SHA-256 and RIPEMD-160: the Role of Hashing in the Bitcoin Protocol
By mordom
A Bitcoin address is not a public key.
For most users, an address looks like a random string. Something you copy, paste, and use to receive funds.
But behind those characters lies a very precise chain of cryptographic transformations. Nothing is arbitrary. Each step exists for a specific reason: security, compactness, resilience, and long-term protection.
This is where SHA-256 and RIPEMD-160 come into play.
They are often mentioned together, almost as if they were two versions of the same tool. In reality, they are part of a much more interesting logic: Bitcoin uses multiple layers of hashing not to make things more complex, but to reduce risk in a structured and intentional way.
Understanding this mechanism helps reveal what Bitcoin addresses really are: not “random codes”, but the final result of a process designed to hide, compress, and protect sensitive information.
The common misunderstanding
A very widespread belief is this:
“A Bitcoin address is just the public key in another format.”
It sounds reasonable. Both are used to receive bitcoin. Both can be shared publicly. And both derive from the same private key.
But they are not the same thing.
The public key is a complete cryptographic object. The address, instead, is a transformation of the public key. More precisely: a hashed and reworked version of it.
It is similar to the difference between having the full blueprint of a lock and having only an external identifier that allows its use without revealing its internal mechanism.
Bitcoin does not take the public key and “reformat it”. Instead, it passes it through multiple layers of hashing before turning it into a usable address.
And this is exactly where many people stop digging deeper. They see the final result, but not the process behind it.
What a hash really is
The word “hash” is often explained in an unnecessarily academic way. In practice, three properties are enough.
- First: same input, same output. If you feed SHA-256 the same data today or in ten years, you will always get the same result. It is deterministic.
- Second: you cannot realistically reverse it. A hash is not reversible cryptography. There is no “decryption” of a hash. It is a one-way transformation.
- Third: even the smallest change completely changes the output. A single different letter produces a completely different hash. Not “similar”. Completely different.
Imagine a digital wax seal: if someone modifies even a single detail of the original content, the seal changes entirely and the tampering becomes obvious.
Hashing exists exactly for this purpose: to create digital fingerprints of data, not to hide it like an encrypted password, but to represent it in a way that is verifiable and hard to manipulate.
SHA-256 and RIPEMD-160 accept inputs of any size.
It can be a single word, a public key, or an entire Bitcoin block of hundreds of kilobytes: the output is always fixed-length.
SHA-256 always produces:
- 256 bits
- 32 bytes
- typically represented as 64 hexadecimal characters
RIPEMD-160 instead produces:
- 160 bits
- 20 bytes
- represented as 40 hexadecimal characters
Hashes are almost always shown in hexadecimal format: numbers from “0” to “9” and letters from “a” to “f”.
There are no capital letters, readable words, or human structure. Even two nearly identical inputs produce completely different outputs.
The hidden path from public key to address
When a wallet generates a Bitcoin address, the actual process is far less direct than it seems.
The private key generates a public key. This then passes through SHA-256. The result is then processed by RIPEMD-160. Only after that do additional steps lead to the final address format.
This process is known as HASH160:
- SHA-256 of the public key
- followed by RIPEMD-160
In the meantime, Bitcoin is doing several things at once:
- reducing direct exposure of the public key
- creating more compact identifiers
- adding verification layers
- preparing data for address encoding
The key point is this: the address is the final result of a transformation pipeline.
It is not the public key “written differently”.
Why Bitcoin uses SHA-256 and RIPEMD-160 together
At this point the question becomes natural: why does Bitcoin use two consecutive hash functions instead of just one?
The answer is a combination of security, practicality, and cryptographic diversification.
The first step uses SHA-256, the core engine of the Bitcoin ecosystem. It is an extremely robust hash function used almost everywhere in the protocol.
When a public key is hashed with SHA-256, the result does not directly reveal the original key. This already reduces public key exposure on the blockchain.
Bitcoin then applies RIPEMD-160.
The most immediate advantage is compactness: RIPEMD-160 produces shorter outputs, making addresses more practical to use.
