DEV Community: Joseph Emmanuel The latest articles on DEV Community by Joseph Emmanuel (@astrojose). https://dev.to/astrojose https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F237028%2F2adb6cde-0a4f-4439-a1b6-7c841b2efa46.jpeg DEV Community: Joseph Emmanuel https://dev.to/astrojose en Understanding keys and addresses in bitcoin Joseph Emmanuel Wed, 16 Jun 2021 09:49:49 +0000 https://dev.to/astrojose/understanding-keys-and-addresses-in-bitcoin-c0c https://dev.to/astrojose/understanding-keys-and-addresses-in-bitcoin-c0c <p>Understanding the blockchain and decentralized applications is hard. But learning fundamental concepts increases the speed of understanding. In this article, concepts of digital keys, signatures and addresses are explored based on programming perspective. They can be really useful when you want to implement blockchain apps like wallets, mining software, bitcoin explores, bitcoin e-commerce etc.</p> <h2> What is decentralization in bitcoin </h2> <p>Decentralized systems are are interconnected systems where no party has overall control of they system. As digital payment system, bitcoin provide this form of system where there is no central entity (like banks) that control the flow of transactions.</p> <h2> The cryptography behind: keys and signatures </h2> <p>Digital keys and signatures are fundamental to decentralization of trust. Bitcoin uses pair of related keys(private and public) based on public-key cryptography. Private keys are only known to owner while public keys are may be known by anyone. A sender encrypts a message with receiver's public key(shared publicly) , and sends it publicly, it can only be decrypted with receiver's private keys.<br><br> <br></p> <p>In bitcoin transaction <em>Digital Signature or witness</em> is used to prove that one has a private key connected to public key without revealing the private key. Private keys are used to produce digital signature. While signature can be <em>verified</em> by anyone with public key, it can only be <em>produced</em> by someone with knowledge of private key. This concept of verification of transactions is important because bitcoin is based on peer to peer network.</p> <h2> Comparing to bank account terms </h2> <p>Recipient's public key is not shared publicly itself, it is represented by bitcoin address which works as beneficiary name in banking. Private keys are like pass code and public keys are like account numbers. Witness or digital signature is like normal hand signature that shows you are the owner of account.</p> <h2> The fun part: generating keys </h2> <p>Basically keys are just strings of characters e.g <code>30848827712021293731208415302456569301499384652082</code> in decimal or <code>4433d156ea29436f29a94e0ccc5d58df8e57bdc8583c32</code> in hexadecimal.<br><br> <br></p> <p>All these keys are related to each other. Hash function are used to transform keys from one form to another e.g from private key to form public keys, public keys to bitcoin address.<br> <br></p> <h2> Generating private keys </h2> <p>Generating keys is like choosing random number. Bitcoin uses 256-bits number for randomness. Any number is picked at range of <code>1 to ~2**256</code>. Simply a binary number with 256 1s and 0s like:-<br><br> <code>000100011011010110010001001101101100101...</code> </p> <p><code>2**256</code> is very huge number ~ <code>10**77</code>, which is much larger than number of atoms in and on the earth approximately <code>10**50</code> !!!(Imagine a number with 50 figures). </p> <p>This binary number can be converted to decimal number (contain numbers 0-9)<br><br> <code>80101199751367646086581405402432952544...</code> </p> <p>Or into hexadecimal (contain 0-9 numbers plus 6 alphabet characters a-f)<br><br> <code>11B59136CB932F78ACB0EE67864D23A830D1BF...</code><br><br> <br><br> Here is the code..<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">sha256</span> <span class="o">=</span> <span class="nx">require</span><span class="p">(</span><span class="nx">sha256</span><span class="p">)</span> <span class="kd">let</span> <span class="nx">privKey</span> <span class="o">=</span> <span class="nx">sha256</span><span class="p">(</span><span class="dl">'</span><span class="s1">secret</span><span class="dl">'</span><span class="p">)</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="dl">'</span><span class="s1">&gt; Private Key: </span><span class="dl">'</span><span class="p">,</span><span class="nx">privKey</span><span class="p">)</span> <span class="c1">// &gt; Private Key: 2bb80d537b1da3e38bd30361aa855686bde0eacd7162fef6a25fe97bf527a25b</span> </code></pre> </div> <h2> Base58check encoding </h2> <p>The above key is hexadecimal(<strong>Hex</strong>), represented in Base64 which includes 64 characters(52 lowercase and capital letters, 10 numerals, 2 more characters "+" and "/" ).<br><br> Some character can be easily mistaken or confused e.g letter l, number 1 and letter I, letter O and zero 0.<br><br> Bitcoin uses Base58 encoding to represent keys, the same as Base64 but it excludes 6 characters(0,O,l,I,+ and /). So the bitcoin Base58 alphabet is <code>123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz</code> </p> <p><strong>Base58check</strong> encoding is like error-checking code, it prevents inscriptional errors. </p> <h2> Generating private key WIF </h2> <p>The Base58check encoded private key with 5 prefix is called <strong>Wallet Import Format(WIF)</strong> which is used in importing and exporting keys in wallets and generating QR codes.<br><br> It can be done in four steps</p> <ol> <li>We add version byte(0x80 in hex) which is used as prefix in encoding private keys(prefix + private key). </li> <li>SHA256 is applied twice(double-SHA) to prefixed private key to get checksum.</li> <li>First bytes of checksum is appended to result of step 1 and the result is encoded into base58 format.</li> </ol> <p>Lets write some code to do the trick, with help of <code>sha256</code> and <code>bs58</code> libraries.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">sha256</span> <span class="o">=</span> <span class="nx">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">sha256</span><span class="dl">'</span><span class="p">)</span> <span class="kd">const</span> <span class="nx">base58</span> <span class="o">=</span> <span class="nx">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">bs58</span><span class="dl">'</span><span class="p">)</span> <span class="kd">let</span> <span class="nx">doubleHash</span> <span class="o">=</span> <span class="nx">sha256</span><span class="p">.</span><span class="nx">x2</span><span class="p">(</span><span class="dl">'</span><span class="s1">80</span><span class="dl">'</span> <span class="o">+</span> <span class="nx">privKey</span><span class="p">)</span> <span class="kd">let</span> <span class="nx">checksum</span> <span class="o">=</span> <span class="nx">doubleHash</span><span class="p">.</span><span class="nx">substring</span><span class="p">(</span><span class="mi">0</span><span class="p">,</span> <span class="mi">8</span><span class="p">);</span> <span class="kd">let</span> <span class="nx">payload</span> <span class="o">=</span> <span class="nx">Buffer</span><span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="dl">'</span><span class="s1">80</span><span class="dl">'</span><span class="o">+</span><span class="nx">privKey</span><span class="o">+</span><span class="nx">checksum</span><span class="p">,</span> <span class="dl">'</span><span class="s1">hex</span><span class="dl">'</span><span class="p">)</span> <span class="kd">let</span> <span class="nx">b58</span> <span class="o">=</span> <span class="nx">base58</span><span class="p">.</span><span class="nx">encode</span><span class="p">(</span><span class="nx">payload</span> <span class="p">)</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="dl">"</span><span class="s2">&gt; Private Key WIF: </span><span class="dl">"</span><span class="p">,</span> <span class="nx">b58</span><span class="p">)</span> <span class="c1">// &gt; Private Key WIF: 5J9YKiVU3AWNkCa2zfQpj1f2NAeMQhLsYU51N8NM28J1bSNQL2S</span> </code></pre> </div> <h2> Generating public key from private key </h2> <p>Because private key is your secret, we can use the private key to create signature that anyone can verify without having the actual private key with the help of public key.