# Difference between revisions of "Base58Check encoding"

(edits) |
(more edits) |
||

Line 15: | Line 15: | ||

# Concatenate the results of step 1 and the results of step 2 together. | # Concatenate the results of step 1 and the results of step 2 together. | ||

# Treating the byte array as a big-endian base-256 number, convert the base-256 to base-58 using normal mathematical steps (bignumber division) and the base-58 alphabet described below. The result should be normalized to not have any leading base-58 zeroes (character '1'). | # Treating the byte array as a big-endian base-256 number, convert the base-256 to base-58 using normal mathematical steps (bignumber division) and the base-58 alphabet described below. The result should be normalized to not have any leading base-58 zeroes (character '1'). | ||

− | # The leading character '1' is reserved for representing | + | # The leading character '1' is reserved for representing an entire leading zero '''byte''', as when it is in a leading position, has no value as a base-58 symbol. There can be one or more leading '1's when necessary to represent one or more leading zero bytes. Count the number of leading zero bytes that were the result of step 3 (for Bitcoin addresses, there will always be at least one: the version/application byte). Each leading zero byte shall be represented by its own character '1' in the final result. |

− | # Concatenate the 1's from step 5 with the results of step 4. This is the Base58Check result. | + | # Concatenate the 1's from step 5 with the results of step 4. '''This is the Base58Check result.''' |

− | A Bitcoin address is the Base58Check encoding of the hash of the associated public key. Specifically, it is Base58Check(0,RIPEMD160(SHA256(public key))), with the following constraints: | + | A Bitcoin address is the Base58Check encoding of the hash of the associated [[public key]]. Specifically, it is Base58Check(0,[[RIPEMD160]]([[SHA256]]([[public key]]))), with the following constraints: |

− | * RIPEMD160 and SHA256 in this case are always exactly 20 and 32 unsigned bytes respectively. (Beware of bignumber implementations that clip leading 0x00 bytes, or prepend extra 0x00 bytes to indicate sign.) | + | * [[RIPEMD160]] and [[SHA256]] in this case are always exactly 20 and 32 unsigned bytes respectively. (Beware of [[bignumber]] implementations that clip leading 0x00 bytes, or prepend extra 0x00 bytes to indicate sign.) |

* 0 refers to the version/application byte. | * 0 refers to the version/application byte. | ||

− | * "public key" is always represented as 65 bytes: the constant 0x04, followed by a 32-byte x-coordinate, then a 32-byte y-coordinate, both of which are unsigned big-endian integers. | + | * "[[public key]]" is always represented as 65 bytes: the constant 0x04, followed by a 32-byte x-coordinate, then a 32-byte y-coordinate, both of which are unsigned big-endian integers, extended when necessary to 32 bytes. |

Because of the 0x00 version/application byte, Bitcoin addresses always start with the digit '1'. | Because of the 0x00 version/application byte, Bitcoin addresses always start with the digit '1'. | ||

− | Base58_check encoding is also used for encoding private keys in the [[Wallet Import Format]]. This is formed exactly the same as a Bitcoin address, except that 0x80 is used for the version/application byte, and the payload is 32 bytes instead of 20 (a private key is a 32-byte unsigned big-endian integer). Such encodings will always yield a 51-character string that starts with '5', or more specifically, either '5H', '5J', or '5K'. | + | Base58_check encoding is also used for encoding private keys in the [[Wallet Import Format]]. This is formed exactly the same as a Bitcoin address, except that 0x80 is used for the version/application byte, and the payload is 32 bytes instead of 20 (a private key in Bitcoin is a single 32-byte unsigned big-endian integer). Such encodings will always yield a 51-character string that starts with '5', or more specifically, either '5H', '5J', or '5K'. |

==Base58 symbol chart== | ==Base58 symbol chart== |

## Revision as of 03:27, 20 September 2011

A modified Base 58 encoding known as **Base58Check** is used for encoding Bitcoin addresses.

More generically, Base58Check encoding is used for encoding byte arrays in Bitcoin into human-typable strings. A Bitcoin address is simply a Base58Check-encoded string with a 20-byte payload, the payload being the hash of the public key associated with the address.

