Bitcoin Forum
December 11, 2017, 06:41:48 AM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: The prefix byte (0x04) in public keys  (Read 2342 times)
etotheipi
Legendary
*
expert
Offline Offline

Activity: 1428


Core Armory Developer


View Profile WWW
September 09, 2011, 03:32:17 AM
 #1

I haven't found any documentation mentioning why we have this extra byte in every public-key serialization.  For reference, a public key is always serialized as 65 bytes:  (0x04 | PubKeyX(32B) | PubKeyY(32B)), but that 0x04 byte doesn't appear to serve a purpose.   If I had to guess, I would think it's to identify the length of the ECDSA key, in multiples of 64 bits / 8 bytes.  Or maybe it's the encryption type...?

I hate having to hard-code random bytes into my source files, when it's possible they are actually variable and useful.

Founder and CEO of Armory Technologies, Inc.
Armory Bitcoin Wallet: Bringing cold storage to the average user!
Only use Armory software signed by the Armory Offline Signing Key (0x98832223)

Please donate to the Armory project by clicking here!    (or donate directly via 1QBDLYTDFHHZAABYSKGKPWKLSXZWCCJQBX -- yes, it's a real address!)
1512974508
Hero Member
*
Offline Offline

Posts: 1512974508

View Profile Personal Message (Offline)

Ignore
1512974508
Reply with quote  #2

1512974508
Report to moderator
1512974508
Hero Member
*
Offline Offline

Posts: 1512974508

View Profile Personal Message (Offline)

Ignore
1512974508
Reply with quote  #2

1512974508
Report to moderator
1512974508
Hero Member
*
Offline Offline

Posts: 1512974508

View Profile Personal Message (Offline)

Ignore
1512974508
Reply with quote  #2

1512974508
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1512974508
Hero Member
*
Offline Offline

Posts: 1512974508

View Profile Personal Message (Offline)

Ignore
1512974508
Reply with quote  #2

1512974508
Report to moderator
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1372


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
September 09, 2011, 03:36:04 AM
 #2

I can't point to anything useful, but can vouch for the fact that it must be there when converting a public key to a bitcoin address (via sha256/ripemd160).

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
Pieter Wuille
Legendary
*
qt
Offline Offline

Activity: 1050


View Profile WWW
September 09, 2011, 07:46:35 AM
 #3

Bitcoin uses the standard encoding for public keys, as described in http://www.secg.org/index.php?action=secg,docs_secg. The prefix byte is there to distinguish between several encodings - with 0x04 denoting uncompressed coordinates.

aka sipa, core dev team

Tips and donations: 1KwDYMJMS4xq3ZEWYfdBRwYG2fHwhZsipa
etotheipi
Legendary
*
expert
Offline Offline

Activity: 1428


Core Armory Developer


View Profile WWW
September 09, 2011, 11:07:21 AM
 #4

So is this related to DER?  Looks too lite to be DER (which is similarly used for signatures, but there's like 8 extra bytes floating around).

Is it safe to assume that 0x04 will always be there?

Founder and CEO of Armory Technologies, Inc.
Armory Bitcoin Wallet: Bringing cold storage to the average user!
Only use Armory software signed by the Armory Offline Signing Key (0x98832223)

Please donate to the Armory project by clicking here!    (or donate directly via 1QBDLYTDFHHZAABYSKGKPWKLSXZWCCJQBX -- yes, it's a real address!)
Pieter Wuille
Legendary
*
qt
Offline Offline

Activity: 1050


View Profile WWW
September 09, 2011, 11:29:39 AM
 #5

No, DER is used for signatures, but not for public keys. Several encodings of keys are possible (including patented compressed coordinates), but as Bitcoin depends (through the specification of addresses as ripemd160(sha256(pubkey))) on a normalized encoding, i think it is safe the 0x04 will always be there in the current generation of addresses.

aka sipa, core dev team

Tips and donations: 1KwDYMJMS4xq3ZEWYfdBRwYG2fHwhZsipa
davout
Legendary
*
Offline Offline

Activity: 1372


1davout


View Profile WWW
September 09, 2011, 12:02:44 PM
 #6

Isn't it a way to differentiate testnet addresses also ?

etotheipi
Legendary
*
expert
Offline Offline

Activity: 1428


Core Armory Developer


View Profile WWW
September 09, 2011, 12:15:59 PM
 #7

Quote
Isn't it a way to differentiate testnet addresses also ?

See my diagram on address calculations.  The extra byte for the network gets added to the ripemd160(sha256()) digest.  The 0x04 is appears to be constant across all networks (definitely the same on the test-network)

http://dl.dropbox.com/u/1139081/BitcoinImg/PubKeyToAddr.png

Founder and CEO of Armory Technologies, Inc.
Armory Bitcoin Wallet: Bringing cold storage to the average user!
Only use Armory software signed by the Armory Offline Signing Key (0x98832223)

Please donate to the Armory project by clicking here!    (or donate directly via 1QBDLYTDFHHZAABYSKGKPWKLSXZWCCJQBX -- yes, it's a real address!)
Pieter Wuille
Legendary
*
qt
Offline Offline

Activity: 1050


View Profile WWW
September 09, 2011, 12:38:44 PM
 #8

Correct. The public key format is managed by OpenSSL, bitcoin treats it as a black box.

aka sipa, core dev team

Tips and donations: 1KwDYMJMS4xq3ZEWYfdBRwYG2fHwhZsipa
Joric
Member
**
Offline Offline

Activity: 67


View Profile
April 01, 2012, 02:34:54 PM
 #9

SEC defines three types: 0x00 = point at infinity, 0x02 and 0x03 = compressed, 0x04 = uncompressed

02 basically means even y-point, 03 means odd y-point, thus:

uncompressed pubkey = chr(4) + 32-byte x + 32-byte y
compressed pubkey = chr(1 + (y & 1)) + 32-byte x

Also see http://github.com/joric/pywallet (I updated it recently, now it supports compressed keys).

Using OpenSSL you just have to set point conversion via EC_KEY_set_conv_form().

1JoricCBkW8C5m7QUZMwoRz9rBCM6ZSy96
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!