Keys
Keys are used to control the ownership of bitcoins.
To "send" and "receive" bitcoins, all you need is to generate a private key and public key pair.
- The public key is placed inside the lock of an output when you want to "send" someone bitcoins in a transaction.
- The private key is then used to create a signature to unlock that output when you want to "spend" it as an input in a new transaction.
The private key and public key pair are mathematically connected. As are the signatures.
So when you provide a signature alongside a public key, there will be a mathematical connection between the two, which is what "unlocks" bitcoins for spending in transactions.
In other words, the signature allows you to provide a one-time proof that you are the owner of the private key that the public key was created from. Nobody can produce a signature that has a mathematical connection to the public key unless they have access to the original private key.
Using signatures means that you don't have to reveal the original private key, which prevents anyone from stealing any other bitcoins locked to the same public key.
This mechanism is known as public key cryptography. It existed before Bitcoin was created, and Satoshi simply made use of it as a way to control the ownership of coins.
Lastly, in Bitcoin we convert these public keys to addresses, which are simply human-friendly encodings of the public keys.
So when you "send" bitcoins to someone's address, you're actually just locking up some bitcoins to their public key.
Private Key¶
Generate Random Reset
Bits
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
Binary
0b
0 bits
Decimal
0d
Hexadecimal
0x
0 bytes
Never use a private key generated by a website, or enter your private key into a website. Websites can easily save the private key and use it to steal your bitcoins.
0 secs
Example Private Key:
aeae8733ac057ef3591f1587390bcc620fdc4b8d91a0afe88c2e95168eccd8b4
A private key is a 256-bit randomly generated number.
The range of valid private keys is between 0 and 115792089237316195423570985008687907852837564279074904382605163141518161494336.
Private keys are typically displayed as 32-byte hexadecimal strings. But ultimately it's still just a random number.
The actual valid range of private keys is slightly less than the maximum possible 256-bit value. This is due to mathematics involved in how the subsequent public key is calculated.
There are so many possible private keys that generating one randomly is enough to ensure that nobody else will generate the same one as you. It seems hard to believe, but honestly, a 256-bit number is so large that it's effectively impossible for any two individuals to generate the same random number within that range.
Public Key¶
Generate Random
Private Key
0 bytes
Public Key
Coordinates
x:
0d
y:
0d
parity:
A public key is just a point on an elliptic curve. The final public key is these coordinates in hexadecimal.
Compression Compressed (02 or 03 prefix) Uncompressed (04 prefix) x-only (no prefix)
The elliptic curve is symmetrical along the x-axis, so a compressed public key only needs to store the full x-coordinate and whether the y-coordinate is even or odd.
An x-only public key is used in Taproot outputs. The corresponding y-coordinate is assumed to be even.
0 bytes
Never enter your private key into a website, or use a private key generated by a website. Websites can easily save the private key and use it to steal your bitcoins.
0 secs
Example Public Key (compressed):
022f5282edbbee94d0c42afa3c169ef2b03f23914c5bd4a44abbbdbdacc865dd47
A public key is a set of coordinates calculated from a private key.
This set of coordinates is calculated using elliptic curve cryptography, which is what creates a mathematical connection between the private key and public key.
This special mathematical connection is what allows us to generate signatures from the private key too, which will also have a mathematical connection to the public key. This means we can prove we have the private key without having to reveal it.
Anyway, when you see a public key, you're actually looking at a set of x and y coordinates on very large graph.
Compressed Public Keys. Even though the public key is a set of x and y coordinates, due to the mathematics of elliptic curve cryptography we do not actually have to store the full y-coordinate of the public key. Instead, we can simply store the 32-byte (256-bit) x-value, along with a 1-byte prefix to indicate whether the y-coordinate is even or odd. This is known as a compressed public key, and it's the most common type of public key you'll see and use in Bitcoin.
Address¶
An address is basically a human-friendly encoding of a public key.
There are a couple benefits to using an address over a raw public key:
- Shorter. An address is shorter than a public key. This makes it quicker write out manually, should you need to.
- Error Detection. An address contains a checksum, which helps to detect errors if you happen to make a mistake. This helps to prevent sending bitcoins to an invalid public key and losing them forever.
Now, there are actually different types of addresses you can use in Bitcoin. The type you use depends on the type of lock you want to place on an output:
Base58 Address (P2PKH)¶
This is a legacy address format. This format was commonly used up until 2016 before the Segregated Witness upgrade was introduced. You can still use it, but it's now more common to use Bech32 addresses (see below).
A base58 address corresponds to a legacy P2PKH locking script.
To create a base58 address, you first need to shorten the public key by putting it through HASH160. This shortens it from 33-bytes to a 20-byte public key hash:
Data (Hex)
A public key or script for example
0 bytes
SHA-256
RIPEMD-160
HASH160
RIPEMD-160(SHA-256(data))
0 bytes
0 secs
Example Public Key Hash:
5a42499bf73f175901bd5cffa14c535c6ee5afb0
You then put this public key hash through Base58Check encoding, which adds a checksum to the public key hash and then converts the whole thing to base58 characters.
There is also a 1-byte 00 prefix at the start, which is used to identify that the address contains a public key hash and should be used to create a P2PKH lock:
Generate Random
Prefix1 byte
Type P2PKH P2SH P2PKH (Testnet) P2SH (Testnet)
HASH1600 bytes
Checksum0 bytes
Address
Base58 encoding of the above data
0 characters
0 secs
Example Address (Base58):
19EFE1CjwGqrXTUau6z35LQUTs9LvioX7t
So if you "send" bitcoins to this address using a bitcoin wallet, the wallet will create a P2PKH locking script using the public key hash contained within the address.
The base58 address format is also used for P2SH, which contains a script hash instead of a public key hash.
Bech32 Address (P2WPKH)¶
A bech32 address corresponds to a P2WPKH locking script.
To create a bech32 address, you start by shortening a 33-byte compressed public key by putting it through HASH160 to get a 20-byte public key hash:
Data (Hex)
A public key or script for example
0 bytes
SHA-256
RIPEMD-160
HASH160
RIPEMD-160(SHA-256(data))
0 bytes
0 secs
Example Public Key Hash:
5a42499bf73f175901bd5cffa14c535c6ee5afb0
You must only use compressed public keys when creating a bech32 address.
Before converting this public key hash to a bech32 address, you need to construct the full P2WPKH ScriptPubKey.
In short, this is a prefix of 0014 followed by the 20-byte public key hash. For example:
Example P2WPKH ScriptPubKey:
00145a42499bf73f175901bd5cffa14c535c6ee5afb0
You can then convert this full P2WPKH ScriptPubKey to bech32:
Generate Random
ScriptPubKey
Version
OP_0 (P2WPKH or P2WSH)
OP_1 (P2TR)
Data
(public key hash or script hash)
0 bytes
Hex
0 bytes
Type:
Network Mainnet Testnet Regtest
Address
Bech32 encoding of the ScriptPubKey
0 characters
0 secs
Example Address (Bech32):
bc1qtfpynxlh8ut4jqdatnl6znznt3hwttasryr8d0
So if you "send" bitcoins to this address using a bitcoin wallet, the wallet will create a P2WPKH locking script using the public key hash contained within the address.
Whereas a base58 address is created by just using the public key hash only, a bech32 address is created from a public key hash within a full ScriptPubKey.
The bech32 address format is also used for P2WSH locking scripts, which contains a script hash instead of a public key hash.
Summary¶
To send and receive bitcoins you need to be able to generate a pair of keys; a private key and a public key.
These private keys and public keys are just numbers that you can generate on your own computer. They're mathematically connected, and this mathematical connection is what allows us to "send" and "receive" bitcoins. This special type of mathematics is known as elliptic curve cryptography, and it existed before Bitcoin.
In Bitcoin, we typically convert the public key to an address, which makes it shorter and more user-friendly when sending bitcoins using bitcoin wallets.
These addresses contain the public key hash, and they correspond to the specific type of lock we want to place on some bitcoins (e.g. P2PKH or P2WPKH). The type of address therefore indicates how the public key hash is locked and unlocked using the internal Script language in Bitcoin.
But ultimately it's easiest to think of an address as a human-friendly encoding of a public key.
Addresses are not used internally in bitcoin. If you browse the raw data in the blockchain, you will only find public keys and signatures.
If you're interested in doing some Bitcoin programming for yourself, generating your own keys (and addresses) is a fun way to get started. Just be prepared to lose bitcoins if you do something wrong though… don't ask me how I know.
But if you're careful you should be fine.