Base58Check has the following features:

- An arbitrarily sized payload.
- A set of 58 alphanumeric symbols consisting of easily distinguished uppercase and lowercase letters (0OIl are not used)
- One byte of version/application information. Bitcoin addresses use 0x00 for this byte.
- Four bytes (32 bits) of SHA256-based error checking code. This code can be used to automatically correct typographical errors.
- An extra step for preservation of leading zeroes in the data.

A Base58Check string is created from a version/application byte and payload as follows.

- Take the version/application byte and payload bytes, and concatenate them together.
- Take the first four bytes of SHA256(SHA256(results of step 1))
- Concatenate the results of step 1 and the results of step 2 together.
- Treating the byte array as a big-endian base-256 number, convert the base-256 to base-58 using normal mathematical steps (bignumber division) and the base-58 alphabet described below. The result should be normalized to not have any leading base-58 zeroes (character '1').
- The leading character '1' is reserved for representing an entire leading zero
**byte**, as when it is in a leading position, has no value as a base-58 symbol. There can be one or more leading '1's when necessary to represent one or more leading zero bytes. Count the number of leading zero bytes that were the result of step 3 (for Bitcoin addresses, there will always be at least one: the version/application byte). Each leading zero byte shall be represented by its own character '1' in the final result. - Concatenate the 1's from step 5 with the results of step 4.
**This is the Base58Check result.**

A Bitcoin address is the Base58Check encoding of the hash of the associated public key. Specifically, it is Base58Check(0,RIPEMD160(SHA256(public key))), with the following constraints:

- RIPEMD160 and SHA256 in this case are always exactly 20 and 32 unsigned bytes respectively. (Beware of bignumber implementations that clip leading 0x00 bytes, or prepend extra 0x00 bytes to indicate sign.)
- 0 refers to the version/application byte.
- "public key" is always represented as 65 bytes: the constant 0x04, followed by a 32-byte x-coordinate, then a 32-byte y-coordinate, both of which are unsigned big-endian integers, extended when necessary to 32 bytes.

Because of the 0x00 version/application byte, Bitcoin addresses always start with the digit '1'.

Base58_check encoding is also used for encoding private keys in the Wallet Import Format. This is formed exactly the same as a Bitcoin address, except that 0x80 is used for the version/application byte, and the payload is 32 bytes instead of 20 (a private key in Bitcoin is a single 32-byte unsigned big-endian integer). Such encodings will always yield a 51-character string that starts with '5', or more specifically, either '5H', '5J', or '5K'.

## Base58 symbol chart

The Base58 symbol chart used in Bitcoin is specific to the Bitcoin project and is not intended to be the same as any other Base58 implementation used outside the context of Bitcoin.

Code | Character | Code | Character | Code | Character | Code | Character |
---|---|---|---|---|---|---|---|

0 | 1 | 1 | 2 | 2 | 3 | 3 | 4 |

4 | 5 | 5 | 6 | 6 | 7 | 7 | 8 |

8 | 9 | 9 | A | 10 | B | 11 | C |

12 | D | 13 | E | 14 | F | 15 | G |

16 | H | 17 | J | 18 | K | 19 | L |

20 | M | 21 | N | 22 | P | 23 | Q |

24 | R | 25 | S | 26 | T | 27 | U |

28 | V | 29 | W | 30 | X | 31 | Y |

32 | Z | 33 | a | 34 | b | 35 | c |

36 | d | 37 | e | 38 | f | 39 | g |

40 | h | 41 | i | 42 | j | 43 | k |

44 | m | 45 | n | 46 | o | 47 | p |

48 | q | 49 | r | 50 | s | 51 | t |

52 | u | 53 | v | 54 | w | 55 | x |

56 | y | 57 | z |

The algorithm for encoding address_byte_string (consisting of 0x01 + hash + 4-byte_check_code) is

code_string = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz" x = convert_bytes_to_big_integer(hash_result) output_string = "" while(x > 0) { (x, remainder) = divide(x, 58) output_string.append(output_string[remainder]) } repeat(number_of_leading_zero_bytes_in_hash) { output_string.append(code_string[0]); } output_string.reverse();