I. Overview.
In the (public key) section, we discussed the mechanism of public key generation, and based on the format of the private key, different forms of public keys can be generated: 'uncompressed public key' and 'compressed public key'. The public key is inherently public; can't it be used directly as an address? Why go through the trouble of converting it into an address?
There are three main reasons.
First: The public key has two forms, compressed and uncompressed, with different lengths—one is 65 bytes (1-byte prefix + 32-byte x value + 32-byte y value) and the other is 33 bytes (1-byte prefix + 32-byte x value). There may be a third or fourth format in the future, making the number of public key formats presented to the user too many, which could be confusing.
Second: The length of the public key is relatively long. A shorter hash method can be selected for the computation results, which can not only unify the length but also reduce the size, easing the pressure of storage and search on the blockchain.
Third: It is almost impossible to deduce the private key from the public key. Now, an address is added to hide the public key, further enhancing the protection of the Bitcoin system.
Fourth: Since the public key needs to be modified to become an address, the address can be designed, increasing extensibility, such as supporting more complex script locks.
II. Public key generates address.
In the (public key) section, we discussed how the public key is generated, and the addresses generated from uncompressed and compressed formats of the public key are also different, depending on the type of wallet. Currently, almost all wallets support compressed format private keys, so the public key is also in compressed format.
Here we will explain the process of generating an address from a 'compressed public key'. The process for generating an address from an 'uncompressed public key' is the same.
Figure 1 shows the general process of generating a Bitcoin address from a public key. The 'data' in the second image refers to 'public key hash'.
1. Perform double hash | HASH160 operation on the public key to obtain the public key hash value.
We choose the compressed public key generated in the (public key) section as the starting point: compressed public key: 0x03F028892BAD7ED57D2FB57BF33081D5CFCF6F9ED3D3D7F159C2E2FFF579DC341A.
Using tools, first perform SHA-256 operation (make sure to select input as HEX, i.e., hexadecimal data; if treated as an ASCII string, the result will be completely different). The result is:
448997AE8759EB23D6C6B67DE6FC3419006CBF061617C3E07323AAF5BCD53476.
Using tools, perform RIPEMD-160 operation on this result (make sure to select input as HEX, i.e., hexadecimal data; if treated as an ASCII string, the result will be completely different), yielding the 'public key hash value':
BBC1E42A39D05A4CC61752D6963B7F69D09BB27B.
This result is a 160-bit binary, 40 hexadecimal characters, and is 20 bytes in size.
2. Add version prefix '0x00' to the 'public key hash value'.
The prefix indicates that this is an address on the Bitcoin mainnet (if the prefix is 0x6F, it indicates an address on the Bitcoin testnet). After adding, it becomes: 0x00BBC1E42A39D05A4CC61752D6963B7F69D09BB27B.
3. Calculate the checksum (i.e., SHA-256 twice).
After two computations, we obtain: 37FEFCD01823FDBCE992747702D2420B11A5D266B92D516A93AA83F336CE8241.
Obtained checksum: 37FEFCD0.
4. Perform Base58Check encoding.
Connecting the prefix + public key hash value + checksum yields:
0x00BBC1E42A39D05A4CC61752D6963B7F69D09BB27B37FEFCD0
Using tools to perform Base58 encoding, the final Bitcoin address is:
1J7mdg5rbQyUHENYdx39WVWK7fsLpEoXZy
