Cryptocurrency address generator and validator (v1.1)

This webpage is created for educational purpose explaining how cryptocurrency public and private keys are generated.
Do not use this tool in production, otherwise you will lose all your Bitcoins or other cryptocurrencies.
All calculations are done in the browser using Javascript and no data is transmitted to any server. Verify this by inspecting the source code.

The following functionalities are implemented:
- Creating public keys (addresses) and private keys (uncompressed and compressed) for different cryptocurrencies (Bitcoin, Litecoin etc).
All intermediate calculation steps can be seen by enabling checkbox "Show more details".
- Creating paper wallets including QR codes
- Creating vanity addresses

Symbol legend
|| : To indicate the concatenation of two strings on either side of the || symbol.
: The information should be kept secret.
: The information can be made public.

Select cryptocurrency network

Show more details

Reset

Clear all entered and calculated values.

Create random numbers
Choose one of the methods.

Method 1:
Auto generate cryptographically secure random numbers by pressing the "Generate" button or press the ESC key.

This tool uses two methods to generate cryptographic pseudorandom numbers depending if your browser supports it.

The first method is using your browser WebCryptoAPI:
- Mozilla: window.crypto.getRandomValues(array)
- Microsoft: window.msCrypto.getRandomValues(array)
If your browser does not support the WebCryptoAPI it uses the Stanford Javascript Crypto Library (SJCL)
to generate pseudorandom numbers.

The random numbers below are

Method 2:
Roll a 16 sided dice 64 times and enter its in sequential order:

Total number of combinations:
2^(32*8) = 2²⁵⁶ = 115,792,089,237,316,195,423,570,985,008,687,907,853,269,984,665,640,564,039,457,584,
007,913,129,639,936 (78 digits or approximately 10⁷⁷)
The number of atoms in the entire observable universe is estimated to be within the range of 10⁷⁸ to 10⁸²
A valid random number must be in the interval [1, n - 1], where:
n = FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141
See: secp256k1 elliptic curve domain parameters
If you use this method make sure the chosen numbers are truly random.
One way is to use a 16 sided dice.

If you only have one dice you need to roll it 64 times.
If you have four dices (dice color blue, green, yellow and black) you need to roll them 16 times.

Method 3:
Enter password / passphrase.
This method is highly insecure. Hackers are able to steal your Bitcoins or other cryptocurrencies using this method.
Make it at least 16 characters long and use letters, numbers and special characters.
Random number = SHA256(SHA256(password / passphrase)))

PrivateKey in different formats

The random number is converted into a large hexadecimal value, 32 bytes or 64 characters (chars) long.
A valid PrivateKeyHex must be in the interval [1, n - 1], where:
n = FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141
See: secp256k1 elliptic curve domain parameters
Look at method 2 and append each hexadecimal value, this will form the PrivateKeyHex value.
The PrivateKeyHex value is used to create the PrivateKey Wallet Import Format (WIF) Uncompressed or
PrivateKey Wallet Import Format (WIF) Compressed.

PrivateKeyHex

chars

The PrivateKeyHex value can also be encoded into a Base58 value.
It is similar to Base64 but has been modified to avoid both non-alphanumeric characters and letters which might
look ambiguous when printed. Compared to Base64, the following letters have been omitted from the alphabet:
0 (zero), O (capital o), I (capital i) and l (lower case L) as well as the non-alphanumeric characters + (plus) and
/ (slash). This number is not used within this tool and is only displayed here for educational purpose.

PrivateKeyBase58

chars

The PrivateKeyHex value can also be encoded into a Base64 value.
This number is not used within this tool and is only displayed here for educational purpose.

PrivateKeyBase64

chars

The 32 random numbers can also be converted into a comma separated decimal value string.
This number is not used within this tool and is only displayed here for educational purpose.

PrivateKeyDec

The PrivateKeyHex value can also be encoded into a binary value.
This value will be used to calculate the public key.

