy there is no security risk to revealing a public key.

A replay attack is not possible, because balances are encapsulated in Unspent Transaction Outputs. While they can be signed over by the owner of the private key of an address, they are identified by the transaction they originated from. Unspent Transaction Outputs are used up completely when a transaction is created, therefore they are not available for a replay attack.

Murch

Posted 2016-01-13T12:59:41.333

Reputation: 41 609