Sign in Subscribe
Crypto

The Cryptography behind Bitcoin Addresses

Giuseppe Toscano

2 min read
Image generated by Microsoft Copilot

Hello world, in this article we will see how our BTC addresses work! πŸͺ™

In brief, a BTC address is generated using cryptographic algorithms based on elliptic curves. The three main steps to generate a public and unique BTC address are the following:

  • Generation of a Private Key
  • Generation of the Public Key
  • Generation of a Public Address

Let's dive into the details.

Generation of a Private Key

The Private Key (Kpr) is a randomly generated 256-bit number, it should be truly random and unpredictable to ensure security. For instance, this is a valid BTC private key (in hex and binary format):

BTC Private Key

Generation of the Public Key

The Public Key (Kpub) is derived from the previous Private Key using Elliptic Curve Cryptography (ECC), specifically the secp256k1 curve (click here for more details).

Source: bitcoin.it - secp256k1 curve

Kpub = Kpr * G, where G is the generator point on the secp256k1 curve. Be aware that the * symbol does not represent the ordinary multiplication between integers, but the elliptic curve multiplication, which is totally different.

There are two different formats for the Public Key:

  • Uncompressed (Legacy): includes both the x and y coordinates (i.e., 04 || x || y).
  • Compressed: includes only the x coordinate and a prefix to indicate the parity (odd or even) of the y coordinate (i.e., 03 or 02 || x)

This is an example of Public Key derived from the Private Key above described above:

// Uncompressed
045007aae6c98d8a807425006b36d101d48e7c9d6362ae5c9a506785f0712e938181e424e20e521c3145b7ecdd59497a87bdc470085e96a63ad6300d1ef6b1095b

// Compressed
035007aae6c98d8a807425006b36d101d48e7c9d6362ae5c9a506785f0712e9381

BTC Public Key

Please note that the Private Key cannot be recovered by starting from the Public Key, the math protects you and it only works one way. This is the reason why the Public Key can be shared with anyone, while the Private Key should be kept secret.

Generation of a Public Address

The last step is the generation of a Public Address which is a user-friendly representation of the Public Key. This involves the following steps:

  • Compute the SHA-256 hash of the Public Key
  • Compute the RIPEMD-160 hash of the result from the previous step.
  • Add a network byte in front of the RIPEMD-160 hash (0x00 for Bitcoin mainnet).
  • Compute a double SHA-256 hash of the result from step 3, and take the first 4 bytes of this hash.
  • Append the checksum to the end of the extended RIPEMD-160 hash with the network byte.
  • Encode the result using Base58Check encoding to produce the final Bitcoin address.

In formulas:

checksum = First4Bytes(SHA256(SHA256((0x00||RIPEMD160(SHA256(Kpub))))))

address = Base58Check((0x00||RIPEMD160(SHA256(Kpub))) + checksum

Generation of a BTC Address

This is an example of Bitcoin Address:

1ATobtBrrHqpTPbeG8JFpRqeZH4PYNiggU

BTC Address

Some interesting resources:

Please share your opinion below and let’s build a supportive and informative community together! 🀝

Share this article: