Bitcoin Addresses

How are bitcoin addresses created and assigned?

The impetus to write this article came from a discussion with a relative. After I had already spent several hours explaining how bitcoin works, he asked me a question that I found peculiar at the time: How are bitcoin addresses assigned, and by whom? This made me realize that I hadn’t yet explained this properly, and that the term bitcoin “address” could be somewhat confusing for the uninitiated, as such term often refers to something which is assigned by a central party e.g. IP addresses are distributed by IANA to Internet operators, who in turn assign them to their customers.

So let’s clear up any misunderstanding right away: Bitcoin addresses are not assigned, and there is no authority in charge of distributing them to users of the bitcoin network. A bitcoin address is in fact derived mathematically from a private key, which itself is nothing more than a binary number consisting of 256 bits chosen at random.

So when someone wants to create a new bitcoin address, he/she simply chooses a new private key at random and calculates the corresponding public key from the private key and then calculates the address that corresponds to the public key using a hash function.

Since 2014 and the implementation of a certain type of bitcoin wallet called “hierarchical deterministic“, the random generation of private keys and their mathematically derived public keys and bitcoin addresses follows a standardized process, employed today by the majority of existing software and hardware wallet solutions (e.g. the hardware wallet of the brand Trezor that you can consult by clicking on this link).

Below we will explore this mechanism in more detail, as well as address some related questions such as “Can I restore my bitcoin wallet?“, “How can a single seed key represent my entire bitcoin wallet?

1. How are bitcoin addresses created?

A bitcoin address is a string of digits and characters which serves as a destination for bitcoin transactions. If you want to receive some bitcoins you’ll have to share your bitcoin address with the sender.

When you create a new bitcoin wallet, whether on a computer program or via a mobile application, the process is exactly the same: the machine first draws a 256-bit number (a bit is either 1 or 0) at random. This random generation requires 256 bits of entropy, which can either be generated by the machine via the machine’s random number generator, or by the user via dice or coin tosses for example, or by a combination of both. This number of 256 bits, called a seed, is thus selected randomly among a very large set of possible numbers (comment: the total number of possible combinations is equal to 2 to the power of 256, i.e. a number greater than the total number of atoms in the visible universe).

In general, the 256 bit seed is represented in the form of a combination of 12 or 24 mnemonic words, which allows the seed to be easily saved on different types of media (paper, metal, etc.). The seed, sometimes referred to as seed key, can later be used to regenerate your entire bitcoin wallet (i.e. all your key pairs and associated balances) if and when necessary. (e.g. in case of loss or malfunctioning of your hardware wallet).

From this seed (which, let’s remember, is ultimately nothing but a very large number), the software then derives mathematically a master private key, called extended private key. From this extended private key, the software then calculates an extended public key (called xpub, or ypub or zpub depending on the type of wallet). The master private key is used to compute a set of daughter private keys, while the master public key is used to compute the corresponding set of public keys, so that daughter private and public keys are associated two by two. Of course, since the extended public key is mathematically derived from the master private key, knowledge of the master private key alone is sufficient to derive the set of daughter private and public keys.

From a given public key, the bitcoin address that corresponds to it is in fact nothing more than the hash (and even the “double hash”) of that public key. This extra step allows the public key to be kept secret as long as no expenditure has been made from the associated bitcoin address.

Thus, a bitcoin wallet consists of a multitude of bitcoin addresses, each controlled by and derived from a corresponding private key, all deterministically linked to a master private key and the seed from which the master private key was derived. Since the seed is a randomly generated 256-bit number, there is no need for a central authority to assign bitcoin addresses. Instead, each user who wants to create a new bitcoin wallet simply draws a random 256-bit number from which he/she can derive a set of key pairs (private and public keys) and their corresponding bitcoin addresses.

Given the total number of possible 256-bit combinations, the probability of two people drawing the same seed at random is so small that it is considered statistically zero.

