Difference between revisions of "Technical background of version 1 Bitcoin addresses"

From Bitcoin Wiki
Jump to: navigation, search
(Extended the example to take into account private key as well)
Line 19: Line 19:
  
 
==How to create Bitcoin Address==
 
==How to create Bitcoin Address==
 
+
0 - Take a private key
1 - Take a public key (65 bytes, 1 byte 0x04, 32 bytes corresponding to X coordinate, 32 bytes corresponding to Y coordinate)
+
    588CDBFC49007427D2A925879BE644F173023701961B271F79EA0588ACFD9D9C
     04678afdb0fe5548271967f1a67130b7105cd6a828e03909a67962e0ea1f61deb649f6bc3f4cef38c4f35504e51ec112de5c384df7ba0b8d578a4c702b6bf11d5f
+
1 - Take the corresponding public key generated with it (65 bytes, 1 byte 0x04, 32 bytes corresponding to X coordinate, 32 bytes corresponding to Y coordinate)
 +
     0425E27B5B330C9E3875B32C3CB0E30BF6D78BF88B29C6085CA439A89B8860528B9DC115E6EF955392E065625F3120B93F04D4534704C74EE6869CFABA62AD156C
 
2 - Perform SHA-256 hashing on the public key
 
2 - Perform SHA-256 hashing on the public key
     261c1eb21fc4708c6acbe1cfc6d4565652e9e768b620782898936b93000a6c02
+
     38F1186C4F40D2E8DB07630F6C0DF23DDF9E77D9C348F577E4914EFBD0F1B3AE
 
3 - Perform RIPEMD-160 hashing on the result of SHA-256
 
3 - Perform RIPEMD-160 hashing on the result of SHA-256
     62e907b15cbf27d5425399ebf6f0fb50ebb88f18
+
     7B42545440E6991053882AF2A94CC871DC9DB983
 
4 - Add network byte in front of RIPEMD-160 hash (0x00 for Main Network)
 
4 - Add network byte in front of RIPEMD-160 hash (0x00 for Main Network)
     0062e907b15cbf27d5425399ebf6f0fb50ebb88f18
+
     007B42545440E6991053882AF2A94CC871DC9DB983
 
5 - Perform SHA-256 hash on the extended RIPEMD-160 result
 
5 - Perform SHA-256 hash on the extended RIPEMD-160 result
     9b90f16de7f0e580c07735dac15ffe23e2f8f8e103914e509aa91913ffdb9fb6
+
     38ADDF81FF63470444934641C1FB4A15AEAC453B39A3B8C5B3C4F4F1CA0D327E
 
6 - Perform SHA-256 hash on the result of the previous SHA-256 hash
 
6 - Perform SHA-256 hash on the result of the previous SHA-256 hash
     c29b7d937e3049e279391e62fdf00c12def7444013ddf6215808d10e9f2d5996
+
     24A28FF4C92B254D52E6E54D50A1963FA5FA3CF52E6F9C168DA6AF6A42DEABFD
 
7 - Take the first 4 bytes of the second SHA-256 hash. This is the address checksum
 
7 - Take the first 4 bytes of the second SHA-256 hash. This is the address checksum
     c29b7d93
+
     24A28FF4
 
8 - Add the 4 checksum bytes from point 7 at the end of extended RIPEMD-160 hash from point 4. This is the 25-byte binary Bitcoin Address.
 
8 - Add the 4 checksum bytes from point 7 at the end of extended RIPEMD-160 hash from point 4. This is the 25-byte binary Bitcoin Address.
     0062e907b15cbf27d5425399ebf6f0fb50ebb88f18c29b7d93
+
     007B42545440E6991053882AF2A94CC871DC9DB98324A28FF4
 
9 - Convert the result from a byte string into a base58 string using [[Base58Check encoding]]. This is the most commonly used Bitcoin Address format
 
9 - Convert the result from a byte string into a base58 string using [[Base58Check encoding]]. This is the most commonly used Bitcoin Address format
     1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa
+
     1CEjaF7kT9CXiDCRUNVBiRsw4n34D4zw9u
  
 
==See Also==
 
==See Also==

Revision as of 02:11, 2 January 2012

Conversion from ECDSA public key to Bitcoin Address

This article may be too technical for some users. The more basic article on Bitcoin Addresses may be more appropriate.

A Bitcoin address is a 160-bit hash of the public portion of a public/private ECDSA keypair. Using some mathemagic, you can "sign" data with your private key and anyone who knows your public key can verify that the signature is valid. See the Wikipedia article for more information about how this works.