<br> Public key is generated from private key by using one way cryptographic function called <a href="https://en.wikipedia.org/wiki/Elliptic_curve_point_multiplication"><em>Elliptic Curve Multiplication</em></a> where its easy to do in one direction but impossible to do in reverse. It involves some complex maths, you can learn more math <a href="https://fangpenlin.com/posts/2019/10/07/elliptic-curve-cryptography-explained/">here</a> and <a href="https://en.wikipedia.org/wiki/Elliptic_curve_point_multiplication#:~:text=Elliptic%20curve%20scalar%20multiplication%20is,producing%20a%20one%2Dway%20function.">here</a>. </p> <blockquote> <p>Elliptic-curve cryptography (ECC) is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. ECC allows smaller keys compared to non-EC cryptography (based on plain Galois fields) to provide equivalent security. - Wikipedia </p> </blockquote> <p>In bitcoin, there is special parameters for elliptic curve called <code>secp256k1</code> with ECDSA algorithms as defined in [Standards for efficient Cryptography(SEC)] learn <a href="https://en.bitcoin.it/wiki/Secp256k1">more</a>. </p> <p>Lets focus on coding part, we use javascript implementation of elliptic curves (<code>elliptic</code> library) to generate public key from private key and <code>secp256k1</code> for curve standard elliptic curve parameters.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="c1">// new instance of elliptic curve with secp256k1 parameters</span> <span class="kd">let</span> <span class="nx">EC</span> <span class="o">=</span> <span class="nx">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">elliptic</span><span class="dl">'</span><span class="p">).</span><span class="nx">ec</span> <span class="kd">let</span> <span class="nx">ec</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">EC</span><span class="p">(</span><span class="dl">'</span><span class="s1">secp256k1</span><span class="dl">'</span><span class="p">)</span> <span class="c1">// our previous generated private key</span> <span class="nx">privKey</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">2bb80d537b1da3e38bd30361aa855686bde0eacd7162fef6a25fe97bf527a25b</span><span class="dl">'</span> <span class="c1">// generate key pairs from curve</span> <span class="kd">let</span> <span class="nx">kp</span> <span class="o">=</span> <span class="nx">ec</span><span class="p">.</span><span class="nx">keyFromPrivate</span><span class="p">(</span><span class="nx">privKey</span><span class="p">);</span> <span class="c1">// get public key point (x,y)</span> <span class="kd">let</span> <span class="nx">pubPoint</span> <span class="o">=</span> <span class="nx">kp</span><span class="p">.</span><span class="nx">getPublic</span><span class="p">()</span> <span class="c1">// get uncompressed public key</span> <span class="kd">let</span> <span class="nx">pubKey</span> <span class="o">=</span> <span class="nx">pubPoint</span><span class="p">.</span><span class="nx">encode</span><span class="p">(</span><span class="dl">'</span><span class="s1">hex</span><span class="dl">'</span><span class="p">)</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="dl">"</span><span class="s2">&gt; Uncompressed Public Key : </span><span class="dl">"</span><span class="p">,</span> <span class="nx">pubKey</span><span class="p">)</span> <span class="c1">// &gt; Uncompressed Public Key : 04a02b9d5fdd1307c2ee4652ba54d492d1fd11a7d1bb3f3a44c4a05e79f19de933924aa2580069952b0140d88de21c367ee4af7c4a906e1498f20ab8f62e4c2921</span> </code></pre> </div> <h2> Compressing the public key. </h2> <p>Because the public key is the point in the curve, it is represented in form of coordinates x and y. Uncompressed public key contains prefix(04) + x coordinates + y coordinates making 520 bits of data. Compression of public key reduces size used by 50% hence reduce the cost of transaction. To compress a public key, only add a prefix to x coordinate. A prefix depends on the nature of y coordinates. If y coordinate is even, then a prefix is 02, else prefix is 03.</p> <blockquote> <p>Tip: Hexadecimal number is even if it is divisible by 2, meaning it end with 0,2,4,6,8,A,C, and E.