Technical background of version 1 Bitcoin addresses: Difference between revisions

From Bitcoin Wiki
Jump to navigation Jump to search
Superb (talk | contribs)
No edit summary
Yojoots (talk | contribs)
Update Base58Check address formatting details
 
(13 intermediate revisions by 8 users not shown)
Line 4: Line 4:
A [[Bitcoin address]] is a 160-bit hash of the public portion of a public/private [[Wikipedia:Elliptic_Curve_DSA|ECDSA]] keypair. Using [[Wikipedia:Public-key_cryptography|public-key cryptography]], you can "sign" data with your [[private key]] and anyone who knows your public key can verify that the signature is valid.
A [[Bitcoin address]] is a 160-bit hash of the public portion of a public/private [[Wikipedia:Elliptic_Curve_DSA|ECDSA]] keypair. Using [[Wikipedia:Public-key_cryptography|public-key cryptography]], you can "sign" data with your [[private key]] and anyone who knows your public key can verify that the signature is valid.


A new keypair is generated for each receiving address. Bitcoin addresses (the public keys) and their associated private keys are stored in the [[wallet]] data file. This is the only file you need to [[backup|back up]]. A "send" transaction to a specific Bitcoin address requires that the corresponding private key exist in the recipient's wallet. This has the implication that if you create a receiving address and receive coins to that address, then restore the wallet from an earlier backup, before the address was generated, then the coins associated with that address are lost. Addresses are added to an address [[key pool]] prior to being used for receiving coins. If you lose your wallet entirely, all of your coins are lost and can never be recovered.
A new keypair is generated for each receiving address (with newer [[Deterministic wallet | HD wallets]], this is done deterministically).
The public key and their associated private keys (or the seed needed to generate them) are stored in the [[wallet]] data file.
This is the only file users should need to [[backup|backup]].
A "send" transaction to a specific Bitcoin address requires that the corresponding wallet knows the private key implementing it.
This has the implication that if you create an address and receive coins to that address, then restore the wallet from an earlier backup, before the address was generated, then the coins received with that address are lost; this is not an issue for HD wallets where all addresses are generated from a single seed.
Addresses are added to an address [[key pool]] prior to being used for receiving coins. If you lose your wallet entirely, all of your coins are lost and can never be recovered.


Bitcoin allows you to create as many addresses as you want, and each one is completely separate. There is no "master address": the "Your Bitcoin address" area in the Bitcoin UI has no special importance. It's only there for your convenience, and it will change automatically from time to time to enhance your [[Anonymity & Security|anonymity]]. All of your other addresses will continue to work forever. They're listed in the "your receiving addresses" section. Each address takes up only about 500 bytes, so having a large number of addresses in your wallet is generally not a problem.
Bitcoin allows you to create as many addresses as you want, and use a new one for every transaction.
There is no "master address": the "Your Bitcoin address" area in some wallet UIs has no special importance.
It's only there for your convenience, and it should change automatically when used.


Bitcoin addresses contain a built-in check code, so it's generally not possible to send Bitcoins to a mistyped address. However, if the address is well-formed but no one owns it (or the owner lost their wallet.dat), any coins sent to that address will be lost forever.
Bitcoin addresses contain a built-in check code, so it's generally not possible to send Bitcoins to a mistyped address. However, if the address is well-formed but no one owns it (or the owner lost their wallet.dat), any coins sent to that address will be lost forever.


Hash values and the checksum data are converted to an alpha-numeric representation using a custom scheme: the [[Base58Check encoding]] scheme. Under Base58Check, addresses can contain all alphanumeric characters except 0, O, I, and l. Normal addresses currently always start with 1 (addresses from script hashes use 3), though this might change in a future version. Testnet addresses usually start with ''m'' or ''n''. Mainline addresses can be 25-34 characters in length, and testnet addresses can be 26-34 characters in length. Most addresses are 33 or 34 characters long.
Hash values and the checksum data are converted to an alpha-numeric representation using a custom scheme: the [[Base58Check encoding]] scheme. Under Base58Check, addresses can contain all alphanumeric characters except 0, O, I, and l. Mainnet [[P2PKH]] addresses start with <code>1</code>, while [[P2SH]] addresses start with <code>3</code> ([[Bech32]] addresses start with <code>bc1</code> and do not use Base58Check encoding). Testnet addresses usually start with <code>m</code> or <code>n</code>. Mainnet addresses can be 25-34 characters in length, and testnet addresses can be 26-34 characters in length. Most addresses are 33 or 34 characters long.


It is also possible to send Bitcoins directly to an [[IP address]] but this method is never recommended as a man-in-the-middle attacks makes redirecting coins trivial.
== Collisions (lack thereof) ==
Since Bitcoin addresses are basically random numbers, it is possible, although extremely unlikely, for two people to independently generate the same address. This is called a [[Wikipedia:Collision_(computer_science)|collision]]. If this happens, then  both the original owner of the address and the colliding owner could spend money sent to that address. It would not be possible for the colliding person to spend the original owner's entire wallet (or vice versa).  


