Hackernoon logoBasics of Paper Wallets by@soneshwar

Basics of Paper Wallets

Soneshwar Singh Hacker Noon profile picture

@soneshwarSoneshwar Singh

Adapt, Learn and Grow is my go-to strategy. Growing in blockchain field now.

Blockchain revolution has been increasing rapidly and cryptocurrencies are being used widely and wisely now. Any cryptocurrency transaction basically requires an address and a private key for sending or receiving. Did you know that you don’t require the address to be used or registered on the blockchain to receive funds in it or send from it. Let us dive deeper into the concepts of an address and private key to understand how exactly these work and learn all about paper wallets.

An address is a Base58 encoded string in case of Bitcoin and a 40 characters long Hexadecimal (Base16) number in Ethereum. Any address for a blockchain ecosystem is derived by a private key after passing it through specific mathematical operations that are standards for any hashing algorithm. Due to this the address and private key combination can be generated locally without any internet connectivity if you follow the pattern of creation of address for a specific blockchain. The algorithms used in the hashing are developed in such a way that there is a specific mathematical relation between the private and public key (later converted into address). This relation helps the blockchain to verify if a specific private key was used to sign the transaction that originated from a specific address, since you can share the private key to the verification process. Paper wallets are the wallets that are generated using the steps that the blockchain follows to generate an address on its ledger.

Paper wallets are provided by many websites that guarantee that everything is done locally and they are not sending your private key or any such sensitive data to the internet. The websites providing paper wallet even ask you to turn off the internet when creating a paper wallet or to download the site source locally and run it on local host to develop the address so that your data is safe and you do not have to trust something from unknown origin. You can develop a paper wallet with few simple lines of code and I will be giving an example based on bitcoin address creation.

Step 1 for creating a bitcoin address is to create a private key. Now, since SHA256 is a standard hashing algorithm, it does not matter which coding language you prefer, you can find the libraries for SHA in all available languages. SHA256 is a one way hashing technique and it is impossible to reverse the hashed value. You will have to try all possible inputs and match the outputs to the produced hash to get the input values for the hashed value. If you put the same inputs through the SHA you will always get same outputs and this is the beauty of it and the reason of its multiple use cases in blockchain. To create a private key you either generate a random hash using the KeyGenerator libraries available in your language or you can choose a group of Words or a passphrase picked at random and pass it through the SHA256 function. No matter the size of input it will always produce a value that is 64 characters in length or less which can be fixed by leading ‘0’s. It will be a hexadecimal number where every 2 characters represent 8 bits or a byte hence 64 characters make a total of 256 bits (where the SHA256 got its name from).

Next step involves the private key to be converted into bytes array and have it passed through an elliptic curve multiplication algorithm which in this case is secp256k1. This again is a mathematical calculation we need not worry ourselves with, since the functions will be available in your languages security or cryptography providers (libraries). This algorithm is a one way encryption and the inputs i.e the private key can not be recovered by the public key. This will be the public key that we derived from the private key and this public key will later be used for generating the address.

Now the next bit might be a little confusing so I will try to explain it as clearly as I can. Bitcoin’s old standard for address generation was P2PKH which is “pay to public key hash”. As the name suggests it is a simple hash of the public key derived and pay to meaning that this hash can be used as an address. After many soft forks i.e software upgradations and to provide better security and new features, Bitcoin blockchain has moved to a newer standard for address generation that was later called P2SH or “Pay to Script Hash”. As the name suggests the hash is not of the public key like in P2PKH but it is a script hash.

To generate a P2PKH key you have to get Hash160(combination of SHA256 and RIPEMD160) of the public key. First the public key is hashed using SHA256 followed by RIPEMD160 of the hashed value. This will decrease the number of bits in the output of the RIPEMD160 from 256 bits to 160 bits. Now, as you have seen that 8 written in binary is 1000 but 8 in decimal. 16 is 16 in decimal while ‘F’ in Hexadecimal(Base16). You understand the pattern that higher the base value for number lower are the number of digits for a value. So if we donate numbers bigger than 16 by a single character the number of characters in the address will be smaller and so will be the confusion and fear of missing out any character.


Value “20” can be denoted as “14” in hexadecimal since hexadecimal contains 16 values from 0 to 15 in a single character denoted by (0–9, A-F). If we increase the alphabet characters till the character ‘K’ we get ourselves the value of 20 as ‘K’.

Now we have higher bases too in the encoding formats and we have Base64 which contains from 0–9, A-Z,a-z and +,/. So A-Z give the first 26 characters and a-z in small letters give another 26 values amounting to a total of 52 characters. Now 0–9 give you another 10 characters and adding ‘+’ and ‘/’ finally makes a total of 64 characters denoting values from 0–63 making Base64. Since bitcoin or any blockchain addresses can not be used if private keys are not with you, sending funds to a wrong address may make it impossible to recover that bitcoins in your lifetime and maybe in 2 lifetimes because the chances of someone getting that address are very less. So the addresses need to be handled carefully and to take necessary precautions Bitcoin developers reduced the Base64 to Base58 by removing some confusing characters. Combinations like ‘0’ and ‘O’, small ‘L’ and ‘I’ etc are few examples. They removed one of the pairs to reduce confusion and finally got down to 58 distinct characters, still a good way to reduce a lengthy address.

Now you have the 160 bits of a Hash160 type and all you have to do is encode the address by Base58 to generate a small address that is easier to understand while the address is still holding a mathematical relation with the public key which is in fact derived from the private key. Needless to get into details of the relation, it is established that any transaction signed by a private key can always be verified by a public key or an address. You just append a 0x00 to the Hash160 before encoding to Base58. In P2SH format the whole step is the same but before Base58 encoding you prepend 0x05 instead so that the updated nodes can still work with the older addresses and be able to identify the different addresses. There are other forms of addresses as well for Segwit but these are the widely used address formats that we have talked about.

Soneshwar Singh Hacker Noon profile picture

@soneshwarSoneshwar Singh

Read my stories

Adapt, Learn and Grow is my go-to strategy. Growing in blockchain field now.


Join Hacker Noon

Create your free account to unlock your custom reading experience.