How to create bitcoin address

How to create a Bitcoin wallet address from a private key

In the previous article, we looked at different methods to generate a private key. Whatever method you choose, you’ll end up with 32 bytes of data. Here’s the one that we got at the end of that article:

We’ll use this private key throughout the article to derive both a public key and the address for the Bitcoin wallet.

What we want to do is to apply a series of conversions to the private key to get a public key and then a wallet address. Most of these conversions are called hash functions. These hash functions are one-way conversions that can’t be reversed. We won’t go to the mechanics of the functions themselves — there are plenty of great articles that cover that. Instead, we will look at how using these functions in the correct order can lead you to the Bitcoin wallet address that you can use.

Elliptic Curve Cryptography

The first thing we need to do is to apply the ECDSA or Elliptic Curve Digital Signature Algorithm to our private key. An elliptic curve is a curve defined by the equation y² = x³ + ax + b with a chosen a and b . There is a whole family of such curves that are widely known and used. Bitcoin uses the secp256k1 curve. If you want to learn more about Elliptic Curve Cryptography, I’ll refer you to this article.

By applying the ECDSA to the private key, we get a 64-byte integer. This consists of two 32-byte integers that represent the X and Y of the point on the elliptic curve, concatenated together.

For our example, we got: 1e7bcc70c72770dbb72fea022e8a6d07f814d2ebe4de9ae3f7af75bf706902a7b73ff919898c836396a6b0c96812c3213b99372050853bd1678da0ead14487d7 .

In Python, it would look like this:

Note: as you can see from the code, before I used a method from the ecdsa module, I decoded the private key using codecs . This is relevant more to the Python and less to the algorithm itself, but I will explain what are we doing here to remove possible confusion.

In Python, there are at least two classes that can keep the private and public keys: “str” and “bytes”. The first is a string and the second is a byte array. Cryptographic methods in Python work with a “bytes” class, taking it as input and returning it as the result.

Now, there’s a little catch: a string, say, 4f3c does not equal the byte array 4f3c , it equals the byte array with two elements, O . And that’s what codecs.decode method does: it converts a string into a byte array. That will be the same for all cryptographic manipulations that we’ll do in this article.

Public key

Once we’re done with the ECDSA, all we need to do is to add the bytes 0x04 at the start of our public key. The result is a Bitcoin full public key, which is equal to: 041e7bcc70c72770dbb72fea022e8a6d07f814d2ebe4de9ae3f7af75bf706902a7b73ff919898c836396a6b0c96812c3213b99372050853bd1678da0ead14487d7 for us.

Compressed public key

But we can do better. As you might remember, the public key is some point (X, Y) on the curve. We know the curve, and for each X there are only two Ys that define the point which lies on that curve. So why keep Y? Instead, let’s keep X and the sign of Y. Later, we can derive Y from that if needed.

The specifics are as follows: we take X from the ECDSA public key. Now, we add the 0x02 if the last byte of Y is even, and the byte 0x03 if the last byte is odd.

In our case, the last byte is odd, so we add 0x03 to get the compressed public key: 031e7bcc70c72770dbb72fea022e8a6d07f814d2ebe4de9ae3f7af75bf706902a7 . This key contains the same information, but it’s almost twice as short as the uncompressed key. Cool!

Previously, wallet software used long, full versions of public keys, but now most of it has switched to compressed keys.

Encrypting the public key

From now on, we need to make a wallet address. Whatever method of getting the public key you choose, it goes through the same procedure. Obviously, the addresses will differ. In this article, we will go with the compressed version.

What we need to do here is to apply SHA-256 to the public key, and then apply RIPEMD-160 to the result. The order is important.

SHA-256 and RIPEMD-160 are two hash functions, and again, we won’t go into the details of how they work. What matters is that now we have 160-bit integer, which will be used for further modifications. Let’s call that an encrypted public key. For our example, the encrypted public key is 453233600a96384bb8d73d400984117ac84d7e8b .

Here’s how we encrypt the public key in Python:

Adding the network byte

The Bitcoin has two networks, main and test. The main network is the network that all people use to transfer the coins. The test network was created — you guessed it — to test new features and software.

We want to generate an address to use it on the mainnet, so we need to add 0x00 bytes to the encrypted public key. The result is 00453233600a96384bb8d73d400984117ac84d7e8b . For the testnet, that would be 0x6f bytes.

Checksum

Now we need to calculate the checksum of our mainnet key. The idea of checksum is to make sure that the data (in our case, the key) wasn’t corrupted during transmission. The wallet software should look at the checksum and mark the address as invalid if the checksum mismatches.

To calculate the checksum of the key, we need to apply SHA-256 twice and then take first 4 bytes of the result. For our example, the double SHA-256 is 512f43c48517a75e58a7ec4c554ecd1a8f9603c891b46325006abf39c5c6b995 and therefore the checksum is 512f43c4 (note that 4 bytes is 8 hex digits).

The code to calculate an address checksum is the following:

Getting the address

Finally, to make an address, we just concatenate the mainnet key and the checksum. That makes it 00453233600a96384bb8d73d400984117ac84d7e8b512f43c4 for our example.

That’s it! That’s the wallet address for the private key at the start of the article.

But you may notice that something is off. You’ve probably seen a handful of Bitcoin addresses and they didn’t look like that. Well, the reason is that they are encoded with Base58. It’s a little bit odd.

Here’s the algorithm to convert a hex address to the Base58 address:

What we get is 17JsmEygbbEUEpvt4PFtYaTeSqfb9ki1F1 , a compressed Bitcoin wallet address.

Conclusion

The wallet key generation process can be split into four steps:

• creating a public key with ECDSA
• encrypting the key with SHA-256 and RIPEMD-160
• calculating the checksum with double SHA-256
• encoding the key with Base58.

Depending on the form of public key (full or compressed), we get different addresses, but both are perfectly valid.

Here’s the full algorithm for the uncompressed public key:

If you want to play with the code, I published it to the Github repository.

I am making a course on cryptocurrencies here on Medium. The first part is a detailed description of the blockchain.

I also post random thoughts about crypto on Twitter, so you might want to check it out.

Источник

Bitcoin address

Enjoyed the article? Share:

Bitcoin address is an identifier (account number), starting with 1 or 3 and containing 27-34 alphanumeric Latin characters (except 0, O, I). Bitcoin addresses can be also represented as a QR-code. The addresses are anonymous and do not contain information about the owner. A bitcoin address can be obtained for free, using, for example, Bitcoin software. Bitcoin address example:

Addresses can be generated at no cost by any user of Bitcoin. For example, using Bitcoin Core, one can click «New Address» and be assigned an address. It is also possible to get a Bitcoin address using an account at an exchange or online wallet service.

There are currently two bitcoin address format in common use:

Common Pay-to-Pubkey Hash (P2PKH) which begin with the number 1. Newer Pay-to-Script Hash (P2SH) type starting with the number 3, eg: 35bSzXvRKLpHsHMrzb82f617cV4Srnt7hS .

Contents

What’s in a Bitcoin address [ edit ]

Most Bitcoin addresses are 34 characters. They consist of random digits and uppercase and lowercase letters, with the exception that the uppercase letter «O», uppercase letter «I», lowercase letter «l», and the number «0» are never used to prevent visual ambiguity.

Some Bitcoin addresses can be shorter than 34 characters (as few as 26) and still be valid. A significant percentage of Bitcoin addresses are only 33 characters, and some bitcoin address length may be even shorter.

Every Bitcoin address stands for a number. These shorter addresses are valid simply because they stand for numbers that happen to start with zeroes, and when the zeroes are omitted, the encoded address gets shorter.

Several of the characters inside a Bitcoin address are used as a checksum so that typographical errors can be automatically found and rejected. The checksum also allows Bitcoin software to confirm that a 33-character (or shorter) address is in fact valid and isn’t simply an address with a missing character.

Purpose and opportunities [ edit ]

Transfer/receive transactions of Bitcoins (Cryptocurrency, BTC) can be performed via address like the work with e-mail messages. One person can create an unlimited number of addresses, increasing the anonymity level of the payments. When performing the next transaction with BTC a new address is often created (the funds are credited/debited within 1-2 hours). At the same time the private key pair is generated, providing access to the identifier and the ability to perform transactions with currency. They are stored in the wallet.dat file on the user’s computer.

Input conditions [ edit ]

In order to avoid errors when manually inputting the address, it is recommended to use the clipboard. Symbols register is considered when you manually input the address. In case of incorrect input Bitcoins are sent to the wrong address or the transaction is rejected. Last one is done automatically if the identifier contains symbols that are used as a checksum (for verification).

The probability that a mistyped address is accepted as being valid is, approximately 1 in 4.29 billion.

How to create Bitcoin address? [ edit ]

The address is created by generating of random numbers and performing specific mathematical operations. It does not require Internet connection and registration at Bitcoin, where it begins to be monitored. Thousands of addresses (including personalized) and keys thereto can be generated within 1 minute, for example, when using Vanitygen utility.

Creating bitcoin address can be done without an Internet connection and does not require any contact or registration with the Bitcoin network. It is possible to create large batches of addresses offline using freely available software tools. Generating batches of addresses is useful in several scenarios, such as e-commerce websites where a unique pre-generated address is dispensed to each customer who chooses a «pay with Bitcoin» option. Newer «HD wallets» can generate a «seed» token which can be used to allow untrusted systems (such as webservers) to generate an unlimited number of addresses without the ability to spend the bitcoins received.

Transactions [ edit ]

Record of the BTC transfer from one address to another generates a transaction. It contains the hash of the previous transaction signed by the sender and Bitcoins recipients address. All information is sent to the Bitcoin network and after signatures verification transaction is accepted for processing.

Most Bitcoin wallets have a function to «sign» a message, proving the entity receiving funds with an address has agreed to the message. This can be used to, for example, finalise a contract in a cryptographically provable way prior to making payment for it.

Some services will also piggy-back on this capability by dedicating a specific address for authentication only, in which case the address should never be used for actual Bitcoin transactions. When you login to or use their service, you will provide a signature proving you are the same person with the pre-negotiated address.

It is important to note that these signatures only prove one receives with an address. Since Bitcoin transactions do not have a «from» address, you cannot prove you are the sender of funds.

Current standards for message signatures are only compatible with «version zero» bitcoin addresses (that begin with the number 1).

Bitcoin Address Validation [ edit ]

If you would like to validate a Bitcoin address in an application, it is advisable to use a method rather than to just check for string length, allowed characters, or that the address starts with a 1 or 3. Validation may also be done using open source code available in various languages or with an online validating tool.

Loss of Bitcoins [ edit ]

Loss of Bitcoins is possible in the following situations:

• if the wallet is lost because of the hard drive failure,
• when generating a new address, getting BTC on it and restoring the wallet from an earlier backup, where address is not yet created,
• when sending Bitcoins to address that doesn’t have owner.

Multi-signature Bitcoin address [ edit ]

Addresses can be created that require a combination of multiple private keys. Since these take advantage of newer features, they begin with the newer prefix of 3 instead of the older 1. These can be thought of as the equivalent of writing a check to two parties — «pay to the order of somebody AND somebody else» — where both parties must endorse the check in order to receive the funds.

The actual requirement (number of private keys needed, their corresponding public keys, etc.) that must be satisfied to spend the funds is decided in advance by the person generating this type of address, and once an address is created, the requirement cannot be changed without generating a new address.

Address balances [ edit ]

Addresses are not wallets nor accounts, and do not carry balances. They only receive funds, and you do not send «from» an address at any time. Various confusing services and software display bitcoins received with an address, minus bitcoins sent in random unrelated transactions as an «address balance», but this number is not meaningful: it does not imply the recipient of the bitcoins sent to the address has spent them, nor that they still have the bitcoins received.

An example of bitcoin loss resulting from this misunderstanding is when people believed their address contained 3 BTC. They spent 0.5 Bitcoins and believed the address now contained 2.5 BTC when actually it contained zero. The remaining 2.5 Bitcoins was transferred to a change address which was not backed up and therefore lost. This has happened on a few occasions to users of Paper wallets.

«From» addresses [ edit ]

Bitcoin transactions do not have any kind of origin-, source- or «from» address.

Источник