Bitcoin

Address

• Format
  • P2PKH which begin with the number 1, eg: 1BvBMSEYstWetqTFn5Au4m4GFg7xJaNVN2 (case sensitive)
  • P2SH type starting with the number 3, eg: 3J98t1WpEZ73CNmQviecrnyiWrnqRhWNLy (case sensitive)
  • Bech32 type starting with bc1, eg: bc1qar0srrr7xfkvy5l643lydnw9re59gtzzwf5mdq (case insensitive)
• single use for each transaction
• can be generated offline in batch
  • HD wallet can generate a "seek token" which can be used to allow untrusted systems to generate unlimited number of addresses without ability to spend the received bitcoins
• mistyped address most likely be rejected (instead of collide with another) 1/2^32

Transaction

• input output
  • input : reference previous transaction outputs (addresses) (require signature)
  • output: new outputs (addresses)
  • SUM(input) = SUM(output & fee)
  • both input output can have multiple accounts involved
• change
  • when transaction output is input of another transaction, it must be spent in entirety
  • change : new bitcoin address to receive the change

Wallet

• balance = SUM(all unspent outputs)
• Sign message
  • prove wallet holder's agreement to a message
    • some service dedicate a special address for authentication only
  • sign an address to prove one receives with an address
• Hierarchical Deterministic (HD) Wallet
  • strongly recommended for safety reasons
  • is a system of deriving keys from a single starting point (BIP32 seed, or master extended key)
  • only needs to be backed up once
    • typically using a mnemonic phrase (human readable serialization)
    • can deterministically regenerate the same private keys
  • allow creation of public addresses without knowledge of private key
  • certain types of deterministic wallet (BIP0032, Armory, Coinkite & Coinb.in) additionally
    • allow for complete separation of private and public key creation
    • server (untrusted) only know the Master Public Key (MPK) of the wallet
    • can create as many as necessary public keys
    • but not allow spend even with knowledge of MPK
  • types
    • 1 : SHA256(starting_string + string_n), does not support MPK
    • 2: BIP0032 (implemented in TREZOR, Electrum, CarbonWallet):
      • seed: 128bit random, used after 100,000 rounds of SHA256
    • Armory deterministic wallet
      • root key + chain code
        • older: backup both root key & chain code
        • newer: (0.89+) root key derives chain code