PrivateKeyBin

chars

Calculate

PrivateKey Wallet Import Format (WIF) Uncompressed

Each cryptocurrency privateKey has their own prefix version number (Bitcoin= 0x80, Litecoin=0xB0, etc).
Prepend this version number in front of the PrivateKeyHex value.
The prefix version number is always 1 byte in size and the PrivateKeyHex is 32 bytes.
The PrivateKeyVersion value is always (1+32=) 33 bytes or 66 characters long.

PrivateKeyVersion =
Version "

" || PrivateKeyHex

chars

Hash the PrivateKeyVersion value using the cryptographic hash function SHA256.
This Secure Hash Algorithm generates a 256-bit (32-byte) signature which cannot be decrypted back
to the original value (it is a one-way cryptographic function).
The HashA1 value is always 32 bytes or 64 characters long.

HashA1 =
SHA256(PrivateKeyVersion)

chars

Hash the HashA1 value using the same cryptographic hash function SHA256.
The HashA2 value is always 32 bytes or 64 characters long.

HashA2 =
SHA256(HashA1)

chars

Get the first 4 bytes (or first 8 characters) of the HashA2 value.
These 4 bytes is the checksum value which will be used to validate the address.
The ChecksumA value is always 4 bytes or 8 characters long.

ChecksumA
(first 4 bytes of HashA2)

chars

Append the ChecksumA value at the end of the PrivateKeyVersion value.
The PrivateKeyChecksum value is always (33+4=) 37 bytes or 74 characters long.

PrivateKeyChecksum = PrivateKeyVersion || ChecksumA

chars

The PrivateKey Wallet Import Format (WIF) Uncompressed is the PrivateKeyChecksum value encoded into a
Base58 value. The PrivateKeyWIFUncompressed value must be kept secret and can be converted into QR codes
and can be printed on paper wallets.

If your software uses the PrivateKeyWIFUncompressed value, it also means you are the using the
PublicKeyUncompressed.

It is recommended to always to use the compressed public key (PublicKeyCompressed) and the compressed
private key (PrivateKeyWIFCompressed. If your software does not support the compressed keys you can use
the uncompressed public key (PublicKeyUncompressed) and uncompressed private key
(PrivateKeyWIFUncompressed).

PrivateKeyWIFUncompressed

= Base58(PrivateKeyChecksum)

chars

Calculate

PrivateKey Wallet Import Format (WIF) Compressed

Each cryptocurrency has their own prefix version number (Bitcoin= 0x80, Litecoin=0xB0, etc).
Prepend this version number in front of the PrivateKeyHex value and also append the value 0x01
to indicate that it correspond to a compressed public key. The prefix version number and compression flag
is always 1 byte in size and the PrivateKeyHex is 32 bytes.
The PrivateKeyVersionComp value is always (1+32+1=) 34 bytes or 68 characters long.

PrivateKeyVersionComp =
Version "

" || PrivateKeyHex || "01"

chars

Hash the PrivateKeyVersionComp value using the cryptographic hash function SHA256.
This Secure Hash Algorithm generates a 256-bit (32-byte) signature which cannot be decrypted back
to the original value (it is a one-way cryptographic function).
The HashB1 value is always 32 bytes or 64 characters long.

HashB1 = SHA256(PrivateKeyVersionComp)

chars

Hash the HashB1 value using the same cryptographic hash function SHA256.
The HashB2 value is always 32 bytes or 64 characters long.

HashB2 = SHA256(HashB1)

chars

Get the first 4 bytes (or first 8 characters) of the HashB2 value.
These 4 bytes is the checksum value which will be used to validate the address.
The ChecksumB value is always 4 bytes or 8 characters long.

ChecksumB (first 4 bytes of HashB2)

chars

Append the ChecksumB value at the end of the PrivateKeyVersionComp value.
The PrivateKeyChecksumComp value is always (34+4=) 38 bytes or 76 characters long.

