How Public Keys Derive into Addresses
How Public Keys Derive into Addresses
In Bitcoin, you do not publish your raw public key to receive payments. Instead, you share a shortened, secure representation of your key called an address.
An address is a hashed public key containing built-in checksums to prevent typos and human spelling errors.
🛠️ The Cryptographic Derivation Pipeline (P2PKH)
To transform a raw public key into a standard legacy Base58Check address, Bitcoin performs a series of precise cryptographic steps:
┌──────────────────────────────────────┐
│ Public Key Coordinate (K) │ (33-Byte Compressed Key)
└──────────────────┬───────────────────┘
│
▼ [ SHA-256 Hash ]
┌──────────────────────────────────────┐
│ SHA-256 Hash │ (32 Bytes)
└──────────────────┬───────────────────┘
│
▼ [ RIPEMD-160 Hash ]
┌──────────────────────────────────────┐
│ Hash160 │ (20-Byte Payload)
└──────────────────┬───────────────────┘
│
▼ [ Prepend Version Prefix ]
┌──────────────────────────────────────┐
│ Version Prefix + Hash160 │ (21 Bytes)
└──────────────────┬───────────────────┘
├───────────────────────────────────┐
│ ▼ [ Double SHA-256 ]
│ ┌───────────────────────────────────┐
│ │ Double SHA-256 Hash │
│ └─────────────────┬─────────────────┘
│ ▼ [ Take First 4 Bytes ]
│ ┌───────────────────────────────────┐
│ │ 4-Byte Checksum │
│ └─────────────────┬─────────────────┘
│ │
▼ ▼
┌────────────────────────────────────────────────────────────────────────────┐
│ Version Prefix + Hash160 + Checksum │ (25 Bytes)
└──────────────────────────────────┬─────────────────────────────────────────┘
│
▼ [ Base58 Encoding ]
┌────────────────────────────────────────────────────────────────────────────┐
│ Legacy Base58Check Address │ (Starts with "1")
└────────────────────────────────────────────────────────────────────────────┘
🔬 Step-by-Step Address Calculation
Let's break down each block of the derivation pipeline:
1. The Hashing Phase (Hash160)
We hash the compressed public key $(K)$ using two different hashing functions: 1. SHA-256: $SHA256(K)$ 2. RIPEMD-160: $RIPEMD160(SHA256(K)) \rightarrow \mathbf{Hash160}$
This dual-hash process yields a 20-byte (160-bit) string. RIPEMD-160 is used because it reduces the length of the coordinate data significantly, resulting in a shorter address.
2. Prepended Version Byte
To specify the network and format of the address, a prefix byte is prepended:
* 0x00 for Mainnet Legacy P2PKH (starts with "1").
* 0x05 for Mainnet Nested P2SH (starts with "3").
* 0x1111 (Decimal) formats for various testnets.
3. Creating the 4-Byte Checksum
To protect against typos, we calculate a checksum of the 21-byte payload:
$$Checksum = \text{First 4 bytes of } SHA256(SHA256(\text{Prefix} \parallel \text{Hash160}))$$
We append these 4 bytes to the end of our payload, resulting in a 25-byte serialized array.
4. Base58 Encoding
Finally, we encode the 25 bytes using the Base58 alphabet.
* Preventing Ambiguity: Standard Base64 uses letters like 0 (zero), O (capital o), I (capital i), and l (lowercase L). These look identical in many fonts and lead to severe transcription errors. Base58 explicitly removes these four confusing characters, keeping human transcription completely safe!
⚡ The Modern Alternative: Bech32 (SegWit)
While legacy addresses use Base58Check, native SegWit addresses (starting with bc1q) utilize a modern format called Bech32 (defined in BIP 173).
Bech32 provides significant improvements over legacy addresses: * Single-Case Alphabet: Bech32 uses lowercase letters and numbers only, making it much easier to dictate or type. * Error Correction: Bech32 uses a highly advanced BCH error-correcting code. If a user mistypes 1 or 2 characters in a Bech32 address, the wallet software can mathematically pinpoint exactly where the error occurred and prevent the funds from being lost.
TeachMeBitcoin is an ad-free, open-source educational repository curated by a passionate team of Bitcoin researchers and educators for public benefit. If you found our articles helpful, please consider supporting our hosting and ongoing content updates with a clean donation: