Public and private key pairs are the essential first step in owning Bitcoin. A public key allows you to receive Bitcoin, and the corresponding private key keeps them safe. Knowing how these keys are created should be your first step in understanding Bitcoin.
In this article I’m going to show you how a private key is generated for Bitcoin. I will follow up with a part 2 to explain how the public key is generated.
First let’s get some knowledge.
A bit, shorthand for binary digit, is the smallest unit of data in a computer represented as a 0 or 1. Everything you see on your screen is generated by a unique combination of binary digits. For example, here’s the letter A in bits.
A = 01000001
Understanding Random Numbers
A private key in Bitcoin is just a random number between 1 and 2²⁵⁶.
Think about it.
All the private keys that protect all the bitcoins in the world are just different random numbers between 1 and 2²⁵⁶. Theoretically anyone can attempt to guess your private key, but 2²⁵⁶ is such a large number that it would take an attacker billions of years to try all the possible private keys.
To create our private key we need a way to generate a random number. To do this we need to use a number generator that is cryptographically secure. A number generator is cryptographically secure when the number generated cannot be determined or known how it was chosen. Using deterministic number generators puts your private key at risk of being known.
Now that we have some understanding about bits and random numbers, let’s create a private key for Bitcoin.
Step 1: Generate a random set of data
For our purposes of Bitcoin, we need a cryptographically secure number generator to generate our number. To satisfy this requirement we need to generate a random set of data, we will convert this data into a number later.
Here’s some data from swiping my hand across the keyboard and occasionally tapping shift.
Step 2: Convert random data to 256-bit number
Now that we have a random set of data, we can use SHA256 to convert our random set of data into 256 bits.
SHA256 is a hashing algorithm that receives any length input, our random data, and creates a 256-bit digest or hash.
Here’s the SHA256 hash of our random data.
This is not 256 actual binary digits, but it is 256 bits. Our hash from SHA256 is represented in hexadecimal, and contains 64 characters. Each character in the hash represents 4 bits.
64 characters x 4 bits = 256 bits
In order for us to see our number we have to convert our hexadecimal into decimal.
That’s our number! A ridiculously huge number too. If you are curious, this is how you say our large number.
22 quattuorvigintillion 253 trevigintillion 723 duovigintillion 355 unvigintillion 774 vigintillion 722 novemdecillion 335 octodecillion 514 septendecillion 752 sexdecillion 419 quindecillion 334 quattuordecillion 321 tredecillion 201 duodecillion 576 undecillion 740 decillion 247 nonillion 621 octillion 632 septillion 658 sextillion 33 quintillion 392 quadrillion 892 trillion 734 billion 79 million 982 thousand 402
Step 3: Verify Number
Now that we have generated a cryptographically secure 256-bit random number the final thing we need to do is verify if our number is between 1 and 2²⁵⁶.
Our number, even though very large, is still much smaller than the Bitcoin limit of 2²⁵⁶. This means our number qualifies and can now be used as a private key on Bitcoin.
Step 4: Add version number
In Bitcoin every private key on the main net begins with “5”. This makes it easy to identify a private key. In order for us to have our private key start with “5” we need to add 80 to the beginning of our hexadecimal.
I’ll refer to this as our new hexadecimal.
Step 5: Add 32 bit checksum
Typing our private key, because it’s so large, can be prone to errors. Adding a checksum allows us to detect any typing errors when using our private key. To add a checksum to our private key we need to get the double SHA256 hash of our new hexadecimal number.
Here’s the hash of our new hexadecimal.
And here’s the hash of the hash above, also known as a double hash.
Now take the first 8 characters, 32 bits, of the double hash and add it to end our new hexadecimal above.
Step 6: Convert new hexadecimal to base58
To further prevent typing errors we need to convert our private key from hexadecimal to base58. Base58 removes easily mistakable alphanumeric characters o, O, L, and I. The result is 58 characters that can be used to represent our private key.
Here’s our converted base58 private key, which includes the “5” required for every private key on Bitcoin.
And that’s it! You now know how to generate a private key for Bitcoin. Stay tuned for part 2 where I will show you how generate a public key from the private key we created.
The goal of this article is to educate others about Bitcoin and cryptocurrency. If you found this useful please share this article with friends and tap the clap button.
Do not use this number as your private key. Creating a wallet using this private key will make your wallet subject to attacks.