PrivateKeyChecksumComp = PrivateKeyVersionComp || ChecksumB

chars

The PrivateKey Wallet Import Format (WIF) Compressed is the PrivateKeyChecksumComp value encoded into a
Base58 value. The PrivateKeyWIFCompressed value must be kept secret and can be converted into QR codes
and can be printed on paper wallets.

If your software uses the PrivateKeyWIFCompressed value, it also means you are the using the
PublicKeyCompressed.

It is recommended to always to use the compressed public key (PublicKeyCompressed) and the compressed
private key (PrivateKeyWIFCompressed. If your software does not support the compressed keys you can use
the uncompressed public key (PublicKeyUncompressed) and uncompressed private key
(PrivateKeyWIFUncompressed).

PrivateKeyWIFCompressed

= Base58(PrivateKeyChecksumComp)

chars

Calculate

PublicKey

Cryptocurrencies like Bitcoin or Litecoin, etc uses the Elliptic Curve (EC) to calculate the public keys.
Elliptic Curve Cryptography (ECC) was invented by Neal Koblitz and Victor Miller in 1985.
A 256-bit ECC public key should provide comparable security to a 3072-bit RSA public key thus less processing
power is required. Elliptic curves are called elliptic because of their relationship to elliptic
integrals in mathematics. Elliptic curves have nothing to do with ellipses. Ellipses are formed by quadratic
curves (x²). Elliptic curves are always cubic (x³).

Cryptocurrencies uses the following elliptic curve equation: y² = x³ + ax + b

Elliptic curve domain parameters over F_p associated with a Koblitz curve secp256k1 Documented by the Standards for Efficient Cryptography Group (www.secg.org)
Parameter	Value
a	a is the constant that define the ellipc curve y² = x³ + ax + b a = 0
b	b is the constant that define the ellipc curve y² = x³ + ax + b b = 7
p	A finite field is a field with a finite number of elements, called its order (the size of the underlying set). The number of elements is the prime number p. F_p is called the prime field of order p, and is the field of residue classes modulo p, where the p elements are denoted 0, ..., p - 1. This means prime number p should be used for all the finite field math operations (better known as modulo operation), for example: y² mod p = (x³ + ax + b) mod p The output of the math operation should never be bigger than the p value. p = 2²⁵⁶ - 2³² - 2⁹ - 2⁸ - 2⁷ - 2⁶ - 2⁴ - 1 = 2²⁵⁶ - 2³² - 977 = Hexadecimal: FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE FFFFFC2F Decimal: 115792089237316195423570985008687907853269984665640564039457584007908834671663
G	The base point G is a predetermined point (x_G, y_G) on the elliptic curve that everyone uses to compute other points on the curve. Often the base point G is displayed in two ways: Compressed form (prefix 02) 02 79BE667E F9DCBBAC 55A06295 CE870B07 029BFCDB 2DCE28D9 59F2815B 16F81798 If the prefix is removed, the value is the x_G coordinate. To get the y_G coordinate, calculate y_G = (x_G³ + 7 )^1/2 Uncompressed form (prefix 04) 04 79BE667E F9DCBBAC 55A06295 CE870B07 029BFCDB 2DCE28D9 59F2815B 16F81798 483ADA77 26A3C465 5DA4FBFC 0E1108A8 FD17B448 A6855419 9C47D08F FB10D4B8 If the prefix is removed, the first half of the value is the x_G coordinate and the last half is the y_G coordinate.
x_G	Hexadecimal: 79BE667E F9DCBBAC 55A06295 CE870B07 029BFCDB 2DCE28D9 59F2815B 16F81798 Decimal: 55066263022277343669578718895168534326250603453777594175500187360389116729240
y_G	Hexadecimal: 483ADA77 26A3C465 5DA4FBFC 0E1108A8 FD17B448 A6855419 9C47D08F FB10D4B8 Decimal: 32670510020758816978083085130507043184471273380659243275938904335757337482424
n	The prime n which is the order of base point G. The parameter n determines which is the maximum value that can be turned into a Bitcoin private key. Any 256-bit number in the range [1, n - 1] is a valid private key. Hexadecimal: FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE BAAEDCE6 AF48A03B BFD25E8C D0364141 Decimal: 115792089237316195423570985008687907852837564279074904382605163141518161494337 Thus any 256-bit number from 0x1 to 0xFFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE BAAEDCE6 AF48A03B BFD25E8C D0364140 is a valid private key.
h	The cofactor: 01

Elliptic curve properties

If a line intersects two points P and Q, it intersects a third point on the curve -R.
If a line is tangent to the curve, it intersects another point on the curve.
All vertical lines intersects the curve at infinity.

Adding two distinct points P and Q on an elliptic curve (P ≠ Q)

Fig. 1 Geometry approach
- Draw a straight line between P (x₁, y₁) and Q (x₂, y₂).
- The line will intersect the elliptic curve at exactly one more point -R (x₃, -y₃).
- The reflection of the point -R with respect to x-axis gives the point R (x₃, y₃), which is the results of
  addition of points P and Q.
Mathematical approach
- The point slope form of the line:
  λ = ( y₂ - y₁ ) / ( x₂ - x₁ )
  λ ( x₂ - x₁ ) = ( y₂ - y₁ )
  
  Let ( x, y ) be any point on the curve. Repace (x₂, y₂) with ( x, y ):
  λ ( x - x₁ ) = ( y - y₁ )
- The slope-intercept form of the line:
  λ ( x - x₁ ) + y₁ = y
  λx - λx₁ + y₁ = y
  λx + y₁ - λx₁ = y [Equation 1]
  
  Create variable: β = y₁ - λx₁
  
  Implement variable β in Equation 1:
  y = λx + β [Equation 2]
- Finding coordinates point R (x₃, y₃):
  y = λx + β
  y² = ( λx + β )²
  
  the ellipc curve: y² = x³ + ax + b
  ( λx + β )² = x³ + ax + b
  ( λx )² + 2βλx + β² = x³ + ax + b
  x³ + ax + b - ( λx )² - 2βλx - β² = 0
  x³ - λ²x² + ax - 2βλx + b - β² = 0
  x³ - λ²x² + (a - 2βλ)x + (b - β²) = 0 [Equation 3]
  
  Equation 3 represents a monic polynomial, it means is that the coefficient of the highest power
  of x which is x³ is 1. A property of monic polynomials is that the sum of their roots (x₁, x₂, x₃)
  is equal to the negative of the coefficient of the second highest power.
  Notice that the coefficient of x² is -λ², thus:
  x₁ + x₂ + x₃ = λ²
  x₃ = λ² - x₁ - x₂
  
  x₃ and y₃ must be on the straight line y = λx + β:
  y₃ = λx₃ + β
  y₃ = λx₃ + (y₁ - λx₁)
  y₃ = λ(x₃ - x₁) + y₁
  
  Point -R has the coordinate (x₃, -y₃). The reflection of the point -R with respect to x-axis gives the
  point R (x₃, y₃), which is the results of addition of points P and Q.
  This means you need to multiple y₃ with -1:
  y₃ = λ(x₁ - x₃) - y₁
- Implement modulo p to limit points (x_R, y_R) in finite field F_p:
  A straight line will intersect an elliptic curve at three points P (x₁, y₁), Q (x₂, y₂) and -R (x₃, -y₃).
  The reflection of the point -R with respect to x-axis gives the point R (x₃, y₃), which is the result of
  addition of points P and Q.
  λ = ( y₂ - y₁ ) / ( x₂ - x₁ )
  x₃ = λ² - x₁ - x₂
  y₃ = λ(x₁ - x₃) - y₁
  