Since Bitcoin addresses are basically random numbers, it is possible, although extremely unlikely, for two people to independently generate the same address. This is called a [[Wikipedia:Collision_(computer_science)|collision]]. If this happens, then  both the original owner of the address and the colliding owner could spend money sent to that address. It would not be possible for the colliding person to spend the original owner's entire wallet (or vice versa). If you were to intentionally try to make a collision, it would currently take 2^107 times longer to generate a colliding Bitcoin address than to generate a block. As long as the signing and hashing algorithms remain cryptographically strong, it will likely always be more profitable to collect generations and [[transaction fee|transaction fees]] than to try to create collisions.
But because the space of possible addresses is so astronomically large it is more likely that the Earth is destroyed in the next 5 seconds, than that a collision occur in the next millenium.


==How to create Bitcoin Address==
==How to create Bitcoin Address==
The correct way to create a Bitcoin address is to use well tested, open source, peer reviewed wallet software.  Manually handling keys has resulted in funds loss over and over again. Unlike other centralized systems losses in Bitcoin are usually unrecoverable.
Here is a brief overview of how address generation works, for informational purposes:
0 - Having a private [[ECDSA]] key
0 - Having a private [[ECDSA]] key
     18E14A7B6A307F426A94F8114701E7C8E774E7F9A47E2C2035DB29A206321725
     18e14a7b6a307f426a94f8114701e7c8e774e7f9a47e2c2035db29a206321725
1 - Take the corresponding public key generated with it (65 bytes, 1 byte 0x04, 32 bytes corresponding to X coordinate, 32 bytes corresponding to Y coordinate)
1 - Take the corresponding public key generated with it (33 bytes, 1 byte 0x02 (y-coord is even), and 32 bytes corresponding to X coordinate)
     0450863AD64A87AE8A2FE83C1AF1A8403CB53F53E486D8511DAD8A04887E5B23522CD470243453A299FA9E77237716103ABC11A1DF38855ED6F2EE187E9C582BA6
     0250863ad64a87ae8a2fe83c1af1a8403cb53f53e486d8511dad8a04887e5b2352
2 - Perform SHA-256 hashing on the public key
2 - Perform [[SHA-256]] hashing on the public key
     600FFE422B4E00731A59557A5CCA46CC183944191006324A447BDB2D98D4B408
     0b7c28c9b7290c98d7438e70b3d3f7c848fbd7d1dc194ff83f4f7cc9b1378e98
3 - Perform RIPEMD-160 hashing on the result of SHA-256
3 - Perform [[RIPEMD-160]] hashing on the result of SHA-256
     010966776006953D5567439E5E39F86A0D273BEE
     f54a5851e9372b87810a8e60cdd2e7cfd80b6e31
4 - Add version byte in front of RIPEMD-160 hash (0x00 for Main Network)
4 - Add version byte in front of RIPEMD-160 hash (0x00 for Main Network)
     00010966776006953D5567439E5E39F86A0D273BEE
     00f54a5851e9372b87810a8e60cdd2e7cfd80b6e31
''(note that below steps are the [[Base58Check encoding]], which has multiple library options available implementing it)''<br>
5 - Perform SHA-256 hash on the extended RIPEMD-160 result
5 - Perform SHA-256 hash on the extended RIPEMD-160 result
     445C7A8007A93D8733188288BB320A8FE2DEBD2AE1B47F0F50BC10BAE845C094
     ad3c854da227c7e99c4abfad4ea41d71311160df2e415e713318c70d67c6b41c
6 - Perform SHA-256 hash on the result of the previous SHA-256 hash
6 - Perform SHA-256 hash on the result of the previous SHA-256 hash
     D61967F63C7DD183914A4AE452C9F6AD5D462CE3D277798075B107615C1A8A30
     c7f18fe8fcbed6396741e58ad259b5cb16b7fd7f041904147ba1dcffabf747fd
7 - Take the first 4 bytes of the second SHA-256 hash. This is the address checksum
7 - Take the first 4 bytes of the second SHA-256 hash. This is the address checksum
     D61967F6
     c7f18fe8
8 - Add the 4 checksum bytes from stage 7 at the end of extended RIPEMD-160 hash from stage 4. This is the 25-byte binary Bitcoin Address.
8 - Add the 4 checksum bytes from stage 7 at the end of extended RIPEMD-160 hash from stage 4. This is the 25-byte binary Bitcoin Address.
     00010966776006953D5567439E5E39F86A0D273BEED61967F6
     00f54a5851e9372b87810a8e60cdd2e7cfd80b6e31c7f18fe8
9 - Convert the result from a byte string into a base58 string using [[Base58Check encoding]]. This is the most commonly used Bitcoin Address format
9 - Convert the result from a byte string into a base58 string using [[Base58Check encoding]]. This is the most commonly used Bitcoin Address format
     16UwLL9Risc3QfPqBUvKofHmBQ7wMtjvM
     1PMycacnJaSqwwJqjawXBErnLsZ7RkXUAs


==See Also==
==See Also==
* [[Address]]
* [[Address]]
* [[Base58Check encoding]]
* [http://gobittest.appspot.com/Address Address testing suite]
* [http://gobittest.appspot.com/Address Address testing suite]
* [[Anonymity & Security]]
* [http://lenschulwitz.com/base58 Online Address Validator and Base58 Encoder/Decoder]
 
[[Category:Technical]]
[[Category:Technical]]
{{Bitcoin Core documentation}}

Latest revision as of 06:45, 25 February 2021

Conversion from ECDSA public key to Bitcoin Address

This article may be too technical for some users. The more basic article on Bitcoin Addresses may be more appropriate.

