TeachMeBitcoin

How Public Keys Derive into Addresses

From TeachMeBitcoin, the free encyclopedia Reading time: 3 min

How Public Keys Derive into Addresses

In Bitcoin, you do not publish your raw public key to receive payments. Instead, you share a shortened, secure representation of your key called an address.

An address is a hashed public key containing built-in checksums to prevent typos and human spelling errors.


️ The Cryptographic Derivation Pipeline (P2PKH)

To transform a raw public key into a standard legacy Base58Check address, Bitcoin performs a series of precise cryptographic steps:

┌──────────────────────────────────────┐
│ Public Key Coordinate (K) │ (33-Byte Compressed Key)
└──────────────────┬───────────────────┘
 │
 ▼ [ SHA-256 Hash ]
┌──────────────────────────────────────┐
│ SHA-256 Hash │ (32 Bytes)
└──────────────────┬───────────────────┘
 │
 ▼ [ RIPEMD-160 Hash ]
┌──────────────────────────────────────┐
│ Hash160 │ (20-Byte Payload)
└──────────────────┬───────────────────┘
 │
 ▼ [ Prepend Version Prefix ]
┌──────────────────────────────────────┐
│ Version Prefix + Hash160 │ (21 Bytes)
└──────────────────┬───────────────────┘
 ├───────────────────────────────────┐
 │ ▼ [ Double SHA-256 ]
 │ ┌───────────────────────────────────┐
 │ │ Double SHA-256 Hash │
 │ └─────────────────┬─────────────────┘
 │ ▼ [ Take First 4 Bytes ]
 │ ┌───────────────────────────────────┐
 │ │ 4-Byte Checksum │
 │ └─────────────────┬─────────────────┘
 │ │
 ▼ ▼
┌────────────────────────────────────────────────────────────────────────────┐
│ Version Prefix + Hash160 + Checksum │ (25 Bytes)
└──────────────────────────────────┬─────────────────────────────────────────┘
 │
 ▼ [ Base58 Encoding ]
┌────────────────────────────────────────────────────────────────────────────┐
│ Legacy Base58Check Address │ (Starts with "1")
└────────────────────────────────────────────────────────────────────────────┘

Step-by-Step Address Calculation

Let's break down each block of the derivation pipeline:

1. The Hashing Phase (Hash160)

We hash the compressed public key $(K)$ using two different hashing functions:

  1. SHA-256: $SHA256(K)$

  2. RIPEMD-160: $RIPEMD160(SHA256(K)) \rightarrow \mathbf{Hash160}$

This dual-hash process yields a 20-byte (160-bit) string. RIPEMD-160 is used because it reduces the length of the coordinate data significantly, resulting in a shorter address.

2. Prepended Version Byte

To specify the network and format of the address, a prefix byte is prepended:

3. Creating the 4-Byte Checksum

To protect against typos, we calculate a checksum of the 21-byte payload:

$$Checksum = \text{First 4 bytes of } SHA256(SHA256(\text{Prefix} \parallel \text{Hash160}))$$

We append these 4 bytes to the end of our payload, resulting in a 25-byte serialized array.

4. Base58 Encoding

Finally, we encode the 25 bytes using the Base58 alphabet.


⚡ The Modern Alternative: Bech32 (SegWit)

While legacy addresses use Base58Check, native SegWit addresses (starting with bc1q) utilize a modern format called Bech32 (defined in BIP 173).

Bech32 provides significant improvements over legacy addresses:

☕ Help support TeachMeBitcoin

TeachMeBitcoin is an ad-free, open-source educational repository curated by a passionate team of Bitcoin researchers and educators for public benefit. If you found our articles helpful, please consider supporting our hosting and ongoing content updates with a clean donation:

Ethereum: 0x578417C51783663D8A6A811B3544E1f779D39A85
Bitcoin: bc1q77k9e95rn669kpzyjr8ke9w95zhk7pa5s63qzz
Solana: 4ycT2ayqeMucixj3wS8Ay8Tq9NRDYRPKYbj3UGESyQ4J
Address copied to clipboard!