  Make point Q the same as the Generator point G (see secp256k1 elliptic curve domain
  parameters), repace point P coordinates (x₁, y₁) with ( x, y ) to indicate it can be any coordinate on
  the curve and R coordinates (x₃, y₃) with (x_R, y_R) the equations will look like:
  
  λ = ( y_G - y ) / ( x_G - x)
  x_R = λ² - x - x_G
  y_R = λ(x - x_R) - y
  
  The last three math operations may output real numbers (ℝ).
  Real numbers are numbers that can be positive or negative and have decimal places after the point.
  Example: ℝ = {..., -5, -2.5, 0, 3, 6.334, ...}.
  In ECC we never work with real numbers only with integers (ℤ) so there are no inaccuraties
  due to rounding errors.
  Integers are positive numbers and have no decimal places after the point.
  Example: ℤ = {0, 1, 2, 3, ...}
  To make the calculations go faster a finite number of integers are to be used (F_p).
  The finite field (F_p) make working with curves a completely different concept.
  The curves when graphed over a finite field do not even resemble fig 1.
  When modulo p is applied, the equations of adding two points (ECAdd) will look like:
  
  λ = ( y_G - y ) modinv( x_G - x) (mod p)
  x_R = λ² - x - x_G (mod p)
  y_R = λ(x - x_R) - y (mod p)

Doubling point P on an elliptic curve. Same as moving point Q to same location as point P (P = Q)

Fig. 2 Geometry approach
- Draw a tangent line to the elliptic curve at point P.
- The line intersects the elliptic curve at the point -R.
- The reflection of the point -R with respect to x-axis gives the point R, which is the results of
  doubling of point P.
Mathematical approach
- The slope of the tangent at a point P (x₁, y₁):
  The ellipc curve: y² = x³ + ax + b
  2ydy = 3x²dx + a
  a = 0, see secp256k1 elliptic curve domain parameters
  2ydy = 3x²dx
  (2ydy)/dx = 3x²
  (dy/dx) = (3x²)/(2y)
  λ = (dy/dx)
  λ = (3x²)/(2y)
  λ = (3x₁²)/(2y₁)
- Finding coordinates point R (x₃, y₃):
  Equation 3 represents a monic polynomial, it means is that the coefficient of the highest power
  of x which is x³ is 1. A property of monic polynomials is that the sum of their roots (x₁, x₂, x₃)
  is equal to the negative of the coefficient of the second highest power.
  Notice that the coefficient of x² is -λ², thus:
  x₁ + x₂ + x₃ = λ²
  
  But point Q (x₂, y₂) is the same as point P (x₁, y₁), thus:
  x₁ + x₁ + x₃ = λ²
  x₃ = λ² - 2x₁
  
  x₃ and y₃ must be on the straight line (see Equation 2): y = λx + β:
  y₃ = λx₃ + β
  y₃ = λx₃ + (y₁ - λx₁)
  y₃ = λ(x₃ - x₁) + y₁
  
  Point -R has the coordinate (x₃, -y₃). The reflection of the point -R with respect to x-axis gives the
  point R (x₃, y₃), which is the results of doubling of point P.
  This means you need to multiple y₃ with -1:
  y₃ = λ(x₁ - x₃) - y₁
- Implement modulo p to limit points (x_R, y_R) in finite field F_p:
  The tangent line will intersect an elliptic curve at points P (x₁, y₁) and -R (x₃, -y₃).
  The reflection of the point -R with respect to x-axis gives the point R (x₃, y₃), which is the result of
  doubling of point P.
  λ = (3x₁²)/(2y₁)
  x₃ = λ² - 2x₁
  y₃ = λ(x₁ - x₃) - y₁
  
  Repace point P coordinates (x₁, y₁) with ( x, y ) to indicate it can be any coordinate on
  the curve and R coordinates (x₃, y₃) with (x_R, y_R) the equations will look like:
  
  λ = (3x²)/(2y)
  x_R = λ² - 2x
  y_R = λ(x - x_R) - y
  
  The last three math operations may output real numbers (ℝ).
  Real numbers are numbers that can be positive or negative and have decimal places after the point.
  Example: ℝ = {..., -5, -2.5, 0, 3, 6.334, ...}.
  In ECC we never work with real numbers only with integers (ℤ) so there are no inaccuraties
  due to rounding errors.
  Integers are positive numbers and have no decimal places after the point.
  Example: ℤ = {0, 1, 2, 3, ...}
  To make the calculations go faster a finite number of integers are to be used (F_p).
  The finite field (F_p) make working with curves a completely different concept.
  The curves when graphed over a finite field do not even resemble fig 2.
  When modulo p is applied, the equations of doubling a point (ECDouble) will look like:
  
  λ = (3x²) modinv(2y) (mod p)
  x_R = λ² - 2x (mod p)
  y_R = λ(x - x_R) - y (mod p)

Procedure to calculate x and y

Step	Description
1	Get the Generator point G (x_G, y_G) Get the number of points in the field: n Get the PrivateKeyHex
2	if ( PrivateKeyHex >= n ) { Show error "PrivateKeyHex is too large." } else { Continue with step 3 }
3	Convert PrivateKeyHex to PrivateKeyBin
4	i = 0 x = x_G y = y_G
5	Point R (x_R, y_R) = ECDouble(x, y) x = x_R y = y_R
6	if ( PrivateKeyBin[ i ] == 1 ) { Point R (x_R, y_R) = ECAdd(x, y) x = x_R y = y_R }
7	i = i + 1
8	if ( i < PrivateKeyBin.length ) { continue with step 5 }
9	x = x_R y = y_R

See Procedure to calculate x and y.
The x value is always 32 bytes or 64 characters long.

chars

See Procedure to calculate x and y.
The y value is always 32 bytes or 64 characters long.

chars

The PublicKey is the concatenation of the calculated x and y value.
The PublicKey is always 64 bytes or 128 characters long.

PublicKey =
x || y

chars

Calculate

PublicKey Uncompressed

There are two types of PublickKeys, the compressed and uncompressed.
Prepend prefix value "04" in front of the PublickKey value to indicate that the PublickKey is uncompressed.
The prefix value is always 1 byte in size and the PublickKey is 64 bytes.
The PublicKeyVersion value is always (1+64=) 65 bytes or 130 characters long.

The public keys are either 33 bytes (PublicKey Compressed, PublicKeyVersionComp) or 65 bytes long
(PublicKey Uncompressed, PublicKeyVersion). Compressed keys only specify the x coordinate plus an 1 byte
flag indicating which side of the symmetrical curve the point is on, which allows y to be derived.
Uncompressed keys is represented by two coordinates (x, y) and there is a 1 byte prefix added.
Bitcoin originally only used uncompressed public keys, but since v0.6 compressed are now used.
It is recommended to use the compressed public keys (PublicKeyVersionComp) because they are smaller,
resulting in smaller transactions on the network, saving block chain size for everyone.

PublicKeyVersion =
"04" || PublicKey

chars

Hash the PublicKeyVersion value using the cryptographic hash function SHA256.
This Secure Hash Algorithm generates a 256-bit (32-byte) signature which cannot be decrypted back
to the original value (it is a one-way cryptographic function).
The HashC1 value is always 32 bytes or 64 characters long.

HashC1 =
SHA256(PublicKeyVersion)

chars

Hash the HashC1 value using the cryptographic hash function RIPEMD160.
The RIPEMD160 (RACE Integrity Primitives Evaluation Message Digest) generates a 160-bit (20-byte) signature
which cannot be decrypted back to the original value (it is a one-way cryptographic function).
The HashC2 value is always 20 bytes or 40 characters long.

