Topic: Relationship with private keys, public keys and addresses (Read 164 times)

Just to fill in answers to the two questions which haven't been answered yet:

The numbers from your entropy are grouped together in to 11 bit sections and then encoded in to words to give you a seed phrase as you say.
This seed phrase is then passed in to a series of hash functions to generate all the private keys in your wallet.
The private keys themselves are not encoded in to words like this, and are instead expressed as strings of characters in various formats.

There is a good step by step guide for this process in this thread by user Coding Enthusiast: Step by step guide to go from public key to a Bech32 encoded address

• Check this chapter, Key Addresses from Mastering Bitcoin, second edition
• You can add this graphic to support one point in your OP.

Thanks all for your feedback I have a bit more reading to do before bringing this all together...I will be back

Erm, not exactly. If you have a private key equal to one, your public key is not x=1. It is G. And then, if you have a private key "d", then your public key is "d*G".

Those numbers are "real" X,Y coordinates. They are just written in base16, so you have 16 "digits" from "0123456789ABCDEF", instead of 10 digits from 0 to 9.

Yes, it is hex number. It is random, the exact way of getting random numbers depends on Random Number Generator (RNG).

The same type of address has always the same length, if you think about bits. It may be different under base58, just because this base is not aligned with base2 (binary 0,1). For base32, it is aligned, because 2^5=32, so each bech32 address of the same type has the same number of characters.

One seed is enough to get a lot of addresses. If you have one random seed and one non-random algorithm of getting new addresses, you just backup your seed. If you have a wallet where all addresses are random and there is no seed, then you have to backup all addresses.

Private keys do not have a minimum length and can be as small as 1 (but not 0). I think you got it confused with seed phrase entropy - that has nothing to do with private keys, and can be between 128 (= 12 seed words) bits and 512 (= 48 seed words) bits long, but this passes through HMAC SHA512 (I incorrectly wrote HMAC SHA256 above) to make the master private key.

There are a few python libraries on Github which exist that convert seed phrase entropy (again, not private keys) to words. A quick search should reveal them as I don't know any off the top of my head at the moment.


Yes.



All newer types of address will use Bech32. Obviously, the old 1- and 3- addresses still need to use Base58 for compatibility reasons.


That's because the number is in hexadecimal. In decimal, the coordinates would be

55066263022277343669578718895168534326250603453777594175500187360389116729240 (x)
and
32670510020758816978083085130507043184471273380659243275938904335757337482424 (y)

Thank you again for guiding me through this

You are correct that a private key is a 256-bit number. But this private key is not related to the list of words we call a mnemonic phrase (also called by some people as a seed phrase).

A mnemonic phrase is, as you probably figured out, a group of 12 or 24 words which encode some entropy. The length of the entropy depends on the number of words. So for example, 12 words encode 128 bits of entropy and 24 words encode 256 bits. Also, the number of words can be a multiple of 3, but this is extremely rare to see in practice so I'll just ignore it here.

This entropy is hashed using HMAC-SHA512 (NOT HMAC-SHA256) to get the master private key.

The master private key is the root of a tree of addresses/private keys. A set of cryptographic operations, including hashing, is performed to derive a branch (also called extended key) from the root (master private key). This master private key resembles any other private key and as such you can compute the public key for it in the same way, which is called the master public key.


Most wallets will create 1 to 4 branches before creating the "leaf" keys which are your actual private keys and public key/addresses. Actually, calling it a leaf is misleading because even these keys can derive more "branches" of private keys too, using the same process.

This image from the BIP32 specification should make matters clearer:





Segwit addresses beginning with bc1 are encoded using Bech32 instead of Base58check.



Their coordinates in hex form are:

79BE667E F9DCBBAC 55A06295 CE870B07 029BFCDB 2DCE28D9 59F2815B 16F81798 (x)
483ADA77 26A3C465 5DA4FBFC 0E1108A8 FD17B448 A6855419 9C47D08F FB10D4B8 (y)


It confused me too when I was learning. But the multiplier before the G is a 256-bit number (well actually, a tiny little smaller than 256 bits but that will make things confusing). So your private key - which by the way is still a number, remember that - can be used as the factor to multiply G with.

