[Ethereum] Why are the last 20 bytes of the public key used as the address

addressescryptographypublic-key

According to this post regarding how to derive the Ethereum address from a public key:

Take the last 40 characters / 20 bytes of this public key
(Keccak-256). Or, in other words, drop the first 24 characters / 12
bytes. These 40 characters / 20 bytes are the address. When prefixed
with 0x it becomes 42 characters long.

My question is why the last 20 bytes (as opposed to something other than 20), is it an arbitrary decision or is there an underlying mathematical purpose to it?

Best Answer

Full public keys aren't really that useful in Ethereum*, as they don't serve any practical use. Taking the last 20 bytes is a:

Heuristic aimed to simplify the management of the key; that is, copy and pasting, checksums or confirmations over the phone in large transfers.
Pre-empting security mechanism. Hashing functions are broken every other decade or so, hence cutting the full public key is a great extra layer of defense. Satoshi did the same in Bitcoin, as the address is hashed twice: SHA-256 and RIPEMD-160 (if one gets broken, you still have the other one as a shield).

*You could use Ethereum for sending messages, but why would you? It's expensive and you could use PGP.

Related Solutions

[Ethereum] How public key is recovered for signature verification

The public key is recovered from the signature. The address can then be derived from the recovered public key.

See this post for why that is possible.

[Ethereum] Generating an address from a public key

This program computes your address given a public key. In your case it returns "0xd09d3103ccabfb769edc3e9b01500ca7241d470a" as address

const assert = require('assert');
const EC = require('elliptic').ec;
const keccak256 = require('js-sha3').keccak256;

async function main() {
  try {
    const ec = new EC('secp256k1');

    // Decode public key
    const key = ec.keyFromPublic('025f37d20e5b18909361e0ead7ed17c69b417bee70746c9e9c2bcb1394d921d4ae', 'hex');

    // Convert to uncompressed format
    const publicKey = key.getPublic().encode('hex').slice(2);

    // Now apply keccak
    const address = keccak256(Buffer.from(publicKey, 'hex')).slice(64 - 40);

    console.log(`Public Key: 0x${publicKey}`);
    console.log(`Address: 0x${address.toString()}`);
  } catch (err) {
    console.log(err);
  }
}

main();

If you have the private key you can replace ec.keyFromPublic('025f...', 'hex') with ec.keyFromPrivate('4444...', 'hex') and should output the same address.

Best Answer

Related Solutions

[Ethereum] How public key is recovered for signature verification

[Ethereum] Generating an address from a public key

Related Topic