The Public Key Hash: Hash160 and Security

A Public Key Hash (PKH) is a highly secure, condensed, 20-byte representation of a public key. It serves as the core payload for legacy P2PKH and SegWit P2WPKH addresses.

Bitcoin uses a specialized, double-barrier hashing pipeline to calculate this value, known as Hash160.

---

🧮 Calculating Hash160

To compute a Public Key Hash, Bitcoin feeds the serialized public key $K$ (either compressed or uncompressed) through two distinct cryptographic hashing functions sequentially:

$$\text{Hash160}(K) = RIPEMD160(SHA256(K))$$

┌──────────────────────────────────────┐
│        Serialized Public Key K       │ (33-Byte Compressed Key)
└──────────────────┬───────────────────┘
                   │
                   ▼ [ SHA-256 Hashing ]
┌──────────────────────────────────────┐
│             SHA-256 Hash             │ (32 Bytes / 256 Bits)
└──────────────────┬───────────────────┘
                   │
                   ▼ [ RIPEMD-160 Hashing ]
┌──────────────────────────────────────┐
│            Hash160 Output            │ (20 Bytes / 160 Bits)
└──────────────────────────────────────┘

---

🛡️ Why Use a Double Hashing Strategy?

Satoshi Nakamoto's decision to chain SHA-256 and RIPEMD-160 was an incredibly clever piece of security design, serving multiple distinct purposes:

1. Mathematical Security (Function Independence)

By combining two completely different hashing algorithms, the security of Bitcoin addresses does not depend on a single mathematical design. * SHA-256 belongs to the SHA-2 family, designed by the NSA, using a Merkle-Damgård construction. * RIPEMD-160 was developed in Europe, based on the MD4 design, utilizing an independent structure with two parallel lines of processing. * If a mathematical exploit is ever discovered in SHA-256, your funds remain secure unless an exploit is also discovered in RIPEMD-160 simultaneously.

2. Physical Data Reduction (vSize Efficiency)

A raw compressed public key is 33 bytes. A SHA-256 hash is 32 bytes. * By running the SHA-256 output through RIPEMD-160, we condense the payload to exactly 20 bytes (160 bits). * This 13-byte reduction per transaction input significantly lowers the physical data weight (vSize) stored by full nodes on the blockchain, directly reducing transaction fees for users.

---

⚛️ The Quantum Computing Defense Shield

One of the most profound benefits of the Public Key Hash is its built-in resistance to future quantum decryption attacks.

1. The Threat of Shor's Algorithm

Quantum computers equipped with sufficient qubits can execute Shor's Algorithm to solve the Elliptic Curve Discrete Logarithm Problem (ECDLP) in polynomial time. * If a quantum attacker knows your raw public key coordinate $K$, they can calculate your secret private key $k$ in seconds, giving them full custody of your coins.

2. Preimage Resistance of Hash Functions

While quantum computers are devastating against elliptic curve point mathematical derivation, they cannot reverse hash functions. The fastest quantum search algorithm against hashes (Grover's Algorithm) only provides a quadratic speedup. This means reversing a 160-bit or 256-bit hash remains computationally impossible.

3. The One-Time Exposure Rule

Because Bitcoin addresses are Public Key Hashes, your raw public key is never exposed on the blockchain until you spend from that address.

┌────────────────────────────────────────────────────────┐
│                      ADDRESS UNSPENT                   │
├────────────────────────────────────────────────────────┤
│ • Ledger holds only the 20-byte Hash160.               │
│ • Raw Public Key coordinates are hidden.               │
│ • Completely secure against Quantum decryption!       │
└───────────────────────────┬────────────────────────────┘
                            │ (Alice broadcasts spend)
                            ▼
┌────────────────────────────────────────────────────────┐
│                      ADDRESS SPENT                     │
├────────────────────────────────────────────────────────┤
│ • Alice publishes raw Public Key K to prove ownership. │
│ • UTXO is immediately spent; remainder sent to change. │
│ • Spent address is dead; no assets left to attack.    │
└────────────────────────────────────────────────────────┘

As long as Alice practices good privacy habits and never reuses addresses (meaning spent outputs are completely cleared and change is sent to a brand-new address), her public key coordinates are only exposed for the brief window of time it takes to mine her transaction into a block. This makes her wallet completely secure against quantum computers!