But many addresses are a hash of the public key, so we cannot validate the public ...

Why Nostr? What is Njump?

npub1j8…g26k2

2025-05-06 19:51:50

in reply to nevent1q…j7ua

But many addresses are a hash of the public key, so we cannot validate the public keys when transactions are paying money to them. For these addresses it is impossible to filter based on public key until it is revealed, at time of spending, which requires them to be real and not spam!

Though I haven't thought about this wrt P2TR, and was somewhat surprised to see point validity isn't enforced:
https://github.com/bitcoin/bitcoin/pull/24106

I think id rather the spammers use invalid secp points! A nice broom to have up the sleeve? Can easily patch into a node to sweep out all the invalid ones from the utxoset.

It is super easy to generate these "fake" secp256k1 points which are valid:
02b33fb33fb33fb33fb33fb33fb33fb33fb33fb33fb33fb33fb33fb33fb33fb33f

```rust
use rand::{RngCore, thread_rng};
use secp256kfun::{
Point, hex,
marker::{NonZero, Public},
};

fn main() {
let mut rng = thread_rng();

let hex_str = "b33fb33fb33fb33fb33fb33fb33fb33fb33fb33fb33fb33fb33fb33fb33f";
let hex_bytes = hex::decode(hex_str).expect("invalid hex string");

loop {
let mut random_bytes = [0u8; 64];
rng.fill_bytes(&mut random_bytes);

let my_point_bytes = {
let mut bytes = [0u8; 33];
bytes[0] = 0x02; // start with 02

let hex_len = hex_bytes.len().min(32);
bytes[1..1 + hex_len].copy_from_slice(&hex_bytes[0..hex_len]);

// fill the rest with random bytes
if hex_len < 32 {
bytes[1 + hex_len..33].copy_from_slice(&random_bytes[0..32 - hex_len]);
}

bytes
};

let point = Point::<_, Public, NonZero>::from_bytes(my_point_bytes);
match point {
Some(valid_point) => {
println!("Random valid point: {:?}", valid_point);
}
None => {
eprintln!("Invalid point from bytes: {}", hex::encode(&my_point_bytes));
}
}
}
}
```

Author Public Key

npub1j8d6h8mzvc8f2fvysrf09nlkmn7m2ylj32zl5na4tm5e8fd5dqysrg26k2

Show more details

Published at

2025-05-06 19:51:50

Kind type

1 Short Text Note

Event JSON

{ "id": "624589e9cf1c45e18303639d2020104568fcd5a632c7d54a55b9a2a0d9710e47", "pubkey": "91dbab9f62660e95258480d2f2cff6dcfdb513f28a85fa4fb55ee993a5b46809", "created_at": 1746561110, "kind": 1, "tags": [ [ "e", "59ab8900e39e1c6dfe5cfcc072048582d1c13aa92a5526a024f9f390b6e7b822", "ws://47.236.4.9:8080", "root" ], [ "e", "b8b33315b5fc80c88a9a3d21b5f73538fdf4063fecd510b6ff91ec72e7b1ef52", "ws://47.236.4.9:8080", "reply" ], [ "p", "846307688a09ec112967eb0544e78a9e88c48f50712c39ed491ff2b6fa019ae8", "", "mention" ], [ "p", "91dbab9f62660e95258480d2f2cff6dcfdb513f28a85fa4fb55ee993a5b46809", "", "mention" ], [ "p", "74ffc51cc30150cf79b6cb316d3a15cf332ab29a38fec9eb484ab1551d6d1856", "", "mention" ], [ "p", "fdd5e8f6ae0db817be0b71da20498c1806968d8a6459559c249f322fa73464a7", "", "mention" ], [ "p", "778ee1e43dab8547b580f82e9cfcf1aa19151d481cb28a61cacea390405322b7" ], [ "r", "wss://relay.damus.io/" ], [ "r", "wss://relay.mostr.pub/" ], [ "r", "wss://nostr.bitcoiner.social/" ], [ "r", "wss://purplepag.es/" ], [ "r", "wss://relay.0xchat.com/" ] ], "content": "But many addresses are a hash of the public key, so we cannot validate the public keys when transactions are paying money to them. For these addresses it is impossible to filter based on public key until it is revealed, at time of spending, which requires them to be real and not spam!\n\nThough I haven't thought about this wrt P2TR, and was somewhat surprised to see point validity isn't enforced:\nhttps://github.com/bitcoin/bitcoin/pull/24106\n\nI think id rather the spammers use invalid secp points! A nice broom to have up the sleeve? Can easily patch into a node to sweep out all the invalid ones from the utxoset.\n\nIt is super easy to generate these \"fake\" secp256k1 points which are valid:\n02b33fb33fb33fb33fb33fb33fb33fb33fb33fb33fb33fb33fb33fb33fb33fb33f\n\n```rust\nuse rand::{RngCore, thread_rng};\nuse secp256kfun::{\n Point, hex,\n marker::{NonZero, Public},\n};\n\nfn main() {\n let mut rng = thread_rng();\n\n let hex_str = \"b33fb33fb33fb33fb33fb33fb33fb33fb33fb33fb33fb33fb33fb33fb33f\";\n let hex_bytes = hex::decode(hex_str).expect(\"invalid hex string\");\n\n loop {\n let mut random_bytes = [0u8; 64];\n rng.fill_bytes(\u0026mut random_bytes);\n\n let my_point_bytes = {\n let mut bytes = [0u8; 33];\n bytes[0] = 0x02; // start with 02\n\n let hex_len = hex_bytes.len().min(32);\n bytes[1..1 + hex_len].copy_from_slice(\u0026hex_bytes[0..hex_len]);\n\n // fill the rest with random bytes\n if hex_len \u003c 32 {\n bytes[1 + hex_len..33].copy_from_slice(\u0026random_bytes[0..32 - hex_len]);\n }\n\n bytes\n };\n\n let point = Point::\u003c_, Public, NonZero\u003e::from_bytes(my_point_bytes);\n match point {\n Some(valid_point) =\u003e {\n println!(\"Random valid point: {:?}\", valid_point);\n }\n None =\u003e {\n eprintln!(\"Invalid point from bytes: {}\", hex::encode(\u0026my_point_bytes));\n }\n }\n }\n}\n```", "sig": "3bac72c570a9fa5d86de2831631329b2b19a8ebaca191111bf8c27d54370c38b6133d3e55d4968ee335cc73a47f4a1a5bd64076feac7f5ea800bc17c89efa3d9" }