pull down to refresh

Good question. This is my unverified understanding:
Public keys nowadays aren't really "public keys", they are just called like that for historical reasons. What we call "public keys" are nowadays just the Bitcoin Script that we use to lock outputs ("locking scripts") but originally, there was only P2PK: "Pay to Public Key".
Example locking script for P2PK:
OP_PUSHBYTES_65 0411db93e1dcdb8a016b49840f8c53bc1eb68a382e97b1482ecad7b148a6909a5cb2e0eaddfb84ccf9744464f82e160bfa9b8b64f9d4c03f999b8643f656b412a3 OP_CHECKSIG
The pushed bytes contain the public key in hex (among other things) and OP_CHECKSIG means that to spend this output, you need to provide a signature from the corresponding private key.
The code still calls these pieces of locking script scriptPubkey.
However, P2PK is insecure (what if at some point in the future, we can derive the private key from public keys) and bad for privacy (public key reuse). We then started to use P2PKH which is basically the same as P2PK but we pay to the hash of a public key so we at least can hide the public key of the private key that would unlock these coins until we spend the output.
After some more iterations on transactions we got P2SH ("Pay to Script Hash"), P2WSH ("Pay to Witness Script Hash"), P2TR ("Pay to Taproot") and probably others I can't remember right now.
So this means if you want to use a different script type, your "public key" MUST change since as mentioned, they ARE what defines the script type since they are literally locking scripts.
TL;DR: don't interpret xpubs etc. as literal public keys. They are a scheme to derive locking scripts that you can unlock with the corresponding unlocking scripts (your "private keys").
To everyone reading: please correct me if I got something wrong.
34 sats \ 1 reply \ @ek 24 Nov
Damn, edited this
These 65 bytes are the public key in hex
to
The pushed bytes contain the public key in hex (among other things)
which is wrong just before the edit timer ran out. A 65 bytes public key looked wrong to me but it's true, these 65 bytes are really just the public key but in uncompressed format:
This is one of the simplest locking scripts you'll find in the blockchain. It's used to lock an output to a single public key.
It contains a public key (33 bytes compressed or 65 bytes uncompressed) and the OP_CHECKSIG opcode. This means that only a signature for that public key is required to unlock it. So in other words, the output is locked to the public key of the person you want to "send" the bitcoins to.
reply
It seems to me that the public keys and private keys for BTC function in almost the same way as pgp did, ages ago. If I remember correctly the key is some sort of diffident-helmet hash, isn’t it? So this key might be some sort of hash or sha??? Type of encryption.
reply