bitcoin addresses

28
Bitcoin Addresses How they are generated from public keys (a step-by-step guide) Ash Moran aviewfromafar.net [email protected]

Upload: ashmoran

Post on 15-Jan-2015

3.372 views

Category:

Technology


4 download

DESCRIPTION

A step-by-step guide to how Bitcoin addresses are generated from public keys

TRANSCRIPT

Page 1: Bitcoin Addresses

Bitcoin AddressesHow they are generated from public keys (a step-by-step guide)

Ash Moran aviewfromafar.net

[email protected]

Page 2: Bitcoin Addresses

Anatomy of an Address

1kqHKEYYC8CQPxyV53nCju4Lk2ufpQqA2

addressprefix

Base58Check encoding of the cryptographic hash

of something(indicated by the prefix)

Page 3: Bitcoin Addresses

Step 1:Representing Numbers

Page 4: Bitcoin Addresses

What’s Base58?

Represents numbers (eg decimal, base ten, numbers using the digits 0-9) using 58 characters

Uses 1-9, most of A-Z and a-z, except:

No letter capital i (I), lowercase L (l), O or 0

Like hexadecimal, but with more digits

Page 5: Bitcoin Addresses

What’s hexadecimal?

Represents numbers (eg decimal, base ten, numbers using the digits 0-9) using 16 characters

Uses 0-9, A-F

A = 10, B = 11, etc

Page 6: Bitcoin Addresses

Number -> HexadecimalDecimal Hex

0 0

1 1

2 2

3 3

4 4

5 5

6 6

7 7

8 8

9 9

10 A

11 B

12 C

13 D

14 E

15 F

Page 7: Bitcoin Addresses

Hexadecimal example

C6A = 12 * 162 + 6 * 161 + 10 * 160 =

12 * (256) + 6 * (16) + 10 * (1) = 3178

Page 8: Bitcoin Addresses

Number -> Base58Decimal Base58 Decimal Base58 Decimal Base58

0 1 20 M 40 h1 2 21 N 41 i2 3 22 P 42 j3 4 23 Q 43 k4 5 24 R 44 m5 6 25 S 45 n6 7 26 T 46 o7 8 27 U 47 p8 9 28 V 48 q9 A 29 W 49 r10 B 30 X 50 s11 C 31 Y 51 t12 D 32 Z 52 u13 E 33 a 53 v14 F 34 b 54 w15 G 35 c 55 x16 H 36 d 56 y17 J 37 e 57 z18 K 38 f19 L 39 g

Page 9: Bitcoin Addresses

Base58 example

4iX = 3 * 582 + 41 * 581 + 30 * 580 =

3 * (3364) + 41 * (58) + 30 * (1) = 12500

Page 10: Bitcoin Addresses

Step 2: Message digests / hashes

Page 11: Bitcoin Addresses

HashingA hash function takes a value in

eg “This is my message”

Returns a fixed length number out

eg 1129729371291755845

Generates a different number if the input changes even slightly

“This it my message” => 3763820994290329705

Page 12: Bitcoin Addresses

Cryptographic hashingLike hashing but designed so it’s very very hard to figure out the message from the hash.

hash_function(“This is my message”) => hash_value – EASY!

hash_value => <?what was the message?> – HARD!

Bitcoin uses SHA256 and RIPEMD-160 hash functions

SHA256(“This is my message”) =>3311b7c0bd91b6c73a38212de8ade31c51910f17480ad212ed2b9798a35b7747

SHA256(“This it my message”) => 26a9911800b6115eb7ee508f60a2fd6479d45155a8aef1b1a35eb3173a512063

RIPEMD160(“This is my message”) =>bdb6824f7b28e7dd9b9d6b457142547064435937

Page 13: Bitcoin Addresses

Base58 version of a hashRIPEMD160(“This is my message”) =>bdb6824f7b28e7dd9b9d6b457142547064435937

hex: bdb6824f7b28e7dd9b9d6b457142547064435937 decimal:1083069342955023797228115257453753838398332950839

Base58(1083069342955023797228115257453753838398332950839) => 3eJ7uPEgX8h56UJmTNmqwTvHs9H8

Page 14: Bitcoin Addresses

Step 3: Bitcoin encryption keys

Page 15: Bitcoin Addresses

Public/private key signing

Problem: Alice wants to send Bob a message and want anybody to be able to verify that the message came from her. She wants to make sure nobody can forge her signature on the message.

Page 16: Bitcoin Addresses

Elliptic Curve Cryptography

See the excellent guide A (relatively easy to understand) primer on elliptic curve cryptography

by Nick Sullivan

Page 17: Bitcoin Addresses

Elliptic Curve CryptographyPrivate key: a random 256-bit (32-byte) integer

Public key: an (x, y) point on the curve, either:

the number 4, followed by 256-bit x and y coordinates (old uncompressed 65-byte format)[4, x, y]

the number 2 or 3 followed by a 256-bit x coordinate (new compressed 33-byte format) [2, x, y] or [3, x, y]

Page 18: Bitcoin Addresses

Step 4: Checksums

Page 19: Bitcoin Addresses

European Article Number

Colgate Total 75 ml 4011200296908

Page 20: Bitcoin Addresses

Colgate Total 75ml EAN checksum

4 0 1 1 2 0 0 2 9 6 9 0 8

Total of odd numbers = 25

Total of even numbers = 99 * 3 = 27

27 + 25 = 52 Last digit of 52 = 2

10 - 2 = 8yay!

Page 21: Bitcoin Addresses

Step 5: Putting it together

Page 22: Bitcoin Addresses

Bitcoin pubkey addressTake the pubkey with header byte, e.g. [4, x, y]

Run it through the SHA256 hash functionpubkey_hash_step_1 = SHA256([4, x, y])

Run it through the RIPEMD160 hash function pubkey_hash = RIPEMD160(pubkey_hash_step_1)

Add a byte to the start to indicate which network it’s for (Bitcoin 00, Namecoin 34, Bitcoin testnet 6f)plain_binary_address = [00, pubkey_hash]

TBC…

Page 23: Bitcoin Addresses

Checksum generationTake the plain binary address, and run it through the SHA256 function twice:plain_address_hash = SHA256(SHA256(plain_binary_address))

Take the first four bytes of this hash as a checksum: checksum = first_4_bytes(plain_binary_address)

Add the checksum onto the end to give the binary_address:binary_address = [00, pubkey_hash, checksum]

Base58 encode the result:bitcoin_address = Base58(binary_address)

Now we have the result, eg “16UwLL9Risc3QfPqBUvKofHmBQ7wMtjvM”

Page 24: Bitcoin Addresses

Demo! (source for live demo now on the next slide)

Page 25: Bitcoin Addresses

Example Ruby sourcerequire 'bitcoin' !def hex_string_to_bytes(string) [string].pack("H*") end !def bytes_to_hex_string(bytes) bytes.unpack("H*").first end !# https://en.bitcoin.it/wiki/Technical_background_of_Bitcoin_addresses private_key_hex_string = "18E14A7B6A307F426A94F8114701E7C8E774E7F9A47E2C2035DB29A206321725" !key = Bitcoin::Key.new(private_key_hex_string) pub_key_bytes = hex_string_to_bytes(key.pub_uncompressed) !hash_step_1 = Digest::SHA256.digest(pub_key_bytes) hash160 = Digest::RMD160.digest(hash_step_1) hash160_hex_string = bytes_to_hex_string(hash160) !versioned_hash160_hex_string = "00" + hash160_hex_string versioned_hash160 = hex_string_to_bytes(versioned_hash160_hex_string) !checksum_hash_round_1 = Digest::SHA256.digest(versioned_hash160) checksum_hash_round_2 = Digest::SHA256.digest(checksum_hash_round_1) checksum = checksum_hash_round_2[0,4] !binary_address = versioned_hash160 + checksum binary_address_hex_string = bytes_to_hex_string(binary_address) !human_address = Bitcoin.encode_base58(binary_address_hex_string) p human_address

https://gist.github.com/ashmoran/7582071

Page 26: Bitcoin Addresses

Other address types

Page 27: Bitcoin Addresses

Other address typesBitcoin script addresses: 3xxx, e.g.:3EktnHQD7RiAE6uzMj2ZifT9YgRrkSgzQX

Bitcoin private key (uncompressed pubkey), 5xxx, e.g.: 5Htn3FzuH3b1X5VF2zLTsAQzBcyzkZNJsa2egXN8ZFJTCqQm3Rq

Bitcoin private key (compressed pubkey), [K/L]xxx, e.g.: L1aW4aubDFB7yfras2S1mN3bqg9nwySY8nkoLmJebSLD5BWv3ENZ

Page 28: Bitcoin Addresses

Done!