Bitcoin Keys and Addresses

Understanding Bitcoin keys and addresses is fundamental to mastering cryptocurrency security and transaction mechanics. This comprehensive guide explores the inner workings of private keys, public keys, and various Bitcoin address formats, including P2PKH, P2SH, Bech32, and Bech32m. We’ll also walk through key generation processes with practical Python implementations, ensuring you grasp both theory and application.

Whether you're a developer, investor, or blockchain enthusiast, this article equips you with the technical knowledge needed to navigate Bitcoin’s cryptographic foundation securely.

👉 Discover how to manage your crypto assets safely using advanced wallet tools.

Understanding Bitcoin Private Keys

At the heart of every Bitcoin wallet lies the private key—a secret number that proves ownership of funds. It's generated as a random 256-bit integer within a massive range defined by the elliptic curve secp256k1. The order $ n $ of this curve is:

n = FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE BAAEDCE6 AF48A03B BFD25E8C D0364141

This astronomical number ensures that guessing someone else’s private key is practically impossible.

Private Key Encoding Formats

While a private key is fundamentally just a large integer, it can be represented in several standardized formats for usability and compatibility:

• Hexadecimal (Hex): Raw 32-byte format.
• Wallet Import Format (WIF): Base58Check-encoded, starts with 5.
• WIF-compressed: Also Base58Check-encoded but includes a compression flag; starts with K or L.

For example:

Despite its name, WIF-compressed results in a longer string due to an added 0x01 suffix before encoding.

How WIF Encoding Works

WIF uses Base58Check encoding to prevent common transcription errors. Here's the step-by-step process:

1. Prepend version byte (0x80 for mainnet).
2. Append 0x01 if compressed.
3. Double-SHA256 to generate a 4-byte checksum.
4. Concatenate and encode with Base58.

This ensures human-readable, error-resistant private key representation.

Generating and Using Public Keys

A public key is derived from the private key via elliptic curve multiplication:
$$ K = k \cdot G $$
where $ k $ is the private key and $ G $ is the base point on the secp256k1 curve.

Public keys come in two forms:

Uncompressed vs Compressed Public Keys

• Uncompressed: Starts with 04, followed by concatenated X and Y coordinates (65 bytes total).
• Compressed: Starts with 02 (Y even) or 03 (Y odd), includes only X coordinate (33 bytes).

Why compression works: Given $ y^2 = x^3 + 7 $, knowing $ x $ allows calculation of two possible $ y $ values. The prefix indicates which one is correct.

👉 Learn how public key cryptography secures your digital transactions today.

Python Implementation: Deriving Public Keys

import ecdsa

def derive_public_key(private_key: bytes, compressed: bool = False) -> bytes:
    Q = int.from_bytes(private_key, 'big') * ecdsa.SECP256k1.generator
    x = Q.x().to_bytes(32, 'big')
    y = Q.y().to_bytes(32, 'big')
    if compressed:
        prefix = b'\x02' if Q.y() & 1 == 0 else b'\x03'
        return prefix + x
    return b'\x04' + x + y

This function computes a valid public key from any given private key in hexadecimal form.

Bitcoin Address Types Explained

Bitcoin addresses are derived from public keys and serve as recipients for transactions. Multiple formats exist to support evolving protocol features like SegWit and Taproot.

P2PKH – Pay-to-Public-Key-Hash (Legacy)

These start with 1 and are based on hashing the public key:

1. SHA-256 hash of public key.
2. RIPEMD-160 of the SHA-256 result.
3. Add version byte (0x00 for mainnet).
4. Double-SHA256 for checksum.
5. Base58Check encode.

Result: 1J7mdg5rbQyUHENYdx39WVWK7fsLpEoXZy

Each private key generates two P2PKH addresses—one from compressed and one from uncompressed public keys—both valid.

P2SH – Pay-to-Script-Hash (Wrapped SegWit)

Addresses starting with 3 wrap a redeem script hash. Common use: P2SH-P2WPKH, enabling SegWit benefits while maintaining backward compatibility.

