In the last lesson we talked about keys, what they are, how they are used, and how they relate to each other.
In this lesson, you will learn how keys are related to addresses and how they together form the basis for externally owned accounts (EOAs).
In Part I, you learned that addresses are to a blockchain are like IPs are to the internet, but how are addresses related to keys?
An address is a 20 byte (160 bit) long integer that gets calculated from the public key and it can
look like this:
0xdd00Cc906B93419814443Bb913949d503B3DF3c4
The 0x usually indicates a hex number, and the length was chosen to allow for enough addresses in the future while still being short enough for everyday usage.
The public key gets hashed with Keccak-256 , and the first 20 bytes of this hash become the address for an EOA controlled by the related key pair.
Ethers comes with a few utility functions that allow you to create an address from a public key step by step.
The example comes with a random pair of keys, and you have to create the address yourself. Keep in
mind that the public key comes with a 0x04
prefix that indicates its in the
uncompressed version and is not part of the key.
The functions you need are:
ethers.utils.hexDataSlice()
to cut parts of the key and hash.ethers.utils.keccak256()
to create the hash that includes the address.
You can look at wallet.address
to check if the key is correct.
const keyWithoutPrefix = hexDataSlice(publicKey, 1) // remove 0x04 const hashedKey = keccak256(keyWithoutPrefix) const myAddress = hexDataSlice(hashedKey, 12) print(address) print(myAddress)
Ethereum uses letter casing in the address as a checksum. While the addresses work independently of casing, it is sometimes used to check the integrity of an address.
As the name implies, an EOA is an account that is controlled from outside the blockchain network. The private key that was used to create the address isn't on chain and the person owning it is also external to the blockchain network.
The arrows in figure 2 show who controls which address and where, in relation to the blockchain network, each controller is located.
The address controlled by an external private key is an EOA, the other addresses are controlled by smart contracts, and thus, not EOA.
Now, that we know how keys relate to addresses and what EOAs are, let's look at an example. Say you want to send tokens from one address to another.
You have to send your address, the target address, and the amount of tokens you want to spend, to the Ethereum network. You have to send your public key too, so the nodes on the network can verify that it's a legit transaction.
The transaction is checked for two facts.
Since your address is generated from your public key, the Ethereum nodes know if you send a key that doesn't belong to your address. They can run the hash algorithm on the public key, look at the first 20 bytes, and compare them to your address.
The next step is to verify that you also have the correct private key. Only private key owners can spend money of an address.
To check this, the nodes will send you a random message and you will sign it with the private key you used to generate the public key. Since they already have your public key, they can use it to check if your signature is correct. If you used the wrong private key to sign, this check will fail and your trasaction will be rejected.
There is still risk here. The Ethereum network will take any vaild address as a target for your transaction. If you make a typo, your funds may end up at an address that no one has a private key for and they are lost.
Receiving tokens is more easy, but doesn't come without risk either.
Anyone can send funds to any valid address. So, if someone knows your address, they can send you tokens, wether you like it or not.
The usual case is that you sold a good or service, and someone will pay you by sending tokens to your address. You have to make sure your address doesn't have any typos, but that's it.
Special cases are airdrops. When a project or person does an airdrop, it means they send tokens to addresses that have specific criteria. Like, used a service, or held a special NFT before some date.
Usually an airdrop is a good thing, because you get free tokens. But scammers use airdrops to phish you. They randomly send you some token which might lead you to investigate. You can end up on a suspicious site that asks you for your private key or to sign a scam transaction.
EOAs are addresses controlled by an external private key instead of a on-chain smart contract.
The relation between private key, public key, and address allows the blockchain network to verify all transactions can only come from controllers of the correct private keys.
Sending tokens around still bears the risk of typos. Also, when you lose your private key or it gets stolen, all tokens on that address are lost. This is especially crucial for developers! Make sure you always use private keys dedicated to development only, so if you accidentally upload them to a public code repository, nothing of value is stolen.
In the next lesson, you will learn about wallets and how to set up your own via Ethers.js.