Somebody check me on this plz - private key/script type/public key relationship? \ stacker news ~bitcoin

pull down to refresh

Somebody check me on this plz - private key/script type/public key relationship?

1322 sats \ 7 comments \ @Signal312 3h bitcoin

I'm playing around with Testnet4 on Sparrow, trying to understand things.

I created a hot wallet in Sparrow, and I get the public key (usually xpub, but tpub when using Testnet4). I load that into a new wallet in Sparrow, as a watch-only wallet.

That's all fine.

However, if I load that same seed phrase again in a new wallet (another hot software wallet), and change the Script Type from the default of Native Segwit to Legacy, then the public key changes.

That implies to me that when the public key is generated from the private key, the script type is INCORPORATED into it. So the public key contains:

the public version of private key
the script type (which changes the way the addresses are generated)

And the private key, in contrast, does NOT contain the script type - it needs to be specified, in addition to the seed phrase, in order to generate the addresses.

And one more thing - it looks like the derivation (which you have to turn on in the Preferences menu in order to change, in Sparrow), is similar to script type. If you change it, the public key changes.

Is this correct?

view all related items

68 sats \ 1 reply \ @ek 3h

Good question. This is my unverified understanding:

Public keys nowadays aren't really "public keys", they are just called like that for historical reasons. What we call "public keys" are nowadays just the Bitcoin Script that we use to lock outputs ("locking scripts") but originally, there was only P2PK: "Pay to Public Key".

Example locking script for P2PK:

OP_PUSHBYTES_65
0411db93e1dcdb8a016b49840f8c53bc1eb68a382e97b1482ecad7b148a6909a5cb2e0eaddfb84ccf9744464f82e160bfa9b8b64f9d4c03f999b8643f656b412a3
OP_CHECKSIG

The pushed bytes contain the public key in hex (among other things) and OP_CHECKSIG means that to spend this output, you need to provide a signature from the corresponding private key.

The code still calls these pieces of locking script scriptPubkey.

However, P2PK is insecure (what if at some point in the future, we can derive the private key from public keys) and bad for privacy (public key reuse). We then started to use P2PKH which is basically the same as P2PK but we pay to the hash of a public key so we at least can hide the public key of the private key that would unlock these coins until we spend the output.

After some more iterations on transactions we got P2SH ("Pay to Script Hash"), P2WSH ("Pay to Witness Script Hash"), P2TR ("Pay to Taproot") and probably others I can't remember right now.

So this means if you want to use a different script type, your "public key" MUST change since as mentioned, they ARE what defines the script type since they are literally locking scripts.

TL;DR: don't interpret xpubs etc. as literal public keys. They are a scheme to derive locking scripts that you can unlock with the corresponding unlocking scripts (your "private keys").

Maybe reading this helps: https://learnmeabitcoin.com/technical/script/

To everyone reading: please correct me if I got something wrong.

34 sats \ 0 replies \ @ek 2h

Damn, edited this

These 65 bytes are the public key in hex

The pushed bytes contain the public key in hex (among other things)

which is wrong just before the edit timer ran out. A 65 bytes public key looked wrong to me but it's true, these 65 bytes are really just the public key but in uncompressed format:

This is one of the simplest locking scripts you'll find in the blockchain. It's used to lock an output to a single public key.

It contains a public key (33 bytes compressed or 65 bytes uncompressed) and the OP_CHECKSIG opcode. This means that only a signature for that public key is required to unlock it. So in other words, the output is locked to the public key of the person you want to "send" the bitcoins to.

-- https://learnmeabitcoin.com/technical/transaction/output/scriptpubkey/

68 sats \ 4 replies \ @justin_shocknet 3h

Different address types have different paths based on their BIP, hense they look different with different prefixes etc

https://learnmeabitcoin.com/technical/keys/hd-wallets/derivation-paths/

1 sat \ 0 replies \ @Signal312 OP 2h

That's an awesome website, thanks for the pointer.

0 sats \ 1 reply \ @Signal312 OP 2h

Forgive me for being a little dense but I just wanted to confirm something that I think this page is implying:

https://learnmeabitcoin.com/technical/keys/hd-wallets/derivation-paths/

If you go to the above page, click "Generate Random" to generate a seed (private key), and then go to Keys and Addresses.

Then, keep checked ONLY the public key and address fields to make it easier to see. You see what looks like a regular bitcoin address (starts with bc1). And then left of it is the "public key".

But I'm used to thinking about "public key" meaning the xpub, for the private key, with which you can derive ALL the addresses.

So it looks like on this page, public key means something else, because it changes for each bitcoin address.

Maybe xpub stands for "expanded" public key, in the sense that it's the MASTER public key, from which you can derive everything else (everything that's public)?

I guess I should always say MASTER public key, instead of just public key?

34 sats \ 0 replies \ @justin_shocknet 2h

xpub is extended public key yes, from there those address keys are deterministic

0 sats \ 0 replies \ @Signal312 OP 2h

deleted by author