A Bitcoin address is a 160-bit hash of the public portion of a public/private ECDSA keypair. Using public-key cryptography, you can "sign" data with your private key and anyone who knows your public key can verify that the signature is valid.

A new keypair is generated for each receiving address (with newer HD wallets, this is done deterministically). The public key and their associated private keys (or the seed needed to generate them) are stored in the wallet data file. This is the only file users should need to backup. A "send" transaction to a specific Bitcoin address requires that the corresponding wallet knows the private key implementing it. This has the implication that if you create an address and receive coins to that address, then restore the wallet from an earlier backup, before the address was generated, then the coins received with that address are lost; this is not an issue for HD wallets where all addresses are generated from a single seed. Addresses are added to an address key pool prior to being used for receiving coins. If you lose your wallet entirely, all of your coins are lost and can never be recovered.

Bitcoin allows you to create as many addresses as you want, and use a new one for every transaction. There is no "master address": the "Your Bitcoin address" area in some wallet UIs has no special importance. It's only there for your convenience, and it should change automatically when used.

Bitcoin addresses contain a built-in check code, so it's generally not possible to send Bitcoins to a mistyped address. However, if the address is well-formed but no one owns it (or the owner lost their wallet.dat), any coins sent to that address will be lost forever.

Hash values and the checksum data are converted to an alpha-numeric representation using a custom scheme: the Base58Check encoding scheme. Under Base58Check, addresses can contain all alphanumeric characters except 0, O, I, and l. Mainnet P2PKH addresses start with 1, while P2SH addresses start with 3 (Bech32 addresses start with bc1 and do not use Base58Check encoding). Testnet addresses usually start with m or n. Mainnet addresses can be 25-34 characters in length, and testnet addresses can be 26-34 characters in length. Most addresses are 33 or 34 characters long.

Collisions (lack thereof)

Since Bitcoin addresses are basically random numbers, it is possible, although extremely unlikely, for two people to independently generate the same address. This is called a collision. If this happens, then both the original owner of the address and the colliding owner could spend money sent to that address. It would not be possible for the colliding person to spend the original owner's entire wallet (or vice versa).

But because the space of possible addresses is so astronomically large it is more likely that the Earth is destroyed in the next 5 seconds, than that a collision occur in the next millenium.

How to create Bitcoin Address

The correct way to create a Bitcoin address is to use well tested, open source, peer reviewed wallet software. Manually handling keys has resulted in funds loss over and over again. Unlike other centralized systems losses in Bitcoin are usually unrecoverable.

Here is a brief overview of how address generation works, for informational purposes:

0 - Having a private ECDSA key

   18e14a7b6a307f426a94f8114701e7c8e774e7f9a47e2c2035db29a206321725

1 - Take the corresponding public key generated with it (33 bytes, 1 byte 0x02 (y-coord is even), and 32 bytes corresponding to X coordinate)

   0250863ad64a87ae8a2fe83c1af1a8403cb53f53e486d8511dad8a04887e5b2352

2 - Perform SHA-256 hashing on the public key

   0b7c28c9b7290c98d7438e70b3d3f7c848fbd7d1dc194ff83f4f7cc9b1378e98

3 - Perform RIPEMD-160 hashing on the result of SHA-256

   f54a5851e9372b87810a8e60cdd2e7cfd80b6e31

4 - Add version byte in front of RIPEMD-160 hash (0x00 for Main Network)

   00f54a5851e9372b87810a8e60cdd2e7cfd80b6e31

(note that below steps are the Base58Check encoding, which has multiple library options available implementing it)
5 - Perform SHA-256 hash on the extended RIPEMD-160 result

   ad3c854da227c7e99c4abfad4ea41d71311160df2e415e713318c70d67c6b41c

6 - Perform SHA-256 hash on the result of the previous SHA-256 hash

   c7f18fe8fcbed6396741e58ad259b5cb16b7fd7f041904147ba1dcffabf747fd

7 - Take the first 4 bytes of the second SHA-256 hash. This is the address checksum

   c7f18fe8

8 - Add the 4 checksum bytes from stage 7 at the end of extended RIPEMD-160 hash from stage 4. This is the 25-byte binary Bitcoin Address.

   00f54a5851e9372b87810a8e60cdd2e7cfd80b6e31c7f18fe8

9 - Convert the result from a byte string into a base58 string using Base58Check encoding. This is the most commonly used Bitcoin Address format

   1PMycacnJaSqwwJqjawXBErnLsZ7RkXUAs

See Also