Hash160(Public Key)

Hash160(Public Key)

The Hash160(Public Key) is a hashed version of your public key.

It's the version of your public key that you give to other people so that they can send you bitcoins. It's shorter than the original public key, and it may provide an extra layer of security for your bitcoins compared to giving out your public key directly.

It's also basically the "raw" version of an address.

How do you create a Hash160 Public Key?

Just take your public key and put it through the SHA256 and RIPEMD160 hash functions:

It's called hash160(publickey) because it's easier than saying RIPEMD160(SHA256(publickey)).

It's called hash160(publickey) because it's easier than saying RIPEMD160(SHA256(publickey)).

That's it.

Example:

publickey          = 02b4632d08485ff1df2db55b9dafd23347d1c47a457072a1e87be26896549a8737
hash160(publickey) = 93ce48570b55c42c2af816aeaba06cfee1224fae

Why do we use RIPEMD160?

Because RIPEMD160 produces a 160 bit (20 byte) digest, which is smaller than the original public key (65 bytes uncompressed, 33 bytes compressed).

This means that the eventual address we create from it will contain fewer characters than a full public key, making easier to pass around.

The reason that we use it in conjunction with SHA256 is because RIPEMD160 is not the strongest hash function on it's own.

How is the Hash160 Public Key used in Bitcoin?

When you want to receive bitcoins, you give someone your Hash160(Public Key). They will then put this in to the locking code of a transaction output.

This creates a P2PKH locking script.

Then, when you want to unlock these bitcoins (to send them to someone in a new transaction), you just put your original public key along with a digital signature in to the input's unlocking code.

So when a node comes to validate this transaction, they will:

  1. Check that the public key provided hashes correctly to the Hash160(Public Key).
  2. If that checks out, they will then validate the signature against the public key as usual.

So instead of just checking a signature against a public key (as in a P2PK lock), there is one extra step that checks the hash of the public key beforehand.

This is why this type of locking system is referred to as P2PKH.

Code

require 'digest' # Hash Functions Library

publickey = '02b4632d08485ff1df2db55b9dafd23347d1c47a457072a1e87be26896549a8737'

binary = [publickey].pack("H*") # Convert to binary first before hashing
sha256 = Digest::SHA256.digest(binary)
ripemd160 = Digest::RMD160.digest(sha256)
hash160 = ripemd160.unpack("H*")[0] # Convert back to hex

puts hash160 # 93ce48570b55c42c2af816aeaba06cfee1224fae

FAQ

Why do we use a Hash160 Public Key?

Because that's the way bitcoin transactions were designed to work when Satoshi developed Bitcoin.

The original reason why addresses were public key hashes is something you'll need to ask Satoshi. - Pieter Wuille

It may have been because Satoshi was not originally aware that you could use compressed public keys (33 bytes instead of 65 bytes), and so hashing the public key was a way to create a much shorter (20 bytes) version of it to give to other people.

Alternate Theory: Extra Security

An alternate theory is that using the Hash160 provides an extra layer of security.

For example, if we immediately give away our public key when we want to receive bitcoins, the "only" thing protecting you from attackers trying to get to your private key is the elliptic curve.

It's impossibly difficult to work backwards from elliptic curve multiplication to get the private key, but you can try.

It's impossibly difficult to work backwards from elliptic curve multiplication to get the private key, but you can try.

However, if we give out a hashed version of our public key instead, attackers would have to crack both the RIPEMD160 and SHA256 hash functions, as well as deal with the elliptic curve problem.

Now you've got two different hash functions to crack as well.

Now you've got two different hash functions to crack as well.

So basically, whilst you have bitcoins sitting in the blockchain, the hash functions act as extra hurdles that attackers must jump over to try and get to our private key (and steal our bitcoins).

So is the elliptic curve not enough protection?

It's actually excellent protection.

Thanks to the properties of elliptic curve multiplication, it's impossibly difficult to go backwards from a public key to a private key. This is known as the "elliptic curve discreet logarithm problem".

However, if by some miracle this problem is solved, there are still two different hash functions to fall back on to protect our private key.

But don't you still give away your public key?

Yes. But in this system your public key is only given away at the last moment (when you come to spend your bitcoins).

The theory is that if someone wants to deduce your private key, they will have a small amount of time to do it before your transaction propagates the network and gets mined in to a block. Therefore, this is more secure than leaving your public key exposed from the start.

Thanks

By Greg Walker,

Last Updated: Mar 14 2018
  • Mar 14 2018: glossary/address - Publishing (added links to it across glossary)
  • Mar 13 2018: Made ticker bigger (now that I've got more header space
  • Mar 13 2018: public-key-hash160 - added quote from Pieter Wuille
  • Mar 12 2018: Hash160(Public Key)