Programming Blockchain Part 2:

Addresses and Signatures

Brandon Eng
Mar 24 · 3 min read

In Part 1 of this series, I discussed a lot of the math and fundamentals behind public key cryptography in the case of Bitcoin. In Part 2, my goal is to take an in-depth look at the various formats of addresses, signatures, and the basic encryption underlying them.

SEC Format

At the end of Part 1, I defined public keys as an (x, y) point on a Secp256k1 curve over a prime field. Practically speaking, we don’t want to refer to public key addresses as a coordinate pair. Introducing the SEC format. We can use the SEC format to convert these points to addresses. There are two forms of the SEC format — uncompressed and compressed.

Uncompressed SEC

Uncompressed form is a byte string with 3 elements.

  • Marker: 04
  • X-coordinate: 32 byte string
  • Y-coordinate: 32 byte string

For example with the point (X, Y), we convert X to a byte string, convert Y to a byte string, and add them together as follows.

uncompressed = b’\x04' + x_as_bytes + y_as_bytes

Compressed SEC

Compressed form is a byte string with only 2 elements

  • Marker: 03 (if y-coordinate is odd) or 02 (if y-coordinate is even)
  • X-coordinate: 32 byte string

With the point (X, Y), we first convert X to a byte string. Then we check if Y is odd or even. If Y is odd, we create the compressed SEC format as follows.

compressed = b’\x03' + x_as_bytes

If Y is even, the compressed SEC format looks like

compressed = b’\x02' + x_as_bytes

Convert SEC to an address

The whole point of SEC format is so that we can represent our public keys as addresses. Once we convert it to SEC format (compressed or uncompressed), we can use the following steps to convert it into an address.

  1. RIPEMD160 the SEC formatted string
  2. Prepend the network prefix (00 for mainnet, 6F for testnet)
  3. Add a 32-bit double-SHA256 checksum
  4. Encode the result of step 3 in Base58 to create your address!


Signature Algorithm

The significance of signing is that a person who has kept their private key secret can create a unique signature. If you can successfully create a valid signature, then you can prove that you hold the private key for a particular address.

  1. z = hash of what you’re signing for
  2. e = your secret/private key
  3. k = random number
  4. r = x-coordinate of point k * G(generator point)
  5. s = (z + r * e) / k
  6. Together, r and s form your signature!

Signature Verification

When a signature is created, it represents that the person presenting the signature has the private key secret for a particular address. Without knowing their secret, we can validate their signature with the following steps.

  1. z = hash of what you’re signing for
  2. Public point P = e(secret) * G(generator point)
  3. r and s = the signature
  4. u = z / s
  5. v = r /s
  6. If x-coordinate of point u * G + v * P = r, then signature is valid!

DER Signature Format

Just as we needed the SEC format to represent public keys (x, y) as byte strings, we also need the DER Signature format to represent a signature r and s. The DER Signature consists of 8 elements.

  • Marker: 30
  • Length of signature
  • Marker for r: 02
  • Length of r
  • r: byte string
  • Marker for s: 02
  • Length of s
  • s: byte string

Part 2 of this series is heavily focused on terminology and the format of signatures and addresses. In Part 3, we’ll finally take these pieces of information and use them to build transactions. Stay tuned!

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade