- How to Generate a Bitcoin Address — Step by Step
- Introduction
- Dependencies
- Cryptography Primer
- Public Key Cryptography
- Creating a Bitcoin Address
- Private Key Generation
- Public Key Generation
- Compressed Public Key
- Address Generation
- Pay-to-Script Hash
- Keys & Addresses
- What is a private key, a public key, and an address?
- Where do keys and addresses come from?
- Private Key
- Public Key
- Address
- Do I have to remember all 3 of these keys?
- What happens if I lose my private key?
How to Generate a Bitcoin Address — Step by Step
Here is a bash script that does what is outlined below: https://bit.ly/2MIgeOD
Introduction
This is a hands-on, technical guide about the generation of Bitcoin addresses including private and public keys, and the cryptography involved.
Learn more and join people in 22 countries around the world in my course on how to Become a Bitcoin + Blockchain Programmer.
This guide will walk you through all the steps to generate a Bitcoin address using the command line on a Mac. Similar steps should be possible on other operating systems using similar cryptographic tools. Lines starting with $ denote terminal commands, which you can type and run (without the $ of course).
Dependencies
- brew — Installation: https://brew.sh/
- pip — Installation: sudo easy_install pip
- libressl — Installation: brew install libressl
- base58 — Installation: pip install base58
Note: To do the contained openssl cli commands, I installed libressl in order for some of the elliptic curve commands to work as the current version of openssl cli on mac has a bug.
Cryptography Primer
Public Key Cryptography
Or asymmetric cryptography, is a type of cryptography that uses key pairs, each of which is unique. The pair of keys includes a public key and a private key. This is the type of cryptography that Bitcoin uses to control funds. A public key can be generated from a private key, but not vice-versa (computationally too difficult). Also, something encrypted with a private key can be decrypted with the public key, and vice-versa, hence they are asymmetric.
- Encryption: When a user has a public key, a message can be encrypted using a public key, which can only be read by the person with the private key. This also works in reverse.
- Digital Signatures: A user can, with their private key and a hash of some data, use a digital signature algorithm such as ECDSA, to calculate a digital signature. Then, another user can use the algorithm to verify that signature using the public key and the hash of the same data. If it passes, this proves a user did in fact submit a specific message, which has not been tampered with.
- Digital Fingerprint: Is a way to represent an arbitrarily large data set by computing the hash of it to generate a fingerprint of a standard size. This fingerprint would be so difficult to replicate without the same exact data, which can be assumed to have not been tampered with.
Private keys are what prove you can send Bitcoin that has been sent to you. It is like the password to your bank account. If you lose it or someone else gets a hold of it, you’re toast.
Public keys help people know how to send you Bitcoin.
Creating a Bitcoin Address
Private Key Generation
Private keys can be any 256 bit (32 byte) value from 0x1 to 0xFFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF BAAE DCE6 AF48 A03B BFD2 5E8C D036 4140 .¹
The total possible number of private keys is therefore 2²⁵⁶ or 1.16 x 10⁷⁷. Imagine the total number of atoms in your body, then imagine that each of those atoms is an earth. The total number of atoms on all of those earths is about 7 x 10⁷⁷.² There is virtually no chance that your random private key will ever be generated randomly or found by someone else.
A common (but not the most secure) way of creating a private key is to start with a seed, such as a group of words or passphrases picked at random. This seed is then passed through the SHA256 algorithm, which will always conveniently generate a 256 bit value. This is possible because every computer character is represented by an integer value (see ASCII and Unicode).
Note: SHA256 is a one-way, deterministic function meaning that it is easy to compute in one direction, but you cannot reverse it. In order to find a specific output, you have to try all the possible inputs until you get the desired output (brute forcing) and it will always produce the same output given the same input, respectively.
The seed can be used to generate the same private key if the same hashing algorithm is used in the future, so it is only necessary to save the seed.
This private key is in hexadecimal or base 16. Every 2 digits represents 8 bits or 1 byte. So, with 64 characters, there are 256 bits total.
Public Key Generation
Public keys are generated from the private keys in Bitcoin using elliptic curve ( secp256k1 ) multiplication using the formula K = k * G , where K is the public key, k is the private key, and G is a constant called the Generator Point⁴, which for secp256k1 is equal to:
It doesn’t seem to be known how this point was chosen by they designers of the curve. Also, this algorithm is a one-way algorithm, or a “trap door” function so that a private key cannot be derived from the public key. It is important to note that elliptic curve multiplication is not the same as scalar multiplication, though it does share similar properties.
To do this in the terminal from our private key earlier,
This public key contains a prefix 0x04 and the x and y coordinates on the elliptic curve secp256k1 , respectively.
Compressed Public Key
Most wallets and nodes implement compressed public key as a default format because it is half as big as an uncompressed key, saving blockchain space. To convert from an uncompressed public key to a compressed public key, you can omit the y value because the y value can be solved for using the equation of the elliptic curve: y² = x³ + 7. Since the equation solves for y², the right side of the equation could be either positive or negative. So, 0x02 is prepended for positive y values, and 0x03 is prepended for negative ones. If the last binary digit of the y coordinate is 0, then the number is even, which corresponds to positive. If it is 1, then it is negative. The compressed version of the public key becomes:
The prefix is 0x02 because the y coordinate ends in 0xa4 , which is even, therefore positive.
Address Generation
There are multiple Bitcoin address types, currently P2SH or pay-to-script hash is the default for most wallets. P2PKH was the predecessor and stands for Pay to Public Key Hash. Scripts give you more functionality, which is one reason why they are more popular. We’ll first generate a P2PKH original format address, followed by the now standard P2SH .
The public key from the previous output is hashed first using sha256 and then hashed using ripemd160 . This shortens the number of output bytes and ensures that in case there is some unforeseen relationship between elliptic curve and sha256, another unrelated hash function would significantly increase the difficulty of reversing the operation:
Note that since the input is a string, the xxd -r -p will convert the hex string into binary and then output it in hexdump style (ascii), which is what the openssl hashing functions expect as input.
Now that we have hashed the public key, we now perform base58check encoding. Base58check allows the hash to be displayed in a more compact way (using more letters of the alphabet) while avoiding characters that could be confused with each other such as 0 and O where a typo could result in your losing your funds. A checksum is applied to make sure the address was transmitted correctly without any data corruption such as mistyping the address.
Bitcoin P2PKH addresses begin with the version byte value 0x00 denoting the address type and end with a 4 byte checksum. First we prepend the version byte (prefix) to our public key hash and calculate and append the checksum before we encode it using base58 :
Note: -c denotes a checksum is to be applied. The checksum is calculated as checksum = SHA256(SHA256(prefix+data)) and only the first 4 bytes of the hash are appended to the end of the data.
The resulting value is a P2PKH address that can be used to receive Bitcoin: 16JrGhLx5bcBSA34kew9V6Mufa4aXhFe9X
Pay-to-Script Hash
The new default address type is a pay-to-script-hash, where instead of paying to a pubKey hash, it is a script hash. Bitcoin has a scripting language, you can read more about it here. Basically it allows for things like multiple signature requirements to send Bitcoin or a time delay before you are allowed to send funds, etc. A commonly used script is a P2WPKH (Pay to Witness Public Key Hash): OP_0 0x14
where the PubKey Hash is the RIPEMD160 of the SHA256 of the public key, as before, and 0x14 is the number of bytes in the PubKey Hash. So, to turn this script into an address, you simply apply BASE58CHECK to the RIPEMD160 of the SHA256 of the script OP_0 0x14
except you prepend 0x05 to the script hash instead of 0x00 to denote the address type is a P2SH address.
If you like the article, check out my course on how to Become a Bitcoin + Blockchain Programmer.
Источник
Keys & Addresses
Unique numbers used for sending and receiving batches of bitcoins.
What is a private key, a public key, and an address?
To send and receive money in bitcoin you need an “account number” and a “password”.
In bitcoin we call these a public key and a private key .
Here are your account details. Welcome to Bitcoin.
However, this “account number” is awkwardly long number. So to make life easier we create a condensed version of this public key, and we call it our address .
You’ll see how hideous the public key is in a moment.
And that’s the role of the private key, the public key, and the address.
Where do keys and addresses come from?
Private Key
It all starts with the private key , which is just a randomly generated number:
But because this number is so large, computers (and bitcoin) like to work with it in hexadecimal format:
Hexadecimal numbers are shorter than decimal numbers because they also use the letters a,b,c,d,e and f
And there we have a private key… just a big random number (in hexadecimal format).
A private key can be any number between 1 and 115792089237316195423570985008687907852837564279074904382605163141518161494336.
Public Key
You use your private key to create your public key .
But first of all, this public is going to be seen by other people. Therefore, when we use the private key to create our public key, we don’t want it to be possible for anyone to figure out what our private key was.
Because after all, the private key protects our bitcoins.
Even though the public key is made from the private key, we don’t want anyone to be able to work backwards from it.
Fortunately we can use a special type of mathematical function to achieve this.
We just shove the private key in to it (which is a number after all), and the function spits out a public key (a new number).
Now, there are two benefits of using this particular function:
- This function returns a public key that is mathematically connected to our private key. This will come in handy when we want to send bitcoins in a transaction.
It’s like starting with a key and creating a padlock from it.
- Even though the public key is connected to the private key, it’s not possible to figure out what the private key is from the public key. And this is why we use this particular mathematical function… because it’s a “one-way” function.
And ta-da, thanks to our random number and this function, we now have a pair of keys that we can use to send and receive money in bitcoin.
Private Key | ef235aacf90d9f4aadd8c92e4b2562e1d9eb97f0df9ba3b508258739cb013db2 |
---|
Address
Oh yeah, that public key is hideous isn’t it. Nobody is going to enjoy typing that out, so let’s make it more practical and call it an address .
Thank goodness for that!
All we’ve done here is compress the public key, and used a format that doesn’t make use of any characters that look similar to each other when written down (i.e. no “0”, “O”, “I” or “l”).
So no, it still doesn’t quite roll off the tongue, but it is an improvement.
And that’s all an address is – a shorter/easier version of the public key.
Private Key | ef235aacf90d9f4aadd8c92e4b2562e1d9eb97f0df9ba3b508258739cb013db2 |
---|---|
Public Key | 02b4632d08485ff1df2db55b9dafd23347d1c47a457072a1e87be26896549a8737 |
Due to the way the public key has been compressed, it’s not possible to work out the public key from the address.
Do I have to remember all 3 of these keys?
Because your public key and address are worked out from your private key, you can get away with just saving your private key.
Remember, your public key (and address) are worked out from your private key.
So if worst comes to worst, if you ever need to send your address to someone, you can just work it out from your private key.
In everyday life, it’s practical to keep note of your private key and address, because your address is what you give to people when you want to receive bitcoins.
What happens if I lose my private key?
Well then you’re fu lly out of luck.
It’s impossible to work out your private key from either your public key or address, so if you lose your private key, it’s lost.
And if you haven’t got the private key for an address, any bitcoins located at that address will be locked there forever.
How’s that for security?
This may seem like an unforgiving system, and that’s because it is.
On the other hand, it’s refreshing to know that there are no backdoors to your money. There is only one key to your bitcoins, and you’re in charge of it.
By Greg Walker, 06 May 2015
Last Updated: 25 Aug 2020
- 25 Aug 2020: Updated private key pages to indicate that a private key can be any number between 1 and (n-1) and not between 1 and (n), where n=115792089237316195423570985008687907852837564279074904382605163141518161494337 and is the order of the curve.
- 30 Mar 2020: corrected base58 chars removed
- 28 Mar 2020: updated html for h1 headers and subheadings — now dynamic from yaml
- 28 Mar 2020: updated html for h1 headers and subheadings
- 15 Oct 2019: updated CSS and router to use pandoc 2.7 (from 1.19)
- 09 Oct 2019: renamed browser to explorer, glossary to guide, and guide to beginners
I’ll let you know about cool website updates, or if something seriously interesting happens in bitcoin.
Источник
Private Key | ef235aacf90d9f4aadd8c92e4b2562e1d9eb97f0df9ba3b508258739cb013db2 |
---|---|
Public Key | 02b4632d08485ff1df2db55b9dafd23347d1c47a457072a1e87be26896549a8737 |
Address | 1EUXSxuUVy2PC5enGXR1a3yxbEjNWMHuem |