Bitcoin Address Generation
Understand how public keys become Bitcoin addresses through multiple hash operations.
The Complete Process
Bitcoin addresses are not random-they're derived from public keys through a series of hash operations. This process creates short, verifiable addresses while maintaining cryptographic security.
Private Key (256 bits) ↓ ECDSA (secp256k1) Public Key (33 or 65 bytes) ↓ SHA-256 SHA-256 Hash (32 bytes) ↓ RIPEMD-160 Public Key Hash (20 bytes) ↓ Add version byte + checksum ↓ Base58Check encoding Bitcoin Address (25-34 characters) Step 1: Generate Private Key
A Bitcoin private key is a 256-bit random number. This is the secret that controls your funds.
18e14a7b6a307f426a94f8114701e7c8e774e7f9a47e2c2035db29a206321725 This must be generated using a cryptographically secure random number generator. Never use predictable sources like timestamps or Math.random().
Anyone with your private key can spend your Bitcoin. Never share it, never store it in plain text, and never generate it using weak randomness.
Step 2: Derive Public Key
The public key is derived from the private key using elliptic curve cryptography (secp256k1 curve). This is a one-way operation-you cannot derive the private key from the public key.
Public Key = Private Key × G Where G is the generator point on the secp256k1 curve. This multiplication is done using elliptic curve point addition, not regular multiplication.
Uncompressed vs Compressed
04 + x-coordinate (32 bytes) + y-coordinate (32 bytes) 02/03 + x-coordinate (32 bytes) Compressed keys save space by storing only the x-coordinate and a prefix indicating whether y is even or odd. Modern wallets use compressed keys by default.
Step 3: Hash with SHA-256
The first hash operation applies SHA-256 to the public key.
0250863ad64a87ae8a2fe83c1af1a8403cb53f53e486d8511dad8a04887e5b2352 0b7c28c9b7290c98d7438e70b3d3f7c848fbd7d1dc194ff83f4f7cc9b1378e98 Step 4: Hash with RIPEMD-160
The second hash operation applies RIPEMD-160 to the SHA-256 hash, creating a 20-byte public key hash.
0b7c28c9b7290c98d7438e70b3d3f7c848fbd7d1dc194ff83f4f7cc9b1378e98 f54a5851e9372b87810a8e60cdd2e7cfd80b6e31 Using both SHA-256 and RIPEMD-160 provides defense-in-depth. If one hash function is broken, the other still provides security. It also reduces the address size from 32 bytes to 20 bytes.
Step 5: Add Version Byte
A version byte is prepended to indicate the address type. For standard Bitcoin addresses (P2PKH), the version byte is 0x00.
- -0x00: P2PKH (starts with "1")
- -0x05: P2SH (starts with "3")
- -0x6F: Testnet P2PKH (starts with "m" or "n")
00f54a5851e9372b87810a8e60cdd2e7cfd80b6e31 Step 6: Calculate Checksum
A checksum is added to detect typos in addresses. It's the first 4 bytes of the double SHA-256 hash of the versioned payload.
1. SHA-256(versioned payload) 2. SHA-256(result from step 1) 3. Take first 4 bytes c7f18fe8 00f54a5851e9372b87810a8e60cdd2e7cfd80b6e31c7f18fe8 The checksum detects typos when entering addresses manually. If you mistype a character, the checksum won't match, and wallets will reject the address before sending funds to the wrong place.
Step 7: Base58Check Encoding
The final step encodes the data in Base58Check format, which uses 58 characters (excluding 0, O, I, l to avoid confusion).
123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz 00f54a5851e9372b87810a8e60cdd2e7cfd80b6e31c7f18fe8 1PMycacnJaSqwwJqjawXBErnLsZ7RkXUAs Modern Address Types
P2PKH (Pay-to-Public-Key-Hash)
Legacy address format. Starts with "1". Uses the process described above.
1PMycacnJaSqwwJqjawXBErnLsZ7RkXUAs P2SH (Pay-to-Script-Hash)
Starts with "3". Used for multisig and SegWit-wrapped addresses. Version byte 0x05.
3J98t1WpEZ73CNmYviecrnyiWrnqRhWNLy Bech32 (Native SegWit)
Starts with "bc1". Uses Bech32 encoding instead of Base58. Lower fees and better error detection.
bc1qw508d6qejxtdg4y5r3zarvary0c5xw7kv8f3t4 Taproot (P2TR)
Starts with "bc1p". Latest address format with enhanced privacy and smart contract capabilities.
bc1p5cyxnuxmeuwuvkwfem96lqzszd02n6xdcjrs20cac6yqjjwudpxqkedrcr Address Validation
To validate a Bitcoin address, reverse the encoding process and verify the checksum.
- 1.Base58 decode the address
- 2.Split into payload and checksum (last 4 bytes)
- 3.Double SHA-256 hash the payload
- 4.Compare first 4 bytes of hash with checksum
- 5.If they match, address is valid
Security Considerations
Address Reuse
Don't reuse addresses. Generate a new address for each transaction to maintain privacy. Reusing addresses links transactions together and reduces anonymity.
Quantum Resistance
Bitcoin addresses hide the public key until coins are spent. This provides some quantum resistance- quantum computers can't attack addresses that haven't revealed their public keys.
Vanity Addresses
Custom addresses (like 1Bitcoin...) are generated by brute force-trying billions of private keys until finding one that produces the desired address. This is computationally expensive but safe.
Try It Yourself
Use our tools to explore Bitcoin address generation:
Hash Calculator
Hash public keys with SHA-256 and RIPEMD-160 to see the intermediate steps.
Try Hash Calculator →Blockchain Explorer
Look up real Bitcoin addresses and see their transaction history.
Try Blockchain Explorer →The Bottom Line
Bitcoin addresses are the result of multiple hash operations that transform public keys into short, verifiable identifiers. This process provides security (hiding the public key), integrity (checksum detection), and usability (human-readable format). Understanding address generation helps you appreciate the elegant cryptography that makes Bitcoin work.
Official Resources
Bitcoin Standards & Documentation
- → Bitcoin Developer Guide: Wallets (Bitcoin.org)
- → BIP 173: Bech32 Address Format (Bitcoin)
- → BIP 350: Bech32m for Taproot (Bitcoin)
Cryptographic Standards
- → FIPS 180-4: SHA-256 Specification (NIST)
- → RIPEMD-160 Specification (KU Leuven)
- → SEC 2: secp256k1 Curve (SECG)
Implementation References
- → Bitcoin Core Repository (Bitcoin)
- → Bitcoin Wiki: Address Generation (Bitcoin Wiki)