HashC2 =
RIPEMD160(HashC1)

chars

Each cryptocurrency publicKey has their own prefix version number (Bitcoin= 0x00, Litecoin=0x30, etc).
Prepend this version number in front of the HashC2 value.
The prefix version number is always 1 byte in size and the HashC2 is 20 bytes.
The PublicKeyVersionHashC value is always (1+20=) 21 bytes or 42 characters long.

PublicKeyVersionHashC =
Version "

" || HashC2

chars

Hash the PublicKeyVersionHashC value using the cryptographic hash function SHA256.
This Secure Hash Algorithm generates a 256-bit (32-byte) signature which cannot be decrypted back
to the original value (it is a one-way cryptographic function).
The HashC3 value is always 32 bytes or 64 characters long.

HashC3 = SHA256(PublicKeyVersionHashC)

chars

Hash the HashC3 value using the cryptographic hash function SHA256.
This Secure Hash Algorithm generates a 256-bit (32-byte) signature which cannot be decrypted back
to the original value (it is a one-way cryptographic function).
The HashC4 value is always 32 bytes or 64 characters long.

HashC4 = SHA256(HashC3)

chars

Get the first 4 bytes (or first 8 characters) of the HashC4 value.
These 4 bytes is the checksum value which will be used to validate the address.
The ChecksumC value is always 4 bytes or 8 characters long.

ChecksumC (first 4 bytes of HashC4)

chars

Append the ChecksumC value at the end of the PublicKeyVersionHashC value.
The PublicKeyChecksumC value is always (21+4=) 25 bytes or 50 characters long.

PublicKeyChecksumC = PublicKeyVersionHashC || ChecksumC

chars

The Public Address Uncompressed is the PublicKeyChecksumC value encoded into a
Base58 value. The PublicKeyUncompressed value can be made public and can be converted into QR codes
and can be printed on paper wallets.

If your software uses the PrivateKeyWIFUncompressed value, it also means you are the using the
PublicKeyUncompressed.

It is recommended to always to use the compressed public key (PublicKeyCompressed) and the compressed
private key (PrivateKeyWIFCompressed. If your software does not support the compressed keys you can use
the uncompressed public key (PublicKeyUncompressed) and uncompressed private key
(PrivateKeyWIFUncompressed).

To check if a PublicKeyUncompressed has a valid checksum enter a new PublicKeyUncompressed address
and press the Validate button.
This button does not update previous values, for example PublicKeyChecksumC, ChecksumC, etc.

PublicKeyUncompressed

= Base58(PublicKeyChecksumC)

chars

the

PublicKeyUncompressed address on Blockchain.info.

Calculate

PublicKey Compressed

If y is even, prefix value 02 (1 byte) is appended to value x.
If y is odd, prefix value 03 (1 byte) is appended to value x.

y is odd or even

The prefix value (1 byte) is appended to value x.
PublicKeyVersionComp is always (1 + 32) = 33 bytes or 66 characters long.

The public keys are either 33 bytes (PublicKey Compressed, PublicKeyVersionComp) or 65 bytes long
(PublicKey Uncompressed, PublicKeyVersion). Compressed keys only specify the x coordinate plus an 1 byte
flag indicating which side of the symmetrical curve the point is on, which allows y to be derived.
Uncompressed keys is represented by two coordinates (x, y) and there is a 1 byte prefix added.
Bitcoin originally only used uncompressed public keys, but since v0.6 compressed are now used.
It is recommended to use the compressed public keys (PublicKeyVersionComp) because they are smaller,
resulting in smaller transactions on the network, saving block chain size for everyone.

PublicKeyVersionComp =
Prefix || x

chars

Hash the PublicKeyVersionComp value using the cryptographic hash function SHA256.
This Secure Hash Algorithm generates a 256-bit (32-byte) signature which cannot be decrypted back
to the original value (it is a one-way cryptographic function).
The HashD1 value is always 32 bytes or 64 characters long.