For example

if your private key was


21492362582632841231294160590348628345891189  (hex)

Then you multiply this number by G to get your public key.


Only the address hash is 160 bits long. Remember you encode the address using Base58check or Bech32 so the final length in characters becomes much smaller.


Using seed phrases, the entropy inside them, and the generated master private key, a very large number of keys can be derived from it (and even more keys derived from the children etc...) as I explained above.

[edit - pooya87 posted most of this stuff but due to lag I did not notice]

These are two different topics.
Your private key is a random number between 1 and the elliptic curve's order which is slightly less than 2²⁵⁶.
What we use in BIP39 is an entropy (random bit stream) that can have a size between 128 and 256. Its integral value is not important (in other words, your entropy can be equal to 2²⁵⁶ whereas your private key can not). Then we use this entropy to derive private keys.

Private key is an integer, so it doesn't have coordinate. The public key is a point on (x,y) so it has coordinates.
We multiply generator point by this number.

To be clear we only add a single byte at the beginning of the hash then encode that to get 1 or 3 automatically.
Also this is the process of creating legacy addresses. The new addresses known as Bech32 use a different encoding algorithm of the same name.

It was only unclear about some details.

It can be found here and is called G: https://en.bitcoin.it/wiki/Secp256k1

Technically we have to compute k*G meaning if your private key is equal to 5 then we compute 5*G.
There are simpler ways of computing this multiplication which are explained here: https://en.wikipedia.org/wiki/Elliptic_curve_point_multiplication
You can also read this to understand ECC better: https://blog.cloudflare.com/a-relatively-easy-to-understand-primer-on-elliptic-curve-cryptography/

You forgot to ask the question.

Initially they were just creating random keys using the cryptography random generator the programming language and operating system offered. So each time you created a new key it would be random.
Then due to some issues associated with RNGs and issues with creating backup every time, wallets moved on to being "deterministic" meaning when you create the wallet for the first time it calls the RNG and creates a "seed" then every time you want a new key it deterministically produces one for you using that seed.
This makes the process reproducible (so you only need to created a backup once) and you only call RNG once.
You can read about the process here: https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki

Good morning!

So I have been looking into the relationship between private keys, public keys and addresses. Now I know this has been covered many times before, however I wanted to provide how I believe the relationships are to make sure I have not missed something...so here we go.

A Bitcoin Wallet contains a copy of your private key and public key.

Private Key

- A private key is a binary number consisting of 256 bits. (Which can also be shown as a 64 hexadecimal digit)
- This binary number can be split into 24 groups that by using a binary to decimal converter and the BIP39 word list will give you your recovery seed



Public Key
- A public key uses the coordinates of the private key(x,y) and multiplies this by the Generator point on the elliptical curve (y^2=x^3+7) multiplication; K=k*G (where G is always the same point on the curve for all Bitcoin )
- To arrive at the public key, another way to look at it is we have to multiple the Generator point by the 'private key number of times' as it bounces around the elliptical curve.
- This ensures you can only go one way and you cannot derive a private key from a public key without significant computing power (AKA Asymmetric Encryption)

Bitcoin Address
- The public key is then hashed with SHA256 and RIPEMD160 (or double hashed) to give you a public key hash (160-bit)
- This public key is then encoded as Base58check which uses 58 character, which then uses a 1 or 3 as a prefix to give you your final Bitcoin Address


Assuming the above is more or less accurate I have a couple of questions on the above, and apologies if the above has been covered elsewhere
1) What are the coordinates of the Generator point on the elliptical curve?
2) The multiplication of the generator point and the private key x times is what confuses me a little...so if you have the generator point with coordinates (a,b) , you would then multiple this by the 256 bit private key...so 2G...3G.....256G?
3) The Bitcoin address would then be 160 bit or 40 Hex character long address with a pre-fix of a 1 or 3....
4) How does a Wallet produce multiple addresses?

Hopefully the above does not have too many errors of my understanding, thanks in advance