A Bitcoin transaction occurs when an address A sends money to address B.
Addresses are something like a bank account: they hold money.
Every address is owned by an entity that has control of it.
An entity controls an address (and the money stored in it) by holding the private key related to that address.
A private key is similar to a bank account password and is required to sign transactions to make them valid.
The generation of private keys, public keys and addresses are explained below.
Private keys are required to spend Bitcoins stored in an address.
If Alice knows the private key of a Bitcoin address she can spend the money stored in that address.
Therefore, private keys:
- proof ownership of funds used in a transaction
- create a signature for a transaction to be included in the blockchain
Generating a private key
Bitcoin addresses are generated from a public key that is generated from a private key.
A private key is generated by picking a number between 1 and n-1, where n is a constant (n = 1.158*10^77, slightly less than 2^256)
So, all we have to do is pick a 256-bit random number and check that it is less than n-1.
It must have a secure source of entropy, or randomness.
The website bitaddress.org can be used to create bitcoin addresses.
For entropy it uses random mouse pointer movements.
A public key is calculated from a private key using elliptic curve multiplication, which is irreversible: K = k*G.
k is the private key, G is a constant point called the Generator point and K is the resulting public key.
Getting the private key from the public key is only achievable by brute-force.
A public key cannot be converted into a private key because the math only works one way.
Most bitcoin implementations use the OpenSSL cryptographic library to do the elliptic curve math.
For example, to derive the public key, the function EC_POINT_mul() is used.
Bitcoin addresses are similar with paper checks: they don't need to specify an account, but rather use an abstract name as the recipient of funds.
It makes paper checks very flexible as payment instruments.
Bitcoin transactions use a similar abstraction (the bitcoin address) to make them very flexible.
A Bitcoin address can represent:
- the owner of a private/public key pair
- or something else, such as a payment script (see P2SH: pay to script hash)
A Bitcoin address is NOT the same as a public key.
Bitcoin addresses are derived from a public key through the use of one-way cryptographic hashing functions.
Generating a Bitcoin addresses
The algorithms used are:
SHA (Secure Hash Algorithm)
RIPEMD (RACE Integrity Primitives Evaluation Message Digest)
Specifically: SHA256 and RIPEMD160. The combination of these two is called a "double hash" or HASH160.
Starting with the public key K, we compute the Bitcoin address A as follows:
A = RIPEMD160( SHA256( K ) )
The result is a 160 bit (20 byte number).
Representing Bitcoin addresses
Bitcoin addresses are almost always presented to users in a encoding called "Base58Check".
It uses 58 characters and a checksum.
For us to represent big numbers in less characters we use different notations.
The hexadecimal notation gives us 16 characters:
The Base-64 gives us 64 characters:
26 lower case letters: abcdefghijklmnopqrstuvwxyz
26 capital letters: ABCDEFGHIJKLMNOPQRSTUVWXYZ
10 numerals: 0123456789
2 more characters such as '+' and '/' +/
So, it allows a representation from 0 to 63:
Base-58 is a subset of Base-64, using the upper and lower case letters and numbers.
The difference is that it eliminates some characters that are frequently mistaken from one another.
Example: O e 0, l e I.
Example of a Bitcoin address:
Hash functions: here
Elliptic curve point multiplication (Wikipedia): here
Pay to script hash (Bitcoin wiki): here
Base-64 notation (Wikipedia): here
How to create Bitcoin Address: here
Last update: 03/09/2018