Mini private key format

From Bitcoin Wiki
Revision as of 01:34, 6 September 2011 by Casascius (talk | contribs)
Jump to: navigation, search

The mini private key format is a method of encoding a Bitcoin private key in 22 characters so that it can be embedded in a small space. This private key format was first used in Casascius physical bitcoins, and is also favorable for use in QR codes which allows use of a lower dot density. The format offers a built-in check code as a small margin of protection against typos.

An example key using this encoding is S4b3N3oGqDqR5jNuxEvDwf.

The way it might appear within a physical bitcoin is on a round card printed as follows:



The private key encoding consists of 22 alphanumeric characters from the base58 alphabet used in Bitcoin. The first of the 22 characters is always the uppercase letter S.

To obtain the full 256-bit private key, simply take the SHA256 hash of the entire string. There is no encoding for breaks in the string even if printed that way - the SHA256 should be taken of exactly twenty-two bytes.

SHA256("S4b3N3oGqDqR5jNuxEvDwf") = 0C28FCA386C7A227600B2FE50B7CAE11EC86D3BF1FBE471BE89827E19D72AA1D

Check code

The check code is designed to be simple, but relatively computationally expensive so that it cannot be used to quickly reduce the key space in a brute force attack. It offers seven bits worth of error protection (or, in other words, in the event of a typo, the typo will be caught about 127 out of 128 times, or over 99%).

To determine whether a string passes the check code, follow these steps:

  1. Ensure it is well-formed (22 characters, base58 alphabet, starts with S).
  2. Add a question mark to the end of the string, and take the SHA256 of that. If the SHA256 starts with eight zero bits (hex 00), then the string passes the check code.
  3. If it does not, then with the same string (ending in a question mark), do 717 (seven hundred seventeen) rounds of SHA256 on the string. If the result after the 717th round starts with eight zero bits (hex 00), then the string passes the check code.
  4. If the results of SHA256 after both tests don't start with eight zero bits, then the check fails.