What are steps 4-9 in bitcoin address generation for?

2

From a perspective of generating collisions, it appears that many of the steps outlined in https://en.bitcoin.it/wiki/Technical_background_of_Bitcoin_addresses do not need to be computed by any would be attacker.

For any address which has spent an input, the ECDSA public key is in the block chain, rendering steps 2-9 unneeded to check for a collision.

For any address which has not spent any inputs, the RIPEMD-160(SHA-256(publickey)) is available in the blockchain, rendering steps 4-9 unneeded to check for a collision.

Thus, what purpose do steps 4 through 9 of the address generation serve? Why not simply BASE58(0x00 RIPEMD-160(SHA256(publickey)))?

extcoin

Posted 2013-10-23T13:47:38.943

Reputation: 219

Answers

3

Steps 5 to 8 are the checksum (a rudimentary error detection code). They make sure that if the user makes a typo when writing down the address, the resulting address will be invalid and the coins will not be sent to oblivion. (The checksum used isn't perfect so this could happen, but rare)

In addition, step 4 is the version byte, it makes sure that humans looking at the address understand what it represents - pay to pubkey hash, pay to script hash, or a different network.

Step 2 and 3 make sure that receiving funds does not require publishing the public key. This helps if ECDSA is compromised, either by algorithm research or quantum computers. For this and other reasons, it is recommended to avoid receiving funds to an address from which funds were previously sent.

You've mentioned "check for a collision" in your question - none of the steps serve to check for a collision, it is assumed that collisions are impossibly unlikely.

Meni Rosenfeld

Posted 2013-10-23T13:47:38.943

Reputation: 18 542

Asked: 2013-10-23T13:47:38.943

Viewed: 291 times

Active: 2013-10-23T16:10:26.143