Why are Ethereum addresses hashes of public keys?
Clash Royale CLAN TAG#URR8PPP
up vote
6
down vote
favorite
I understand how Ethereum addresses are generated. This thread has a great explanation: How are ethereum addresses generated?
However, what this explanation is missing is why a hash is used.
There is a related post with no convincing answer:
Relationship between Ethereum Address and public key
Aside from the point that addresses based on hashes are shorter, a commonly given argument is that the hashing provides additional security in case of a compromisation of the elliptic curve cryptography. In case of Bitcoin, I can sort of see the point of that (as it discourages address reuse), but in Ethereum, addresses are designed to be reused and public keys are revealed with every transaction, so "hiding" them using hashes seems rather pointless.
Even in this post by a Bitcoin Core Developer it is argued that hashing is probably unnecessary.
Disregarding the potentially increased usability of shorter addresses, if one were to design a new blockchain, is there any reason to use addresses based on hashes instead of compressed public keys?
addresses cryptography hash
edited Aug 26 at 7:08
eth♦
50.4k26183290
asked Aug 22 at 5:48
graup
24317
add a comment |Â
up vote
6
down vote
favorite
I understand how Ethereum addresses are generated. This thread has a great explanation: How are ethereum addresses generated?
However, what this explanation is missing is why a hash is used.
There is a related post with no convincing answer:
Relationship between Ethereum Address and public key
Aside from the point that addresses based on hashes are shorter, a commonly given argument is that the hashing provides additional security in case of a compromisation of the elliptic curve cryptography. In case of Bitcoin, I can sort of see the point of that (as it discourages address reuse), but in Ethereum, addresses are designed to be reused and public keys are revealed with every transaction, so "hiding" them using hashes seems rather pointless.
Even in this post by a Bitcoin Core Developer it is argued that hashing is probably unnecessary.
Disregarding the potentially increased usability of shorter addresses, if one were to design a new blockchain, is there any reason to use addresses based on hashes instead of compressed public keys?
addresses cryptography hash
edited Aug 26 at 7:08
eth♦
50.4k26183290
asked Aug 22 at 5:48
graup
24317
add a comment |Â
up vote
6
down vote
favorite
up vote
6
down vote
favorite
I understand how Ethereum addresses are generated. This thread has a great explanation: How are ethereum addresses generated?
However, what this explanation is missing is why a hash is used.
There is a related post with no convincing answer:
Relationship between Ethereum Address and public key
Aside from the point that addresses based on hashes are shorter, a commonly given argument is that the hashing provides additional security in case of a compromisation of the elliptic curve cryptography. In case of Bitcoin, I can sort of see the point of that (as it discourages address reuse), but in Ethereum, addresses are designed to be reused and public keys are revealed with every transaction, so "hiding" them using hashes seems rather pointless.
Even in this post by a Bitcoin Core Developer it is argued that hashing is probably unnecessary.
Disregarding the potentially increased usability of shorter addresses, if one were to design a new blockchain, is there any reason to use addresses based on hashes instead of compressed public keys?
addresses cryptography hash
edited Aug 26 at 7:08
eth♦
50.4k26183290
asked Aug 22 at 5:48
graup
24317
I understand how Ethereum addresses are generated. This thread has a great explanation: How are ethereum addresses generated?
However, what this explanation is missing is why a hash is used.
There is a related post with no convincing answer:
Relationship between Ethereum Address and public key
Aside from the point that addresses based on hashes are shorter, a commonly given argument is that the hashing provides additional security in case of a compromisation of the elliptic curve cryptography. In case of Bitcoin, I can sort of see the point of that (as it discourages address reuse), but in Ethereum, addresses are designed to be reused and public keys are revealed with every transaction, so "hiding" them using hashes seems rather pointless.
Even in this post by a Bitcoin Core Developer it is argued that hashing is probably unnecessary.