<br> </p> </blockquote> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="kd">let</span> <span class="nx">ec</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">EC</span><span class="p">(</span><span class="dl">'</span><span class="s1">secp256k1</span><span class="dl">'</span><span class="p">)</span> <span class="nx">privKey</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">2bb80d537b1da3e38bd30361aa855686bde0eacd7162fef6a25fe97bf527a25b</span><span class="dl">'</span> <span class="kd">let</span> <span class="nx">kp</span> <span class="o">=</span> <span class="nx">ec</span><span class="p">.</span><span class="nx">keyFromPrivate</span><span class="p">(</span><span class="nx">privKey</span><span class="p">);</span> <span class="kd">let</span> <span class="nx">pubPoint</span> <span class="o">=</span> <span class="nx">kp</span><span class="p">.</span><span class="nx">getPublic</span><span class="p">()</span> <span class="c1">// Public key point from a curve.</span> <span class="c1">// get coordinates</span> <span class="kd">let</span> <span class="nx">x</span> <span class="o">=</span> <span class="nx">pubPoint</span><span class="p">.</span><span class="nx">getX</span><span class="p">();</span> <span class="kd">let</span> <span class="nx">y</span> <span class="o">=</span> <span class="nx">pubPoint</span><span class="p">.</span><span class="nx">getY</span><span class="p">();</span> <span class="kd">let</span> <span class="nx">pub</span> <span class="o">=</span> <span class="p">{</span> <span class="na">x</span><span class="p">:</span> <span class="nx">x</span><span class="p">.</span><span class="nx">toString</span><span class="p">(</span><span class="dl">'</span><span class="s1">hex</span><span class="dl">'</span><span class="p">),</span> <span class="na">y</span><span class="p">:</span> <span class="nx">y</span><span class="p">.</span><span class="nx">toString</span><span class="p">(</span><span class="dl">'</span><span class="s1">hex</span><span class="dl">'</span><span class="p">)</span> <span class="p">};</span> <span class="c1">// x = a02b9d5fdd1307c2ee4652ba54d492d1fd11a7d1bb3f3a44c4a05e79f19de933</span> <span class="c1">// y = 924aa2580069952b0140d88de21c367ee4af7c4a906e1498f20ab8f62e4c2921</span> <span class="c1">// we use '03' prefix because y is odd (ends with 3)</span> <span class="nx">compressedPub</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">03</span><span class="dl">'</span><span class="o">+</span><span class="nx">pub</span><span class="p">.</span><span class="nx">x</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="dl">"</span><span class="s2">&gt; Compressed Public Key : </span><span class="dl">"</span><span class="p">,</span> <span class="nx">compressedPub</span><span class="p">)</span> <span class="c1">// &gt; Compressed Public Key : 03a02b9d5fdd1307c2ee4652ba54d492d1fd11a7d1bb3f3a44c4a05e79f19de933</span> </code></pre> </div> <h2> Generating bitcoin address from public key </h2> <p>Bitcoin address is an actual string of alphanumeric characters that can be shared with anyone want to send you money. In bitcoin transactions, it appears as <em>recipient</em> of funds. Usually start with 1 or 3. </p> <p>Bitcoin address is derived from public key through one-way cryptographic hashing algorithms specifically, <em>Secure Hash Algorithm(SHA256)</em> and <em>RACE Integrity Primitives Evaluation Message Digest (RIPEMD160)</em>. A public key is passed on SHA256, the result is computed with RIPEMD160 to generate public key hash which is then encoded with base58check encoding. the result is bitcoin address B.</p> <p>Starting with public key P.</p> <p><code>Bitcoin Address = RIPEMD160(SHA256(P))</code>. We can use specified javascript implementations to do the trick<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">sha256</span> <span class="o">=</span> <span class="nx">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">sha256</span><span class="dl">'</span><span class="p">)</span> <span class="kd">const</span> <span class="nx">base58</span> <span class="o">=</span> <span class="nx">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">bs58</span><span class="dl">'</span><span class="p">)</span> <span class="kd">const</span> <span class="nx">ripemd160</span> <span class="o">=</span> <span class="nx">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">ripemd160</span><span class="dl">'</span><span class="p">)</span> <span class="c1">// using our public key</span> <span class="kd">let</span> <span class="nx">pubKey</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">03a02b9d5fdd1307c2ee4652ba54d492d1fd11a7d1bb3f3a44c4a05e79f19de933</span><span class="dl">'</span> <span class="kd">let</span> <span class="nx">addrHash</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">ripemd160</span><span class="p">().