HashD1 =
SHA256(PublicKeyVersionComp)

chars

Hash the HashD1 value using the cryptographic hash function RIPEMD160.
The RIPEMD160 (RACE Integrity Primitives Evaluation Message Digest) generates a 160-bit (20-byte) signature
which cannot be decrypted back to the original value (it is a one-way cryptographic function).
The HashD2 value is always 20 bytes or 40 characters long.

HashD2 =
RIPEMD160(HashD1)

chars

Each cryptocurrency publicKey has their own prefix version number (Bitcoin= 0x00, Litecoin=0x30, etc).
Prepend this version number in front of the HashD2 value.
The prefix version number is always 1 byte in size and the HashD2 is 20 bytes.
The PublicKeyVersionHashD value is always (1+20=) 21 bytes or 42 characters long.

PublicKeyVersionHashD =
Version "

" || HashD2

chars

Hash the PublicKeyVersionHashD value using the cryptographic hash function SHA256.
This Secure Hash Algorithm generates a 256-bit (32-byte) signature which cannot be decrypted back
to the original value (it is a one-way cryptographic function).
The HashD3 value is always 32 bytes or 64 characters long.

HashD3 = SHA256(PublicKeyVersionHashD)

chars

Hash the HashD3 value using the cryptographic hash function SHA256.
This Secure Hash Algorithm generates a 256-bit (32-byte) signature which cannot be decrypted back
to the original value (it is a one-way cryptographic function).
The HashD4 value is always 32 bytes or 64 characters long.

HashD4 = SHA256(HashD3)

chars

Get the first 4 bytes (or first 8 characters) of the HashD4 value.
These 4 bytes is the checksum value which will be used to validate the address.
The ChecksumD value is always 4 bytes or 8 characters long.

ChecksumD (first 4 bytes of HashD4)

chars

Append the ChecksumD value at the end of the PublicKeyVersionHashD value.
The PublicKeyChecksumD value is always (21+4=) 25 bytes or 50 characters long.

PublicKeyChecksumD = PublicKeyVersionHashD || ChecksumD

chars

The Public Address Compressed is the PublicKeyChecksumD value encoded into a
Base58 value. The PublicKeyCompressed value can be made public and can be converted into QR codes
and can be printed on paper wallets.

If your software uses the PrivateKeyWIFCompressed value, it also means you are the using the
PublicKeyCompressed.

It is recommended to always to use the compressed public key (PublicKeyCompressed) and the compressed
private key (PrivateKeyWIFCompressed. If your software does not support the compressed keys you can use
the uncompressed public key (PublicKeyUncompressed) and uncompressed private key
(PrivateKeyWIFUncompressed).

To check if a PublicKeyCompressed has a valid checksum enter a new PublicKeyCompressed address
and press the Validate button.
This button does not update previous values, for example PublicKeyChecksumD, ChecksumD, etc.

PublicKeyCompressed

= Base58(PublicKeyChecksumD)

chars

the

PublicKeyCompressed address on Blockchain.info.

Generate

Vanity PublicKey Uncompressed/Compressed

Vanity PublicKey
Uncompressed/Compressed

The

publicKey starts with prefix "

" vanity letters

The publicKey is and the vanity letters are

case sensitive

Total iterations

Generated vanity publicKey

Public and Private keys QR codes

Make printer friendly page to create paper wallet

Public Address Uncompressed - BITCOIN	Private Key (Wallet Import Format) Uncompressed - BITCOIN
Share / Deposit / Verify	Secret

Public Address Compressed - BITCOIN	Private Key (Wallet Import Format) Compressed - BITCOIN
Share / Deposit / Verify	Secret

If you've found this tool useful feel free to send me a tip: BTC 18aiWtmkfVCpoXM7ADj6aRyCfoB6QjsZ3r

Disclaimer:

Use this tool at your own risk! All information on this page is provided "as is", without any warranty.
Mobilefish.com will not be liable for any damages, loss of profits or any other kind of loss you may sustain by using this tool.