A new keypair is generated for each receiving address. Bitcoin addresses (the public keys) and their associated private keys are stored in the wallet data file. This is the only file you need to back up. A "send" transaction to a specific Bitcoin address requires that the corresponding private key exist in the recipient's wallet. This has the implication that if you create a receiving address and receive coins to that address, then restore the wallet from an earlier backup, before the address was generated, then the coins associated with that address are lost. Addresses are added to an address key pool prior to being used for receiving coins. If you lose your wallet entirely, all of your coins are lost and can never be recovered.

"Generate" transactions happen in the same way as a send transaction: each batch of 50 generated coins is "sent" to a unique address that you generate just for that purpose. These addresses are also stored in your wallet, but they are not shown in the "your receiving addresses" section.

Bitcoin allows you to create as many addresses as you want, and each one is completely separate. There is no "master address": the "Your Bitcoin address" area in the Bitcoin UI has no special importance. It's only there for your convenience, and it will change automatically from time to time to enhance your anonymity. All of your other addresses will continue to work forever. They're listed in the "your receiving addresses" section. Each address takes up only about 500 bytes, so having a large number of addresses in your wallet is generally not a problem.

Bitcoin addresses contain a built-in check code, so it's generally not possible to send Bitcoins to a mistyped address. However, if the address is well-formed but no one owns it (or the owner lost their wallet.dat), any coins sent to that address will be lost forever.

Hash values and the checksum data are converted to an alpha-numeric representation using a custom scheme: the Base58Check encoding scheme. Under Base58Check, addresses can contain all alphanumeric characters except 0, O, I, and l. Normal addresses currently always start with 1, though this might change in a future version. Testnet addresses usually start with m or n. Mainline addresses can be 25-34 characters in length, and testnet addresses can be 26-34 characters in length. Most addresses are 33 or 34 characters long.

It is also possible to send Bitcoins directly to an IP address but this method is never recommended as a man-in-the-middle attacks makes redirecting coins trivial.

Since Bitcoin addresses are basically random numbers, it is possible, although extremely unlikely, for two people to independently generate the same address. This is called a collision. If this happens, then both the original owner of the address and the colliding owner could spend money sent to that address. It would not be possible for the colliding person to spend the original owner's entire wallet (or vice versa). If you were to intentionally try to make a collision, it would currently take 2^107 times longer to generate a colliding Bitcoin address than to generate a block. As long as the signing and hashing algorithms remain cryptographically strong, it will likely always be more profitable to collect generations and transaction fees than to try to create collisions.

How to create Bitcoin Address

0 - Take a private key

   588CDBFC49007427D2A925879BE644F173023701961B271F79EA0588ACFD9D9C

1 - Take the corresponding public key generated with it (65 bytes, 1 byte 0x04, 32 bytes corresponding to X coordinate, 32 bytes corresponding to Y coordinate)

   0425E27B5B330C9E3875B32C3CB0E30BF6D78BF88B29C6085CA439A89B8860528B9DC115E6EF955392E065625F3120B93F04D4534704C74EE6869CFABA62AD156C

2 - Perform SHA-256 hashing on the public key

   38F1186C4F40D2E8DB07630F6C0DF23DDF9E77D9C348F577E4914EFBD0F1B3AE

3 - Perform RIPEMD-160 hashing on the result of SHA-256

   7B42545440E6991053882AF2A94CC871DC9DB983

4 - Add network byte in front of RIPEMD-160 hash (0x00 for Main Network)

   007B42545440E6991053882AF2A94CC871DC9DB983

5 - Perform SHA-256 hash on the extended RIPEMD-160 result

   38ADDF81FF63470444934641C1FB4A15AEAC453B39A3B8C5B3C4F4F1CA0D327E

6 - Perform SHA-256 hash on the result of the previous SHA-256 hash

   24A28FF4C92B254D52E6E54D50A1963FA5FA3CF52E6F9C168DA6AF6A42DEABFD

7 - Take the first 4 bytes of the second SHA-256 hash. This is the address checksum

   24A28FF4

8 - Add the 4 checksum bytes from point 7 at the end of extended RIPEMD-160 hash from point 4. This is the 25-byte binary Bitcoin Address.

   007B42545440E6991053882AF2A94CC871DC9DB98324A28FF4

9 - Convert the result from a byte string into a base58 string using Base58Check encoding. This is the most commonly used Bitcoin Address format

   1CEjaF7kT9CXiDCRUNVBiRsw4n34D4zw9u

See Also