[adhoc32]

It needs lighting speed factorization to break Bitcoin. The public key of a bitcoin address is exposed only when the transaction is broadcasted on the network. The attacker would have about 10 minutes to factorize the public key before the transaction is validated and the original address's balance is cleared.

[nayuki]

Factorization applies to RSA. Bitcoin uses ECDSA, so you'd need to solve the elliptic curve discrete logarithm problem.

[adhoc32]

You're right.

[xiphias2]

This is not true: most value is stored on hardware wallets, and the public keys are exposed to the computers whenever the balance is checked. It’s dangerous to treat public keys as private information, as most software is not designed to protect it.

[adhoc32]

A bitcoin address is the double hash with two different algorithms of the public key. Hardware wallets do not expose the public key to check the balance, they use the address. The public key is broadcasted when a transaction is signed so the network can verify the signature. This is the reason why bitcoin addresses should never be reused. It gives the attacker the information and the time to break the encryption (theoretically).

[xiphias2]

The address is the double hash of the hierarchically derived public key using BIP32 key derivation. To be able to compute multiple addresses the master public key is used in the computer's memory that may contain malicious code.