Bitcoin transactions must have a valid signature to be stored in the block, so if you have the key, you have the bitcoin in the corresponding account. Keys all appear in pairs, consisting of a public key and a private key. The public key is equivalent to the bank account number, and the private key is equivalent to the bank card password. In general, the key is managed by wallet software, and users do not use the key directly.
Bitcoin addresses are usually calculated from public keys or bitcoin scripts.
The private key of bitcoin is usually a number, which is randomly generated by the bitcoin system (because the reliability of the algorithm is positively related to randomness, which must be true random and not pseudo-random, so the bitcoin system can be used as a random source), and then the private key is used as input, and the one-way encryption function of elliptic curve algorithm generates the corresponding public key, and then the public key is used as input, and the one-way encryption hash function generates the address. For example, the calculation method of obtaining the address a through the public key K is as follows:
SHA256 and PIPEMD 160 are called double hash or HASH 160, and Base58Check is a Base58 code with verification function. The verification method is to calculate the verification code of the original data (before encoding), and then compare the verification codes of the encoded data. If they are the same, the address is valid, otherwise it is invalid. Before using Base58Check encoding, data needs to be processed.
Processing method: version prefix+double hash data+check code.
The version prefix is user-defined. For example, the prefix of the private key of Bitcoin is 0x80, and the check code is to splice the version prefix and the data after double hashing, and perform SHA256 calculation twice, taking the first 4 bytes. After getting the processed data, Base58 coding is carried out to get the final result.
The following figure is the result of Base58Check version prefix and Base58 encoding.
The key can be encoded in different formats, and the encoding result is different, but the key itself has not changed. Which encoding format is adopted depends on the situation, and the ultimate goal is to facilitate people to use and identify keys accurately.
The following figure shows the results of different encoding methods for the same private key:
There are many formats of public keys, but the most important thing is that public keys are divided into compressed format and uncompressed format. The public key with prefix 04 is the public key in uncompressed format, and the public keys with prefixes 03 and 02 identify the compressed format.
As mentioned above, the public key is a point on the elliptic curve, which is represented by a pair of coordinates (x, y). With the prefix, the public key can be represented as: prefix x y.
For example, the coordinates of the public key are:
Taking the uncompressed format as an example, the public key is (slightly longer):
The public key in compressed format can save a certain amount of storage. For thousands of bitcoin transaction records every day, this little savings can play a big role.
Because the elliptic curve is actually an equation (y2 mod p = (x3+7)mod P, y2 is the square of y and x3 is the cube of x), and the public key is a point on the elliptic curve, then the public key is a solution of the equation. If only X is kept in the public key, Y can be obtained by solving the equation, while the compressed public key format has two prefixes because if y2 is square, two positive and negative solutions will be obtained, both of which are limited to the order of prime number P..
So the public key in compressed format can be expressed as: prefix X.
Take the coordinates of the above public key as the standard, take y as an odd number as an example, and the public key k is:
I don't know if you have noticed that there is a problem with this compression method, that is, a private key can generate two public keys, compressed and uncompressed, and the two public keys correspond to the same private key, which is legal, but the generated bitcoin addresses are different, which involves the realization of wallet software, whether to use compressed public keys or uncompressed public keys, or both, which will be introduced later.
The main function of Bitcoin wallet is to keep the private key of Bitcoin for users. There are many kinds of bitcoin wallets, such as non-deterministic (random) wallets and deterministic (seed) wallets. The so-called uncertainty means that the wallet will generate enough private keys (for example, 100 private keys) when it is running, and each private key is only used once, so private key management is very troublesome. Deterministic wallet has a common seed, which is used by one-way discrete equation to generate private key. The seed is enough to recover all private keys, so when creating wallets, input can be transferred between wallets through simple backup.
Here is a special introduction to mnemonic vocabulary. Mnemonic vocabulary is an English word sequence proposed by BIP0039. These sequences correspond to the seeds in the wallet. Seeds can generate random numbers, random numbers generate private keys, and private keys generate public keys. You have everything you need. So word order is the backup of wallet, and wallet can be reconstructed by mnemonic vocabulary, which is much better than writing down a string of random numbers.
BIP0039 defines mnemonics and seeds as follows:
Another important wallet is called HD wallet. HD wallet provides random (uncertain) keys with two main advantages.
First, the tree structure can be used to express additional organizational meanings. For example, when the subkey of a particular branch is used to receive transaction income, and the subkey of another branch is used to pay fees. In the enterprise environment, you can use the keys of different branches, which can dominate different branches, subsidiaries, specific functions and accounting categories.
Second, it can allow users to establish public key sequences without accessing the corresponding private keys. This may allow HD wallets to be used in insecure servers, or different public keys to be issued in each transaction. The public key does not need to be preloaded or exported in advance, but there is no private key available for payment in the server.
BIP0038 puts forward a general standard, which encrypts the private key with a password and encodes the encrypted private key with Base58Check, so that the encrypted private key can be safely stored in backup media, safely transmitted between wallets, and the security of the key can be maintained under any possible exposure. This encryption standard uses AES established by NIST and is widely used for data encryption in commercial and military applications.
BIP0038 encryption scheme is: enter a bitcoin private key, usually using the prefix "5" of the WIF-encoded base58chek string. In addition, the BIP0038 encryption scheme requires a long password, which usually consists of multiple words or complex alphanumeric strings. The result of BIP0038 encryption scheme is an encrypted private key encoded by base58check with the prefix 6P. If you see a key that starts with 6P, it means that the key is encrypted, and you need a password to convert (decode) the key back to the private key (prefix 5) that can be used in any wallet WIF format. Now many wallet apps can recognize the private key encrypted by BIP0038, and will ask users to provide password decoding and import keys.
The most common key use case using BIP0038 encryption is to back up the private key on a paper purse. As long as the user chooses a strong password, the paper wallet with the private key encrypted by BIP0038 is extremely safe, which is also a great offline storage method of Bitcoin (also known as "cold storage").
The P2SH function is most commonly used in multi-signature address scripts. As the name implies, the underlying script needs multiple signatures to prove ownership before it can consume funds. This is similar to opening a joint account in a bank.
A special bitcoin address can be generated by calculation. For example, I need an address that starts with Hello, and you can generate such an address through a script. However, every time a character is added, the amount of calculation will increase by 58 times, exceeding 7 characters, which requires special hardware or mining machine to generate. If it is 8~ 10 characters, the amount of calculation will be unimaginable.