2. Can I restore my bitcoin wallet from a seed?

The reason why a seed representation convention based on a list of 12 or 24 mnemonic words has been widely adopted within the bitcoin space is that it enables a person to save his/her entire bitcoin wallet easily and securely. Indeed, if you lose the device on which your wallet is located, you can regenerate the wallet (i.e. all the key pairs and addresses) from the seed, and thus regain access to your precious bitcoins. In other words, the seed key can act as a sort of back-up code for when you lose access to the private keys of your wallet (e.g. you lose your hardware wallet device).

While the seed key alone is theoretically sufficient, it is also considered good practice to, in addition, save another piece of data that can save a lot of time when restoring your bitcoin wallet: the derivation path. The derivation path is a piece of information that defines which master private key will be derived from the seed.

A typical derivation path has the following form: m/44’/0’/0′. The first number, 44, indicates the goal, in this case the construction of a deterministic wallet following the specification introduced in BIP0044 (a BIP stands for Bitcoin Improvement Proposal). The second number, here 0, designates the protocol concerned (in this case, the number 0 indicates the bitcoin protocol). And the last number is simply the wallet ID in question. Indeed, it is perfectly possible to create several separate bitcoin wallets (called “accounts”) from the same seed. If you create your first wallet with the software, the last number will default to 0. Then, for the second bitcoin wallet you create, it will be 1, and so on.

It should also be noted that since the arrival of SegWit in 2017, 2 new BIPs (49 and 84) have emerged to allow the derivation of SegWit-compatible addresses. Thus, a SegWit account (with addresses starting in “bc1”) will have a derivation path of the form m/84’/0’/0′: we simply replaced the BIP number with the one in which the corresponding key derivation mechanism is specified.

Illustration of a multiple wallets set up based on a single seed. Each wallet has a different derivation path.

If you have your seed but didn’t write down your derivation path(s) prior to losing access to your private keys, don’t worry. Websites like walletsrecovery.org compile the derivation paths used by a variety of software and hardware wallets (including the hardware wallets Trezor One and Trezor Model T, which you can find here), so you can always check and find the correct derivation path on said website.

3. How can a single seed key represent my entire bitcoin wallet?

The notion that a single list of 24 mnemonic words can represent an entire bitcoin wallet and allow for its full recovery in case of loss is not very intuitive.

Indeed, we tend to think that 24 words is not that much. However, you have to keep in mind that these 24 words are chosen among a set list of 2048 mnemonic words, as defined in the BIP0039. This means that there are (in essence) 2048^24 (2048 to the 24th power) possible unique combinations of 24 mnemonic words. The space of possibilities is large enough to reach the same entropy as a master private key (2 to the power of 256 possibilities).

Each mnemonic word represents 11 bits. An 11-bit number can represent a decimal number between 0-2047 (which is why there are 2048 words in the list of mnemonic words).

To convert the seed into a sequence of 24 words, the bitcoin wallet software will add 1 bit of checksum to every 32 bits of entropy and then simply cut the resulting 264 bit number into 24 packets of 11 bits each. Each 11 bit number is then easily converted into a word: we take the list of the 2048 mnemonic words of BIP0039 in alphabetical order and take the word whose location is equal to said 11-bit number (in decimal format). For example, if the first 11-bit packet of the seed code is the decimal number 1200, then we select the 1200th word of mentioned mnemonic word list in alphabetical order (i.e. “nominee” for the list in English)

Written by author Fanis Michalakis


Attention! Do you store your cryptocurrencies on an online platform? Please note, in that case you are not the actual owner of your cryptocurrencies!

In particular, you run the risk of losing all your cryptocurrencies, without any recourse, in the event that the online platform or your personal account falls victim to hacking or in the event of an unexpected closure (e.g. insolvency) of the online platform.

Protect yourself against hacking and take real ownership of your cryptocurrencies by storing your cryptocurrencies offline on your very own Trezor hardware wallet. Don’t wait before it’s too late and take immediate action now!

Click on the ‘Buy Now’ button below to buy a Trezor wallet from the official Trezor website.

Trezor Model T – hardware wallet