Last Updated on April 14, 2026 by Snout0x
When someone sends you cryptocurrency, they use your wallet address. That address was not generated directly. It was derived from your public key through a series of hashing and encoding steps. The process of public key to wallet address conversion follows a specific cryptographic sequence, and each step has a reason. This article walks through how address generation works on Bitcoin and Ethereum, why addresses differ from public keys, and what this means for wallet security and privacy.
This content is for educational purposes only and should not be considered financial or investment advice.
Disclaimer: This content is for educational and informational purposes only and does not constitute financial, investment, tax, or legal advice. Cryptocurrency markets are volatile and involve risk. Always conduct your own research and consult a qualified professional before making financial decisions.
Affiliate Disclosure: Some links in this article may be affiliate links. If you choose to use them, I may earn a commission at no additional cost to you.
Key Takeaways
- The address is not the public key: A wallet address is a hashed, encoded version of the public key. The two are mathematically linked but are different strings. Sharing your address does not reveal your raw public key.
- Bitcoin applies two hash functions: Bitcoin runs the public key through SHA-256 and then RIPEMD-160, adds a checksum, and encodes the result in Base58. The output is significantly shorter than the raw public key.
- Ethereum uses a simpler process: Ethereum applies Keccak-256 to the public key and takes the last 20 bytes as a hex string. One hash function, no Base58 encoding, and a 0x prefix.
- Checksums catch typos before they become losses: Most address formats include a short checksum so wallet software can reject a mistyped address before any transaction is broadcast.
- HD wallets produce unique addresses from one seed: Hierarchical deterministic wallets derive a separate key pair and fresh address for every transaction. This protects privacy without requiring separate seed phrases.
The Derivation Chain in Simple Terms
Every crypto wallet builds on the same chain of derivation. A private key generates a public key. A public key generates a wallet address. Each step moves in one direction only. You cannot reverse any of them.
The private key is the root. It is a 256-bit random number that never leaves your wallet software unless you explicitly export it. Running that number through elliptic curve multiplication on the secp256k1 curve produces the public key. The public key encodes a point on that curve and is expressed as either a 65-byte uncompressed number or a 33-byte compressed number. Modern wallets use the compressed form.
The wallet address comes next. It is produced by hashing the public key, adding formatting data, and encoding the result into a human-readable string. The address is shorter than the public key and looks nothing like it. The connection is mathematical, not visual, and it cannot be traced backward.
Step by Step: How Bitcoin Creates an Address
Bitcoin’s legacy address generation follows a six-step process. Each step has a specific purpose, and understanding them explains why the final address looks the way it does.
- Start with the compressed public key. This is a 33-byte hexadecimal string derived from the private key.
- Apply SHA-256. This produces a 32-byte hash of the public key.
- Apply RIPEMD-160 to the SHA-256 output. This produces a 20-byte hash. The combination of these two steps is called HASH160, and the result is known as the public key hash (PKH).
- Prepend a version byte. For mainnet legacy addresses, the version byte is 0x00.
- Generate a checksum. Run double SHA-256 on the versioned hash. Take the first four bytes of the result and append them to the end of the versioned hash.
- Apply Base58Check encoding. Convert the full byte string to Base58 notation. Legacy mainnet addresses start with 1.
SegWit addresses follow a variation of this process. P2WPKH (Pay-to-Witness-Public-Key-Hash) and Taproot addresses use Bech32 or Bech32m encoding rather than Base58Check. The hashing logic is similar, but the encoding format is different and produces the familiar bc1 prefix. The table below summarizes the main Bitcoin address formats.
| Address Type | Encoding | Prefix | Notes |
|---|---|---|---|
| Legacy (P2PKH) | Base58Check | 1 | Original format; still widely supported |
| P2SH | Base58Check | 3 | Script hash addresses; used for multisig |
| SegWit (P2WPKH) | Bech32 | bc1q | Lower fees, lower error rate |
| Taproot (P2TR) | Bech32m | bc1p | Improved privacy and scripting flexibility |
How Ethereum Generates Addresses
Ethereum’s address generation process is shorter. Bitcoin applies two hash functions and encodes the result in Base58. Ethereum applies one hash function and outputs the result as raw hex. Same underlying logic, fewer steps.
- Start with the uncompressed 64-byte public key. The leading 04 byte marking it as uncompressed is dropped before hashing.
- Apply Keccak-256. This produces a 32-byte hash.
- Take the last 20 bytes of the Keccak-256 output (the rightmost 40 hex characters).
- Add the 0x prefix.
The result is a 42-character string. Every EVM-compatible chain uses the same address format: Ethereum, Polygon, Arbitrum, Base, and others all produce addresses that look identical. This creates a specific risk. Sending to the right address on the wrong chain does not destroy funds outright, but recovery can be complicated and is not always possible without access to the destination chain’s tools.
Ethereum also supports EIP-55 checksum encoding. Certain letters in the address are capitalized based on the Keccak hash of the lowercase version of the address. Wallets handle this automatically. If a tool flags an address as lacking a checksum, it usually means the address is in fully lowercase form rather than EIP-55 mixed-case form. Both are valid. The capitalized version catches transcription errors.
Why Addresses Look Nothing Like Public Keys
This confuses many beginners. A compressed Bitcoin public key is 33 bytes expressed in hex: something like 02a34b... running 66 characters long. A Bitcoin address is 26 to 35 characters in Base58. They share no visible resemblance.
The reason is how hash functions work. SHA-256 and RIPEMD-160 do not compress data the way a zip file does. They transform it entirely. The same input always produces the same output, but the output reveals nothing about what was fed in. This one-way behavior is what makes them cryptographically useful.
The separation also has a security rationale. When you receive funds to an address but have never spent from it, your public key is not on the blockchain. Only the hashed address is public. If elliptic curve cryptography were ever weakened by advances in quantum computing, addresses that have never exposed their underlying public key would be harder to target. This protection disappears the first time you spend from that address, since the spending transaction signature reveals the public key. Understanding the full derivation chain from blockchain fundamentals up is what makes this distinction clear.
HD Wallets and Multiple Addresses from One Seed
HD wallets (hierarchical deterministic wallets) implement BIP32 to derive an entire tree of key pairs from a single seed phrase. Each branch of the tree produces its own private key, which generates its own public key and wallet address. The seed phrase is the root. Everything else is derived from it.
When you click “generate new receiving address” in your wallet, the wallet is deriving a new branch of the tree. The resulting address looks completely unrelated to your other addresses. On the blockchain, there is no visible link between them. An outside observer cannot easily determine which addresses belong to the same wallet.
This is practical for privacy. Using a fresh address for each incoming transaction limits how much transaction history any single address reveals. Your wallet tracks all derived addresses and shows you the correct combined balance without you needing to manage anything manually.
The seed phrase remains the root of everything. Anyone who obtains your seed phrase can derive every address in the tree. Protecting the seed is still the single most important act of self-custody. Address generation is an automated process. The security depends entirely on keeping the seed secure.
Privacy and the Case Against Address Reuse
Reusing a wallet address works at the protocol level. Funds arrive and balances update correctly. The problems are not technical failures. They are privacy exposures that build over time.
Every transaction sent to or from a reused address is permanently linked on the blockchain. If anyone ever connects that address to your real identity, your full transaction history becomes visible. How much you received, when, and from which other addresses. This is permanent and cannot be reversed.
For legacy P2PKH Bitcoin addresses there is an additional consideration. When you spend from one of these addresses, your transaction signature reveals the public key for the first time. Reusing that address for future receives and spends means the public key remains publicly associated with it. With current computing technology this is not exploitable, but it is a structural weakness that modern address formats and wallet defaults are designed to avoid.
Standard practice is to use a new receiving address for each transaction. Modern HD wallets make this automatic. Reviewing your crypto wallet security habits regularly is a useful way to catch patterns that erode privacy without creating obvious risk.
Common Mistakes
Sending on the wrong network. EVM-compatible chains share the same address format, which makes it easy to send to the right address on the wrong chain. Sending USDC on Polygon to an address you intended to receive on Ethereum does not destroy the funds, but recovering them requires access to the destination chain and is not always straightforward. Sending Bitcoin to an Ethereum address is a different situation: the funds are lost.
Not verifying the full address before sending. Clipboard-hijacking malware silently replaces a copied address with an attacker’s address at the moment you paste. Checking only the first few characters is not sufficient. Verify both the beginning and the end of the address before confirming any transaction. Cold storage setups that display addresses on a separate hardware screen reduce this exposure significantly.
Assuming the checksum protects against all errors. Checksums catch accidental typos. They do not protect against malware substituting a completely valid but wrong address. The checksum confirms format integrity, not recipient identity.
Confusing address format with network. A bc1q SegWit address and a 1-prefix legacy address are both valid Bitcoin addresses on the same network. They are different encoding formats for the same blockchain, not different chains. Sending from one format to another on Bitcoin is normal. Sending Bitcoin to an Ethereum 0x address is not.
Sources
- Bitcoin Wiki: Technical Background of Version 1 Bitcoin Addresses
- Ethereum Developers: Accounts
- BIP32: Hierarchical Deterministic Wallets
- EIP-55: Mixed-Case Checksum Address Encoding
Frequently Asked Questions
What hashing algorithms does Bitcoin use to create a wallet address?
Bitcoin applies SHA-256 to the compressed public key, then applies RIPEMD-160 to the result. This 20-byte output is the public key hash. A version byte and a 4-byte checksum are added before Base58Check encoding produces the final address string.
Can you reverse a wallet address to find the public key?
No. Wallet addresses are the output of one-way hash functions. You cannot reverse RIPEMD-160 or Keccak-256 to retrieve the public key. The public key only becomes visible on the blockchain when you broadcast a spending transaction that includes your signature.
Why do Bitcoin and Ethereum addresses look so different?
Bitcoin uses RIPEMD-160 hashing and Base58Check encoding, producing alphanumeric addresses starting with 1, 3, or bc1. Ethereum uses Keccak-256 and outputs the last 20 bytes as a hex string prefixed with 0x. Different encoding formats, same one-way derivation logic underneath.
Does every blockchain use the same address generation process?
No. Bitcoin, Ethereum, Solana, Cardano, and other networks each implement their own address formats. Some use similar hash functions with different encoding. Others use entirely different elliptic curves or signing schemes. Always verify you are sending to the correct address format for the specific network before broadcasting a transaction.
What is a checksum in a wallet address and what does it protect against?
A checksum is a short value appended to a wallet address that lets software detect whether the address was transcribed with an error. Bitcoin’s Base58Check format includes a 4-byte checksum. Ethereum uses EIP-55 mixed-case capitalization as its checksum. Both protect against accidental typos. Neither protects against malware that substitutes a fully valid but attacker-controlled address at the moment you paste.
——
