How are Bitcoin addresses created?

Addresses are at the heart of how Bitcoin transactions work. They are encodings of public keys.

From the public key to the address

Generating a Bitcoin address requires above all a public key which goes hand in hand with a private key.

The two keys are created together using elliptic curve cryptography. The curve used in the Bitcoin protocol is called secp256k1.

Keys are basically large numbers connected by a mathematical relationship obtained through this elliptical curve.

The equation of the elliptic curve secp256k1 is such that each of the keys obtained is 256 bits at most. Instead of expressing it in figures, we use the hexadecimal format. We are talking about a base16 format (0,1,2,3,4,5,6,7,8,9,A,B,C,D,E,F).

256-bit hexadecimal keys are 64 characters long. Example of private key in hexadecimal:

e9873d79c6d87dc0fb6a5778633389f4453213303da61f20bd67fc233aa33262

In decimal (base10):

105627842363267744400190144423808258002852957479547731009248450467191077417570

In binary (base2):

1110100110000111001111010111100111000110110110000111110111000000111110110110101001

0101110111100001100011001100111000100111110100010001010011001000010011001100000011

1101101001100001111100100000101111010110011111111000010001100111010101000110011001001100010

The key expressed in binary is 256 bits (256 0 or 1), you can count.

The corresponding public key is (in hexadecimal):

02588d202afcc1ee4ab5254c7847ec25b9a135bbda0f2bc69ee1a714749fd77dc9

Public keys are often mistakenly confused with addresses. Addresses have long been used instead of public keys to conduct transactions.

Public keys are now hidden behind “addresses”. Here is the process of transforming a public key into an address:

1) Pass the public key in SHA-256.

2) Pass the hash obtained in RIPE®-160 (which is also a hash function).

3) Add at the beginning of this hash the code corresponding to the type of address.

4) Pass everything through SHA-256.

5) Run again through the SHA-256 grinder.

6) Take the first four bytes of the hash (checksum) and add them to the hash obtained in step 3. You then obtain a 25-bit bitcoin address.

7) Convert address to format base58.

What is SHA-256, RIPEMD-160, Base58?

SHA-256 for “Secure-Hash Algorithm”. This function gives a hash of 256 bits whatever it is given as input.

This is a one-way function. It is therefore impossible to guess what was brought as input from the output hash.

If we give as input “I likeBitcoin” in SHA-256, we get this hash:

d244eafee6196a053e89d91999d33adfdc46a82b0a595f32b65d11c69a2c13cc

If we give instead “I like bitcoin” (with a lowercase b), we get this hash:

dcf280d6205d22f155ef5523bb39874801dc56125f34ad41a6965c3bc5d88a39

The hash is completely different. This is called the “avalanche effect”. A very small input modification drastically changes the output result.

RIPEMD-160 is also a hashing algorithm. Except that the length of the hash is only 160 bits.

Why use two different algorithms?

RIPEMD-160 shortens the size of hashes. This reduces the amount of memory needed to run a node. The decentralization of the network is thereby reinforced. This also makes it possible to have less cumbersome and therefore less expensive transactions.

SHA-256 adds a level of security, against the quantum threat for example.

Base58 is used to remove the characters 0, O, I and l. This avoids errors by confusing them when reading the address. It also shortens the length of the address a bit more.

Finally, the address type code to distinguish between different address types. Complete list HERE.

Example of address creation

You have to start with a public key:

02588d202afcc1ee4ab5254c7847ec25b9a135bbda0f2bc69ee1a714749fd77dc9

1) Enter the public key in SHA-256 which will give a 256-bit hash:

9d302083dadf92b38dcb1c626c842602dbb091466e30ed2a4763cd8ac67c0a9f

2) Enter this hash in RIPEMD-160 (which is also a hash function giving a 160-bit hash):

956e88bf3eda9fa4a228f55e10c9f8f7e2518f97

3) Add the transaction type code to the beginning of the hash from RIPEMD-160:

[00]956e88bf3eda9fa4a228f55e10c9f8f7e2518f97

4) Go back to SHA-256:

77af09c704b3c235c504d17c69a5b22543567afcb86b0f6f6c89d978e8ef1f10

5) Go back a second in SHA-256:

3ca359f964d6629ec7c114a032826b2baf66bb35b4350ab82f5864a65a1cefab

6) Take the first four bytes of the hash (checksum) and add them to the hash obtained in step 3. You then obtain a 25-bit bitcoin address:

[00]956e88bf3eda9fa4a228f55e10c9f8f7e2518f97[3ca359f9]

7) Convert address to base58 format.

1Ed86dcxMQqFkmF89n7PTRPUku7h25j5m2

So. It looks very similar to one of the addresses in your wallet, doesn’t it?

By the way, the “checksum” allows the wallet to check whether a provided address contains a typing error. It would be a shame to send BTC to the wrong address.

Thanks to the checksum, the probability of entering a wrong address is only 1 in 4.3 billion. So don’t worry about entering the wrong key.

In addition, the number of Bitcoin key pairs that can be created is 2^160. The probability that a lucky person will receive these BTCs is almost nil. BTC will be lost forever.

Summary

There are different types of addresses. The one we just described is called P2PKH (Pay-to-public-key-hash), or “Legacy” address. This is the oldest type of address. They start with “1”.

There are many other types of address, for example:

-The addresses P2WPKH (Pay-to-Witness-Public-Key-Hash). They are encoded in Bech32 rather than base58 and begin with “bc1”.
-The addresses P2SH (Pay-to-Script-Hash). They start with “3”.

In summary, a private/public key pair is generated using elliptic curve cryptography. The public key then goes through the milling of SHA-256, RIPEMD-160 and base58 to create an address. This is a representation of the public key.

A set of addresses is called a “wallet”. The latter does not host bitcoins per se, but private keys.

Addresses are publicly available information used to complete transactions. Knowing that, concretely, a transaction amounts to creating one (or more) UTXO.

UTXOs are scripts (little pieces of code) linking a certain amount of BTC to an address (a public key) that the nodes jealously guard in memory. To know more : UTXO and Privacy.

Only the one who has the private key corresponding to the public key can unlock (sign) the script and carry out a transaction, i.e. link the BTCs to a new address.