Public key question

Hi! I am using some tax software and it asked for my public Daedalus key (not a sending address) to sync all the transactions. My understanding is that sending addresses for my wallet are generated using the public key. So my question is, is my public key sensitive information? It appears maybe so since it’s hidden by default in the Daedalus UI. Are the sending addresses somehow safer than the public key? Is it safe to share the public key with the tax software to get my transactions?
Thanks!

From the extended public key all public keys of addresses in your wallet/account can be derived.

The privacy implications are almost non-existent, since all addresses contain the same stake key hash and can be linked together, anyway.

The security implications are very, very minimal. Only the public keys can be derived, not the private keys. They are supposed to be public.

(Usually only the hash of the public key is contained in the address and the public key only becomes really public in the first transaction spending from an address. This is minimally more secure. But the used signing algorithm is designed for the public key to be public.)

Requesting the extended public key to derive a complete overview over a wallet/account is quite usual for accounting and tax software.

1 Like

Interesting, thank you for the help @HeptaSean !

It’s best to keep your extended public key as private as possible. I don’t know the exact details, but there’re some situations when one private key of an address becomes compromised, you could derive the private keys of other addresses if the attacker also has the extended public key.

2 Likes