The magic behind Ethereum account addresses
Have you ever wondered what makes Ethereum account addresses so unique and seemingly random? Behind the scenes, there is an elegant and beautiful mathematical process that creates these addresses. The process is not only fascinating to understand, but also essential to the security and functionality of the Ethereum blockchain. In this article, we will dive into the beautiful math behind Ethereum account addresses and explore how it works to ensure the integrity of transactions on the Ethereum network. Whether you are a seasoned blockchain enthusiast or a curious beginner, this exploration of the mathematical foundations of Ethereum is sure to captivate and enlighten.
A typical Ethereum account address looks something like this
0x1f9840a85d5aF5bf1D1762F925BDADdC4201F984It has 20 bytes length and presented in base16 notation that is signified by 0x prefix .
The Address is a product of converting the public key of that account to a format that is the best suitable for Ethereum blockchain software. A raw public key is quite a bulky structure and it would be hard to store it in the blockchain database or use in a transaction structure. Think about it as a way to produce a key for a hash map out of a JSON object with multiple fields.
Public Key to Ethereum Address Format
Here is the algorithm developed by Ethereum blockchain creators to convert Public Key to Address.
- Convert Public Key to a string using this format:
pk_str = 04 + x-coordinate (32 bytes/64 hex) + y-coordinate (32 bytes/64 hex)This format called “uncompressed public key” which is signified by 04 prefix and it looks like this:
04d530a1df86e309ff7dc224dfaeab4f012a9c43ae876305e7f9c47ff0bd6d125cb11909f3c9a0b3cc124a7cedad4bf1c5d23dd18ef9d4f146516505cbbf439c9d
2. Remove 04 prefix and hash this string with Keccak-256 (pronounced as ket-sha-k). The output will be 32 bytes word.
3. Convert the result into base16 hex.
4. Take the last 20 bytes.
The last step is needed to make address as compact as possible while maintaining collision resistance. Some say that it helps security because it would not be possible to derive a Public Key out of it, but because anyone can always derive the Public Key out of a signed transaction I doubt it has any practical value.
Public Key Cryptography
Ok, great, but what is Public Key? How come it has x and y coordinates? To understand this we will need to plunge into the cryptographic foundation of the blockchain.
To begin with, what makes Ethereum blockchain possible is Public Key Cryptography, that defines a way for a party to authenticate a transaction by producing an authentication tag (aka signature) and another party to verify it’s integrity without revealing any private information. Private Key serves as an authentication key or signing key and never revealed, and Public Key acts as verification key (or encryption key).
There are different signing mechanisms available (eg Schorr, DSA), and the one that Ethereum uses called Elliptic Curves Digital Signature Algorithm (ECDSA), that has been around for decades without any attacks being found. It defines 3 operations: Generate, Sign and Verify.
Generating a Secret Key
Cryptographic operation Generate describes how to produce a new set of keys (public and secret) in mathematical terms.
Secret Key is a unform pick of x from ℤ, which is a set of integers. It is defined to have order q , which in Group Theory means simply the number of elements in that group.
It must be picked uniformly, meaning properly randomly. It is very important, because if an attacker manages to predict a next random number she will be able to obtain the Secret Key. (Nice, we learned the first attack vector on Ethereum security system 👍🏻)
Calculating Public Key
While a Secret Key is just an Integer, a Public Key is a point on an elliptic curve and defined by formula pk := sk * g, where
- g is the generator point on that curve,
*is elliptic curve multiplication.
You might have a few questions sticking out right now, but this is where all the magic is, so get yourself a tea and let’s continue.
Elliptic Curves and Discrete Logarithm Problem
First off, why there is a need for the curve, why can’t it be taken from the same group ℤ? If we try to use integer with this formula then given sk = 11 and g = 5, we calculate pk = 55. If you share your pk, everyone can divide it by g and get your Secret Key. This cryptography does not hold. To improve it cryptographers started to use finite cyclic groups 𝔾, that have certain useful properties. This enabled cryptographic alogrithms that drive public key cryptography and also have other uses.
However It wasn’t easy to develop good cyclic groups. First implementations, e.g. multiplicative groups modulo a, were not sufficiently secure, because the discrete logarithm problem defined on those groups was not sufficiently hard (second attack vector 👻), allowing an attacker to calculate the Secret Key.
Finally cryptographers were able to find a practical solution in form of elliptic curves over prime finite fields. Each curve is defined by a set of carefully selected constants that shape the curve equation and also define the set of numbers of which the curve is drawn, so that discrete logarithm problem over that curve (computing sk from pk := sk * g) is hard. (third attack vector 👻) Nowadays cryptographers do not generate the curves themselves, but use the standard ones proposed by NIST such as secp256r1, P256 or secp256k1. To calculate a Secret Key given a Public Key on that curve one has to perform 2^128 group operations. I will let you figure out how long it could take.
Coming back to Public Key calculation and defining the rest of the equation, the generator point on a curve allows us to make operations on the curve, it’s our starting point if you wish and is a part of the curve definition.
And lastly, elliptic curve multiplication means addition of generator point to itself, which produces another point on the curve, by definition. It is also useful eg in distributed key generation. Every participant receives a point P(i) that later can be combined to get P1 + P2 + .. + Pn = PublicKey. The addition operation on elliptic curve requires solving a certain equation and not straightforward. There is a number of optimizations that allow to calculate it quite fast, however reverse calculation takes so much time it is considered impossible.
To sum up, while a Secret Key is chosen simply randomly, there is an elaborate scheme to calculate the Public Key from a Secret Key that keeps the Secret Key hidden. Discrete logarithm problem makes sure this is the case and elliptic curves over prime integers enable it. Then the Public Key is converted into a compact string to be used in the blockchain.
In this article I guided you to the surface of the vast field of math that enables cryptography. We haven’t discussed Sign and Verify operations of ECDSA and didn’t go into any advanced topics. However I hope this article will allow you to see the beauty behind the boring topic of the blockchain account addresses.
Literature
Jonathan Katz and Yehunda Lindell. Introduction to modern cryptography. 3rd edition.
Dan Boneh and Victor Shoup. A Graduate Course in Applied Cryptography.