Disregarding the potentially increased usability of shorter addresses, if one were to design a new blockchain, is there any reason to use addresses based on hashes instead of compressed public keys?
addresses cryptography hash
edited Aug 26 at 7:08
eth♦
50.4k26183290
asked Aug 22 at 5:48
graup
24317
edited Aug 26 at 7:08
eth♦
50.4k26183290
edited Aug 26 at 7:08
eth♦
50.4k26183290
edited Aug 26 at 7:08
eth♦
50.4k26183290
50.4k26183290
asked Aug 22 at 5:48
graup
24317
asked Aug 22 at 5:48
graup
24317
asked Aug 22 at 5:48
graup
24317
24317
add a comment |Â
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
5
down vote
accepted
Indeed, ethereum's address reuse renders the "protection against an ecc public key attack" argument null.
For externally owned accounts, using the public key directly would likely not result in any issues, or major security problem.
The only reason I can think of where hashing is helpful is to maintain parity between externally owned accounts and internal accounts (contracts). Contracts are not linked to private keys, and the contract address is instead calculated as a hash based on the creating address and the transaction nonce.
For a naive case, this could be replaced by a hash of a public key and nonce, but contracts can be deployed by other contracts, which would not easily expose a public key.
At this point, it is more of a design choice than a security choice.
answered Aug 22 at 6:46
Raghav Sood
1,9351216
> "Indeed, ethereum's address reuse renders the public ecc argument null." I don't think it does in that if there is a security advantage, you can still take advantage of it by not reusing a particular address, even if that isn't the most common way of using Ethereum.
– Edmund Edgar
Aug 22 at 7:07
@EdmundEdgar Sure, but there are few scenarios where you could actually do that practically. Ethereum is structured in a manner which assumes address reuse (contract interactions, especially).
– Raghav Sood
Aug 22 at 7:10
Thanks, I hadn't thought about the contract address case.
– graup
Aug 22 at 8:05
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
5
down vote
accepted
Indeed, ethereum's address reuse renders the "protection against an ecc public key attack" argument null.
For externally owned accounts, using the public key directly would likely not result in any issues, or major security problem.
The only reason I can think of where hashing is helpful is to maintain parity between externally owned accounts and internal accounts (contracts). Contracts are not linked to private keys, and the contract address is instead calculated as a hash based on the creating address and the transaction nonce.
For a naive case, this could be replaced by a hash of a public key and nonce, but contracts can be deployed by other contracts, which would not easily expose a public key.
At this point, it is more of a design choice than a security choice.
answered Aug 22 at 6:46
Raghav Sood
1,9351216
> "Indeed, ethereum's address reuse renders the public ecc argument null." I don't think it does in that if there is a security advantage, you can still take advantage of it by not reusing a particular address, even if that isn't the most common way of using Ethereum.
– Edmund Edgar
Aug 22 at 7:07
@EdmundEdgar Sure, but there are few scenarios where you could actually do that practically. Ethereum is structured in a manner which assumes address reuse (contract interactions, especially).
– Raghav Sood
Aug 22 at 7:10
Thanks, I hadn't thought about the contract address case.
– graup
Aug 22 at 8:05
add a comment |Â
up vote
5
down vote
accepted
Indeed, ethereum's address reuse renders the "protection against an ecc public key attack" argument null.
For externally owned accounts, using the public key directly would likely not result in any issues, or major security problem.
The only reason I can think of where hashing is helpful is to maintain parity between externally owned accounts and internal accounts (contracts). Contracts are not linked to private keys, and the contract address is instead calculated as a hash based on the creating address and the transaction nonce.
For a naive case, this could be replaced by a hash of a public key and nonce, but contracts can be deployed by other contracts, which would not easily expose a public key.
At this point, it is more of a design choice than a security choice.
answered Aug 22 at 6:46
Raghav Sood
1,9351216
> "Indeed, ethereum's address reuse renders the public ecc argument null." I don't think it does in that if there is a security advantage, you can still take advantage of it by not reusing a particular address, even if that isn't the most common way of using Ethereum.
– Edmund Edgar
Aug 22 at 7:07
@EdmundEdgar Sure, but there are few scenarios where you could actually do that practically. Ethereum is structured in a manner which assumes address reuse (contract interactions, especially).
– Raghav Sood
Aug 22 at 7:10
Thanks, I hadn't thought about the contract address case.
