bitcoin addresses
DESCRIPTION
A step-by-step guide to how Bitcoin addresses are generated from public keysTRANSCRIPT
Bitcoin AddressesHow they are generated from public keys (a step-by-step guide)
Ash Moran aviewfromafar.net
Anatomy of an Address
1kqHKEYYC8CQPxyV53nCju4Lk2ufpQqA2
addressprefix
Base58Check encoding of the cryptographic hash
of something(indicated by the prefix)
Step 1:Representing Numbers
What’s Base58?
Represents numbers (eg decimal, base ten, numbers using the digits 0-9) using 58 characters
Uses 1-9, most of A-Z and a-z, except:
No letter capital i (I), lowercase L (l), O or 0
Like hexadecimal, but with more digits
What’s hexadecimal?
Represents numbers (eg decimal, base ten, numbers using the digits 0-9) using 16 characters
Uses 0-9, A-F
A = 10, B = 11, etc
Number -> HexadecimalDecimal Hex
0 0
1 1
2 2
3 3
4 4
5 5
6 6
7 7
8 8
9 9
10 A
11 B
12 C
13 D
14 E
15 F
Hexadecimal example
C6A = 12 * 162 + 6 * 161 + 10 * 160 =
12 * (256) + 6 * (16) + 10 * (1) = 3178
Number -> Base58Decimal Base58 Decimal Base58 Decimal Base58
0 1 20 M 40 h1 2 21 N 41 i2 3 22 P 42 j3 4 23 Q 43 k4 5 24 R 44 m5 6 25 S 45 n6 7 26 T 46 o7 8 27 U 47 p8 9 28 V 48 q9 A 29 W 49 r10 B 30 X 50 s11 C 31 Y 51 t12 D 32 Z 52 u13 E 33 a 53 v14 F 34 b 54 w15 G 35 c 55 x16 H 36 d 56 y17 J 37 e 57 z18 K 38 f19 L 39 g
Base58 example
4iX = 3 * 582 + 41 * 581 + 30 * 580 =
3 * (3364) + 41 * (58) + 30 * (1) = 12500
Step 2: Message digests / hashes
HashingA hash function takes a value in
eg “This is my message”
Returns a fixed length number out
eg 1129729371291755845
Generates a different number if the input changes even slightly
“This it my message” => 3763820994290329705
Cryptographic hashingLike hashing but designed so it’s very very hard to figure out the message from the hash.
hash_function(“This is my message”) => hash_value – EASY!
hash_value => <?what was the message?> – HARD!
Bitcoin uses SHA256 and RIPEMD-160 hash functions
SHA256(“This is my message”) =>3311b7c0bd91b6c73a38212de8ade31c51910f17480ad212ed2b9798a35b7747
SHA256(“This it my message”) => 26a9911800b6115eb7ee508f60a2fd6479d45155a8aef1b1a35eb3173a512063
RIPEMD160(“This is my message”) =>bdb6824f7b28e7dd9b9d6b457142547064435937
Base58 version of a hashRIPEMD160(“This is my message”) =>bdb6824f7b28e7dd9b9d6b457142547064435937
hex: bdb6824f7b28e7dd9b9d6b457142547064435937 decimal:1083069342955023797228115257453753838398332950839
Base58(1083069342955023797228115257453753838398332950839) => 3eJ7uPEgX8h56UJmTNmqwTvHs9H8
Step 3: Bitcoin encryption keys
Public/private key signing
Problem: Alice wants to send Bob a message and want anybody to be able to verify that the message came from her. She wants to make sure nobody can forge her signature on the message.
Elliptic Curve Cryptography
See the excellent guide A (relatively easy to understand) primer on elliptic curve cryptography
by Nick Sullivan
Elliptic Curve CryptographyPrivate key: a random 256-bit (32-byte) integer
Public key: an (x, y) point on the curve, either:
the number 4, followed by 256-bit x and y coordinates (old uncompressed 65-byte format)[4, x, y]
the number 2 or 3 followed by a 256-bit x coordinate (new compressed 33-byte format) [2, x, y] or [3, x, y]
Step 4: Checksums
European Article Number
Colgate Total 75 ml 4011200296908
Colgate Total 75ml EAN checksum
4 0 1 1 2 0 0 2 9 6 9 0 8
Total of odd numbers = 25
Total of even numbers = 99 * 3 = 27
27 + 25 = 52 Last digit of 52 = 2
10 - 2 = 8yay!
Step 5: Putting it together
Bitcoin pubkey addressTake the pubkey with header byte, e.g. [4, x, y]
Run it through the SHA256 hash functionpubkey_hash_step_1 = SHA256([4, x, y])
Run it through the RIPEMD160 hash function pubkey_hash = RIPEMD160(pubkey_hash_step_1)
Add a byte to the start to indicate which network it’s for (Bitcoin 00, Namecoin 34, Bitcoin testnet 6f)plain_binary_address = [00, pubkey_hash]
TBC…
Checksum generationTake the plain binary address, and run it through the SHA256 function twice:plain_address_hash = SHA256(SHA256(plain_binary_address))
Take the first four bytes of this hash as a checksum: checksum = first_4_bytes(plain_binary_address)
Add the checksum onto the end to give the binary_address:binary_address = [00, pubkey_hash, checksum]
Base58 encode the result:bitcoin_address = Base58(binary_address)
Now we have the result, eg “16UwLL9Risc3QfPqBUvKofHmBQ7wMtjvM”
Demo! (source for live demo now on the next slide)
Example Ruby sourcerequire 'bitcoin' !def hex_string_to_bytes(string) [string].pack("H*") end !def bytes_to_hex_string(bytes) bytes.unpack("H*").first end !# https://en.bitcoin.it/wiki/Technical_background_of_Bitcoin_addresses private_key_hex_string = "18E14A7B6A307F426A94F8114701E7C8E774E7F9A47E2C2035DB29A206321725" !key = Bitcoin::Key.new(private_key_hex_string) pub_key_bytes = hex_string_to_bytes(key.pub_uncompressed) !hash_step_1 = Digest::SHA256.digest(pub_key_bytes) hash160 = Digest::RMD160.digest(hash_step_1) hash160_hex_string = bytes_to_hex_string(hash160) !versioned_hash160_hex_string = "00" + hash160_hex_string versioned_hash160 = hex_string_to_bytes(versioned_hash160_hex_string) !checksum_hash_round_1 = Digest::SHA256.digest(versioned_hash160) checksum_hash_round_2 = Digest::SHA256.digest(checksum_hash_round_1) checksum = checksum_hash_round_2[0,4] !binary_address = versioned_hash160 + checksum binary_address_hex_string = bytes_to_hex_string(binary_address) !human_address = Bitcoin.encode_base58(binary_address_hex_string) p human_address
https://gist.github.com/ashmoran/7582071
Other address types
Other address typesBitcoin script addresses: 3xxx, e.g.:3EktnHQD7RiAE6uzMj2ZifT9YgRrkSgzQX
Bitcoin private key (uncompressed pubkey), 5xxx, e.g.: 5Htn3FzuH3b1X5VF2zLTsAQzBcyzkZNJsa2egXN8ZFJTCqQm3Rq
Bitcoin private key (compressed pubkey), [K/L]xxx, e.g.: L1aW4aubDFB7yfras2S1mN3bqg9nwySY8nkoLmJebSLD5BWv3ENZ
Done!