Public Key Hash
The hash of a public key, to shorten it.
public key hash is a hashed version of your
It’s the version of your public key that you give to other people so that they can send you bitcoins. It’s shorter than the original public key, and it may provide an extra layer of security for your bitcoins compared to giving out your public key directly.
It’s also basically the “raw” version of an
Try it! - Generate Public Key Hash
How do you create a
public key hash?
Just take your
public key and put it through the
RIPEMD160 hash functions:
publickey = 02b4632d08485ff1df2db55b9dafd23347d1c47a457072a1e87be26896549a8737 hash160(publickey) = 93ce48570b55c42c2af816aeaba06cfee1224fae
Why do we use RIPEMD160?
Because RIPEMD160 produces a 160 bit (
20 byte) digest, which is smaller than the original public key (
65 bytes uncompressed,
33 bytes compressed).
This means that the eventual
address we create from it will contain fewer characters than a full public key, making easier to pass around.
The reason that we use it in conjunction with
SHA256 is because
RIPEMD160 is not the strongest hash function on its own.
How is the
public key hash used in Bitcoin?
When you want to receive bitcoins, you give someone your
public key hash. They will then put this in to the locking code of a transaction output.
This creates a P2PKH locking script.
Then, when you want to unlock these bitcoins (to send them to someone in a new transaction), you just put your original
public key along with a digital signature in to the input’s unlocking code.
So when a node comes to validate this transaction, it will:
- Check that the
public keyprovided hashes correctly to the
public key hash.
- If that checks out, they will then validate the
public keyas usual.
So instead of just checking a
signature against a
public key (as in a P2PK lock), there is one extra step that checks the hash of the public key beforehand.
This is why this type of locking system is referred to as P2PKH.
'digest' # Hash Functions Library require '02b4632d08485ff1df2db55b9dafd23347d1c47a457072a1e87be26896549a8737' publickey = "H*") # Convert to binary first before hashing binary = [publickey].pack(Digest::SHA256.digest(binary) sha256 = Digest::RMD160.digest(sha256) ripemd160 = "H*") # Convert back to hex hash160 = ripemd160.unpack( # 93ce48570b55c42c2af816aeaba06cfee1224faeputs hash160
Why do we hash the
Because that’s the way transactions were designed to work when Satoshi developed Bitcoin.
The original reason why addresses were public key hashes is something you’ll need to ask Satoshi. - Pieter Wuille
It may have been because Satoshi was not originally aware that you could use compressed public keys (
33 bytes instead of
65 bytes), so hashing the public key was a way to create a much shorter (
20 byte) version of it to give to other people.
To make Bitcoin Addresses short, they are a hash of the public key. - Satoshi Nakamoto
Alternative Theory: Extra Security
An alternative theory is that using the Hash160 provides an extra layer of security.
For example, if we immediately give away our public key when we want to receive bitcoins, the “only” thing protecting you from attackers trying to get to your private key is the elliptic curve.
However, if we give out a hashed version of our public key instead, attackers would have to crack both the
SHA256 hash functions, as well as deal with the elliptic curve problem.
So basically, whilst you have bitcoins sitting in the blockchain, the hash functions act as extra hurdles that attackers must jump over to try and get to our private key (and steal our bitcoins).
So is the elliptic curve not enough protection?
It’s actually excellent protection.
Thanks to the properties of elliptic curve multiplication, it’s impossibly difficult to go backwards from a public key to a private key. This is known as the “elliptic curve discrete logarithm problem”.
However, if by some miracle this problem is solved, there are still two different hash functions to fall back on to protect our private key.
But don’t you still give away your public key?
Yes. But in this system your public key is only given away at the last moment (when you come to spend your bitcoins).
The theory is that if someone wants to deduce your private key, they will have a small amount of time to do it before your transaction propagates the network and gets mined in to a block. Therefore, this is more secure than leaving your public key exposed from the start.
- Thanks to Pieter Wuille for explaining why we use the hash of a public key instead of the original public key.