– graup
Aug 22 at 8:05
add a comment |Â
up vote
5
down vote
accepted
up vote
5
down vote
accepted
Indeed, ethereum's address reuse renders the "protection against an ecc public key attack" argument null.
For externally owned accounts, using the public key directly would likely not result in any issues, or major security problem.
The only reason I can think of where hashing is helpful is to maintain parity between externally owned accounts and internal accounts (contracts). Contracts are not linked to private keys, and the contract address is instead calculated as a hash based on the creating address and the transaction nonce.
For a naive case, this could be replaced by a hash of a public key and nonce, but contracts can be deployed by other contracts, which would not easily expose a public key.
At this point, it is more of a design choice than a security choice.
answered Aug 22 at 6:46
Raghav Sood
1,9351216
Indeed, ethereum's address reuse renders the "protection against an ecc public key attack" argument null.
For externally owned accounts, using the public key directly would likely not result in any issues, or major security problem.
The only reason I can think of where hashing is helpful is to maintain parity between externally owned accounts and internal accounts (contracts). Contracts are not linked to private keys, and the contract address is instead calculated as a hash based on the creating address and the transaction nonce.
For a naive case, this could be replaced by a hash of a public key and nonce, but contracts can be deployed by other contracts, which would not easily expose a public key.
At this point, it is more of a design choice than a security choice.
answered Aug 22 at 6:46
Raghav Sood
1,9351216
edited Aug 22 at 9:16
answered Aug 22 at 6:46
Raghav Sood
1,9351216
answered Aug 22 at 6:46
Raghav Sood
1,9351216
answered Aug 22 at 6:46
Raghav Sood
1,9351216
1,9351216
> "Indeed, ethereum's address reuse renders the public ecc argument null." I don't think it does in that if there is a security advantage, you can still take advantage of it by not reusing a particular address, even if that isn't the most common way of using Ethereum.
– Edmund Edgar
Aug 22 at 7:07
@EdmundEdgar Sure, but there are few scenarios where you could actually do that practically. Ethereum is structured in a manner which assumes address reuse (contract interactions, especially).
– Raghav Sood
Aug 22 at 7:10
Thanks, I hadn't thought about the contract address case.
– graup
Aug 22 at 8:05
add a comment |Â
> "Indeed, ethereum's address reuse renders the public ecc argument null." I don't think it does in that if there is a security advantage, you can still take advantage of it by not reusing a particular address, even if that isn't the most common way of using Ethereum.
– Edmund Edgar
Aug 22 at 7:07
@EdmundEdgar Sure, but there are few scenarios where you could actually do that practically. Ethereum is structured in a manner which assumes address reuse (contract interactions, especially).
– Raghav Sood
Aug 22 at 7:10
Thanks, I hadn't thought about the contract address case.
– graup
Aug 22 at 8:05
> "Indeed, ethereum's address reuse renders the public ecc argument null." I don't think it does in that if there is a security advantage, you can still take advantage of it by not reusing a particular address, even if that isn't the most common way of using Ethereum.
– Edmund Edgar
Aug 22 at 7:07
> "Indeed, ethereum's address reuse renders the public ecc argument null." I don't think it does in that if there is a security advantage, you can still take advantage of it by not reusing a particular address, even if that isn't the most common way of using Ethereum.
– Edmund Edgar
Aug 22 at 7:07
@EdmundEdgar Sure, but there are few scenarios where you could actually do that practically. Ethereum is structured in a manner which assumes address reuse (contract interactions, especially).
– Raghav Sood
Aug 22 at 7:10
@EdmundEdgar Sure, but there are few scenarios where you could actually do that practically. Ethereum is structured in a manner which assumes address reuse (contract interactions, especially).
– Raghav Sood
Aug 22 at 7:10
Thanks, I hadn't thought about the contract address case.
– graup
Aug 22 at 8:05
Thanks, I hadn't thought about the contract address case.
– graup
Aug 22 at 8:05
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fethereum.stackexchange.com%2fquestions%2f57151%2fwhy-are-ethereum-addresses-hashes-of-public-keys%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
