Understanding Public Keys and Addresses in Blockchain

Introduction

In blockchain technology, public keys and addresses are fundamental cryptographic components that enable secure transactions. While often confused, they serve distinct purposes in the process of sending and receiving digital assets. This guide explains their technical foundations, relationships, and practical applications in networks like Bitcoin.

The Role of Public Keys

A public key is derived from a private key using cryptographic algorithms. In Bitcoin's implementation, the Elliptic Curve Digital Signature Algorithm (ECDSA) is used to generate this key pair.

The private key is essentially a 256-bit integer. Through ECDSA, this private key produces two 256-bit integers known as the uncompressed public key, represented as (x, y). Due to the properties of the elliptic curve, the y-coordinate can be determined from the x-coordinate if the parity (even or odd nature) of y is known.

This characteristic allows the creation of a compressed public key format. Instead of storing both x and y, the compressed public key stores only the x value, prefixed with 02 or 03 to indicate the parity of the missing y. This results in a 33-byte compressed public key, making it more efficient for storage and transmission.

Uncompressed public keys are rarely used in modern implementations because they require more data in transaction scripts, increasing overhead.

Generating a Public Key from a Private Key

Here's a conceptual overview of how public key derivation works in practice:

const bitcoin = require('bitcoinjs-lib');
let
 wif = 'KwdMAjGmerYanjeui5SHS7JkmpZvVipYvB2LJGU1ZxJwYvP98617',
 ecPair = bitcoin.ECPair.fromWIF(wif); // Import the private key
// Calculate the public key:
let pubKey = ecPair.getPublicKeyBuffer(); // Returns a Buffer object
console.log(pubKey.toString('hex')); // Outputs a compressed public key starting with 02 or 03

After creating an ECPair object from the private key, the getPublicKeyBuffer() method returns the public key data. It's crucial to understand that while public keys are derived from private keys, the reverse is computationally infeasible—a core feature of asymmetric cryptography.

Understanding Blockchain Addresses

A blockchain address is not the same as a public key. Instead, it is a cryptographic hash of the public key. This means you can generate an address from a public key, but you cannot reverse-engineer the public key from the address alone, thanks to the one-way nature of hash functions.

How Addresses are Generated

For a compressed public key (33 bytes), the address generation process involves several steps:

1. Perform a Hash160 operation on the public key data. This means first applying the SHA-256 algorithm and then the RIPEMD-160 algorithm to the result. This yields a 20-byte hash.
2. Add a version prefix byte (e.g., 0x00 for Bitcoin mainnet) to this 20-byte hash, resulting in a 21-byte payload.
3. Calculate a 4-byte checksum by hashing the 21-byte payload with SHA-256 twice and taking the first 4 bytes.
4. Append this checksum to the 21-byte payload, resulting in a total of 25 bytes.
5. Finally, encode this 25-byte data into a Base58 string, which produces the familiar address that begins with the number 1.

The structure of the data before encoding looks like this:
`0x00 hash160 check
┌─┬──────────────────────┬─────┐
│1│ 20 │ 4 │
└─┴──────────────────────┴─────┘`

Code Example: Public Key to Address

You can generate an address directly from a public key without the private key:

const bitcoin = require('bitcoinjs-lib');
let
 publicKey = '02d0de0aaeaefad02b8bdc8a01a1b8b11c696bd3d66a2c5f10780d95b7df42645c',
 ecPair = bitcoin.ECPair.fromPublicKeyBuffer(Buffer.from(publicKey, 'hex')); // Import public key
// Calculate the address:
let address = ecPair.getAddress();
console.log(address); // An address starting with '1'

The resulting address, starting with '1', is a safe identifier to share for receiving payments. It is impossible to tell from the address alone whether it was generated from a compressed or uncompressed public key.

The Relationship Between Keys and Addresses

The cryptographic chain linking these elements is foundational to blockchain security:

• A private key generates a public key.
• A public key generates a public address.
• The process is irreversible. You cannot derive the public key from the address nor the private key from the public key.

This one-way relationship is visualized below:

┌───────────┐ ┌───────────┐
│Private Key│─────▶│Public Key │
└───────────┘ └───────────┘
 ▲ │
 │ │
 ▼ ▼
┌───────────┐ ┌───────────┐
│ WIF │ │ Address │
└───────────┘ └───────────┘

When funds are spent from an address, the corresponding public key is revealed on the blockchain as part of the transaction's unlocking script. Until that point, the public key remains private, while the address is public.

👉 Explore more strategies for secure key management

Frequently Asked Questions

What is the main difference between a public key and an address?
A public key is a cryptographic key derived from your private key and is used to verify digital signatures. An address is a shorter, hashed representation of the public key that serves as your public identifier on the blockchain for receiving funds. The key difference is that the address is a hash, making it a one-way derivative of the public key.

Why are compressed public keys more common?
Compressed public keys are only 33 bytes long, compared to 65 bytes for uncompressed keys. This smaller size reduces the data footprint of transactions, leading to lower transaction fees and less blockchain bloat, which is why they are the modern standard.

Is it safe to share my public key?
While it is generally safe, as no one can derive your private key from it, sharing your public key unnecessarily can reduce privacy. Anyone with your public key can view all transactions associated with its address on the public ledger. It is best practice to share only your address for receiving funds.

Can two different public keys generate the same address?
The probability of a hash collision, where two different public keys produce the same address, is astronomically low due to the strength of the RIPEMD-160 and SHA-256 algorithms. For all practical purposes, each public key will generate a unique address.

What does a Bitcoin address starting with '1' signify?
An address starting with '1' is a legacy Pay-to-Public-Key-Hash (P2PKH) address on the Bitcoin mainnet. This prefix is part of the version byte added before hashing and helps identify the network and address type.

Do all cryptocurrencies use the same key and address format?
No, different blockchain networks often use different cryptographic algorithms, prefix bytes, and encoding schemes. For example, Ethereum addresses are derived differently and start with '0x'. Always use the correct format for the specific network you are interacting with.

Conclusion

Public keys and addresses are critical for functionality and security in blockchain networks. The public key is derived from a private key using ECDSA and can be represented in compressed or uncompressed form. The address is a hashed version of the public key, designed for safe and efficient sharing. The one-way nature of these relationships ensures that funds can be received securely with an address and spent only with the corresponding private key.

Understanding this hierarchy is essential for anyone looking to deepen their knowledge of how blockchain technology operates under the hood. Proper key management is the cornerstone of security in the digital asset space.

👉 View real-time tools for blockchain development