Steps:

1. Create a redeem script: OP_0 <RIPEMD160(SHA256(compressed_pubkey))>
2. Hash it twice (SHA-256 then RIPEMD-160).
3. Version byte 0x05, checksum, Base58Check encode.

Example: 3FyC6EYuxW22uj4CaEGjNCjxeg7gHyFeVv

Bech32 – Native SegWit (bc1q)

Introduced in BIP173, Bech32 addresses begin with bc1q. They offer better efficiency and lower fees.

Structure:

• Human-readable part (bc for mainnet)
• Separator (1)
• Data payload (Bech32 Base32 encoding)
• Checksum

For P2WPKH:

• Witness version: 0
• Program: RIPEMD-160(SHA-256(pubkey))

Result: bc1qw508d6qejxtdg4y5r3zarvary0c5xw7kv8f3t4

Fixed length: 42 characters

Bech32m – For Taproot (bc1p)

Defined in BIP350, Bech32m fixes a flaw in Bech32 where certain character insertions go undetected.

Used for:

• P2TR (Pay-to-Taproot) addresses
• Witness versions ≥ 1

Starts with bc1p, uses modified checksum constant (BECH32M_CONST). Example: bc1p...

Unlike earlier types, P2TR does not use a hash of the public key directly—it uses a tweaked public key derived via BIP340/BIP341 logic.

ScriptPubKey and Address Mapping

Each address type corresponds to a specific locking script (scriptPubKey) that defines how funds can be spent:

You can often infer the address type by examining the locking script in a blockchain explorer.

Address Security Best Practices

Even if quantum computers break ECDSA someday, your funds may still be safe—if you follow good practices.

🔐 A Bitcoin address reveals only the hash of a public key—not the public key itself.

Your public key is only exposed when you spend funds. Until then, even if ECDSA were compromised, attackers couldn’t derive your private key without seeing the public key.

✅ Best Practice: After spending from an address, move remaining balance to a new address that has never been used to send funds.

Frequently Asked Questions (FAQ)

Q: Can one private key control multiple Bitcoin addresses?

Yes. A single private key can generate both compressed and uncompressed public keys, each leading to a different P2PKH address. Additionally, it can produce P2SH-P2WPKH and Bech32/Bech32m addresses.

Q: What is the difference between WIF and WIF-compressed?

WIF-compressed includes an extra 0x01 byte before Base58Check encoding, indicating the corresponding public key should be compressed. It doesn't compress the private key itself.

Q: Why do Bech32 addresses start with 'bc1q'?

The prefix bc is the human-readable part for Bitcoin mainnet; 1 is the separator; q indicates witness version 0 (P2WPKH). Together, they ensure format clarity and error detection.

Q: Is it safe to reuse Bitcoin addresses?

No. Reusing addresses compromises privacy and increases risk if cryptographic weaknesses emerge. Always use new addresses for receiving funds.

Q: How do I protect my private key?

Never share it, avoid screenshots or cloud storage, use hardware wallets, and consider BIP38 encryption (6P... keys) for offline backups.

Q: What happens if I send Bitcoin to a Bech32m address?

It’s fully supported by modern wallets and miners. Transactions are valid and benefit from improved error detection compared to Bech32.

👉 Secure your private keys with industry-leading wallet solutions now.

Conclusion

Bitcoin’s security model relies on robust cryptography—from private keys to address derivation. Understanding formats like WIF, P2PKH, P2SH, Bech32, and Bech32m empowers users to manage funds safely across different wallet types and network upgrades.

As Bitcoin evolves with Taproot and beyond, staying informed about these mechanisms ensures long-term security and compatibility.

By mastering these concepts, you're not just learning about addresses—you're unlocking the foundation of trustless digital ownership.

Core Keywords: Bitcoin private key, Bitcoin public key, Bitcoin address types, WIF encoding, P2PKH, P2SH, Bech32, Bech32m