</span><span class="nx">update</span><span class="p">(</span><span class="nx">sha256</span><span class="p">(</span><span class="nx">pubKey</span><span class="p">)).</span><span class="nx">digest</span><span class="p">(</span><span class="dl">'</span><span class="s1">hex</span><span class="dl">'</span><span class="p">)</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="dl">"</span><span class="s2">&gt; Unencoded Bitcoin Address: </span><span class="dl">"</span><span class="p">,</span> <span class="nx">addrHash</span><span class="p">)</span> <span class="c1">// base58check encoding</span> <span class="kd">let</span> <span class="nx">doubleHash</span> <span class="o">=</span> <span class="nx">sha256</span><span class="p">.</span><span class="nx">x2</span><span class="p">(</span><span class="nx">Buffer</span><span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="dl">'</span><span class="s1">00</span><span class="dl">'</span> <span class="o">+</span> <span class="nx">addrHash</span><span class="p">,</span> <span class="dl">'</span><span class="s1">hex</span><span class="dl">'</span><span class="p">))</span> <span class="kd">let</span> <span class="nx">checksum</span> <span class="o">=</span> <span class="nx">doubleHash</span><span class="p">.</span><span class="nx">substring</span><span class="p">(</span><span class="mi">0</span><span class="p">,</span> <span class="mi">8</span><span class="p">);</span> <span class="kd">let</span> <span class="nx">payload</span> <span class="o">=</span> <span class="nx">Buffer</span><span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="dl">'</span><span class="s1">00</span><span class="dl">'</span><span class="o">+</span><span class="nx">addrHash</span><span class="o">+</span><span class="nx">checksum</span><span class="p">,</span> <span class="dl">'</span><span class="s1">hex</span><span class="dl">'</span><span class="p">)</span> <span class="kd">let</span> <span class="nx">encodedAddr</span> <span class="o">=</span> <span class="nx">base58</span><span class="p">.</span><span class="nx">encode</span><span class="p">(</span><span class="nx">payload</span><span class="p">)</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="dl">"</span><span class="s2">&gt; Bitcoin Address: </span><span class="dl">"</span><span class="p">,</span> <span class="nx">encodedAddr</span><span class="p">)</span> <span class="c1">//&gt; Bitcoin Address: 18bQKgFRihZHejbMWimUgUQfAV5t1TAPkh</span> </code></pre> </div> <h2> Checking our the work </h2> <p>Now we have a Bitcoin address that can receive and send bitcoins. We can check if the address is valid through this <a href="https://blockchain.info/explorer">bitcoin explorer</a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--qT92D2Z7--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/de9tgnlggebv2q7ei4kv.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--qT92D2Z7--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/de9tgnlggebv2q7ei4kv.png" alt="Address on explorer"></a></p> <h2> Final words </h2> <p>You now can generate your own bitcoin address and use for transactions. There is some more improvement of bitcoin keys that I haven't touched as this article is based on understanding the basics of generating bitcoin keys. Good understanding of the process of generating these keys, play a big role in working with bitcoin stuff, e.g keys and addresses, signing and verification of transactions etc. </p> <p>If you have any thought about this article, you can you can mail me at <a href="//mailto:jose@astrojose.xyz">jose@astrojose.xyz</a></p> bitcoin blockchain cryptography crypto