# Public Key Hash

The hash of a public key, to shorten it.

The ** public key hash** is a hashed version of your

`public key`

.It’s the version of your public key that you give to other people so that they can send you bitcoins. It’s **shorter** than the original public key, and it may provide an **extra layer of security** for your bitcoins compared to giving out your public key directly.

It’s also basically the “raw” version of an `address`

.

#### Try it! - Generate Public Key Hash

## How do you create a `public key hash`

?

Just take your `public key`

and put it through the `SHA256`

and `RIPEMD160`

hash functions:

That’s it.

**Example:**

```
publickey = 02b4632d08485ff1df2db55b9dafd23347d1c47a457072a1e87be26896549a8737
hash160(publickey) = 93ce48570b55c42c2af816aeaba06cfee1224fae
```

### Why do we use RIPEMD160?

Because RIPEMD160 produces a 160 bit (`20 byte`

) digest, which is smaller than the original public key (`65 bytes`

uncompressed, `33 bytes`

compressed).

This means that the eventual `address`

we create from it will contain fewer characters than a full public key, making easier to pass around.

The reason that we use it in conjunction with `SHA256`

is because `RIPEMD160`

is not the strongest hash function on it’s own.

## How is the `public key hash`

used in Bitcoin?

When you want to receive bitcoins, you give someone your `public key hash`

. They will then put this in to the locking code of a transaction output.

This creates a P2PKH locking script.

Then, when you want to unlock these bitcoins (to send them to someone in a new transaction), you just put your *original* `public key`

along with a **digital signature** in to the input’s unlocking code.

So when a node comes to validate this transaction, they will:

- Check that the
`public key`

provided hashes correctly to the`public key hash`

. - If that checks out, they will then validate the
`signature`

against the`public key`

as usual.

So instead of just checking a `signature`

against a `public key`

(as in a P2PK lock), there is one **extra step that checks the hash of the public key** beforehand.

This is why this type of locking system is referred to as P2PKH.

## Code

```
require 'digest' # Hash Functions Library
publickey = '02b4632d08485ff1df2db55b9dafd23347d1c47a457072a1e87be26896549a8737'
binary = [publickey].pack("H*") # Convert to binary first before hashing
sha256 = Digest::SHA256.digest(binary)
ripemd160 = Digest::RMD160.digest(sha256)
hash160 = ripemd160.unpack("H*")[0] # Convert back to hex
puts hash160 # 93ce48570b55c42c2af816aeaba06cfee1224fae
```

## FAQ

##
Why do we use a `public key hash`

?

Because that’s the way bitcoin transactions were designed to work when Satoshi developed Bitcoin.

The original reason why addresses were public key hashes is something you’ll need to ask Satoshi. - Pieter Wuille

It may have been because Satoshi was not originally aware that you could use compressed public keys (`33 bytes`

instead of `65 bytes`

), and so hashing the public key was a way to create a much shorter (`20 byte`

) version of it to give to other people.

### Alternate Theory: Extra Security

An alternate theory is that using the Hash160 provides an extra layer of security.

For example, if we immediately give away our public key when we want to receive bitcoins, the “only” thing protecting you from attackers trying to get to your private key is the elliptic curve.

However, if we give out a hashed version of our public key instead, attackers would have to crack both the `RIPEMD160`

and `SHA256`

hash functions, *as well as* deal with the elliptic curve problem.

So basically, whilst you have bitcoins sitting in the blockchain, the hash functions act as extra hurdles that attackers must jump over to try and get to our private key (and steal our bitcoins).

#### So is the elliptic curve not enough protection?

It’s actually excellent protection.

Thanks to the properties of elliptic curve multiplication, it’s impossibly difficult to go backwards from a public key to a private key. This is known as the “elliptic curve discreet logarithm problem”.

However, if by some miracle this problem is solved, there are still two different hash functions to fall back on to protect our private key.

#### But don’t you still give away your public key?

Yes. But in this system your public key is only given away at the last moment (when you come to spend your bitcoins).

The theory is that if someone wants to deduce your private key, they will have a small amount of time to do it before your transaction propagates the network and gets mined in to a block. Therefore, this is more secure than leaving your public key exposed from the start.

## Thanks

- Thanks to Pieter Wuille for explaining why we use the hash of a public key instead of the original public key.