But there is also another important aspect.
Using two different algorithms reduces dependency on a single hash function. Even though SHA-256 is considered extremely secure, Bitcoin distributes cryptographic trust across multiple layers.
The final result is a system that:
- does not directly expose the public key
- produces more compact identifiers
- avoids relying on a single cryptographic algorithm
SHA-256: The Hidden Engine of Bitcoin
Many people associate SHA-256 only with addresses. In reality, it is almost everywhere.
Bitcoin mining revolves around SHA-256.
The block hash used in proof of work is computed by applying SHA-256 twice in sequence to the block header. This mechanism is known as double SHA-256.
Transaction IDs are also typically generated using double SHA-256.
The Merkle tree structures used inside blocks work by recursively hashing pairs of transactions until a single final hash remains, representing all transactions contained in the block.
Even the integrity of the blockchain depends on hashing: each block contains the hash of the previous block. Changing even a single bit would break the entire chain that follows.
SHA-256 is not just used to “hide data”. It is used to link, identify, verify, and make it extremely expensive to alter information.
Hashing is a core structural layer of the Bitcoin protocol.
Why not use the public key directly?
At this point the question naturally arises:
if the public key already exists, why transform it at all?
The first answer is security: exposing as little information as possible is almost always a good idea in cryptographic systems.
The second is practicality: full public keys are longer, harder to handle, and less efficient as everyday identifiers.
Addresses are a more compact representation, better suited for real-world use.
But there is also a more subtle reason.
Bitcoin separates the idea of a “spendable public identity” from the actual public key. It introduces an intermediate layer.
This means the address acts as a reference to the public key, not the public key itself.
Where hashing appears everywhere in Bitcoin
Once you start noticing it, hashing is everywhere:
Transaction IDs are hashes.
Blocks are identified through hashes.
Merkle trees are structures built entirely by concatenating hashes.
Address checksums derive from hashing processes and are used to detect typing or copy errors.
Even modern seed phrases rely on mechanisms derived from hashing.
In the BIP39 standard, mnemonic words are transformed into the final binary seed through PBKDF2 (Password-Based Key Derivation Function 2), a system that repeatedly applies hash functions to make brute-force attacks significantly more expensive.
Bitcoin continuously takes data, transforms it into hashes, and uses those digital fingerprints to build verification and trust without central authorities.
Common mistakes
One of the most widespread misconceptions is that hashing and cryptography are the same thing.
They are not. Classical cryptography is used to protect data that must be decryptable. Hashing, on the other hand, is primarily used to verify integrity and create identifiers that are difficult to reverse.
Another mistake is believing that SHA-256 and RIPEMD-160 are interchangeable.
They are not “two versions of the same algorithm.” Bitcoin uses them together precisely because they have different properties and roles.
And then there is the most important misconception: “address = public key”.
False. The address is the result of multiple transformations applied to the public key.
Conclusion
A Bitcoin address looks like a random string.
But behind those characters lies a precise sequence of transformations designed to do much more than “create a code”.
SHA-256 and RIPEMD-160 are not decorative details of the protocol. They are part of how Bitcoin protects information, reduces unnecessary exposure, and builds trust through mathematical verification.
And above all: an address is not a public key. It is the result of multiple layers of hashing designed to represent that key without exposing it directly.
Every time you copy a Bitcoin address, you are looking at the result of multiple hashing layers designed to protect something you are not supposed to see directly.
Final technical notes
The public key hash is not yet the final address you see in your wallet.
After HASH160, Bitcoin adds other elements:
- a prefix that identifies the address type
- a checksum to detect errors
- a human-readable encoding
In older Bitcoin addresses (legacy), the format used is Base58Check.
This is why these addresses:
- often start with
1 - avoid ambiguous characters like
0,O,I, andl
Modern native SegWit addresses (bc1...) use Bech32 instead, a format designed to be:
- more efficient
- less error-prone
- easier to verify
Among the most important properties of hash functions are:
- preimage resistance: computational infeasibility of deriving the original input from its hash
- collision resistance: extreme difficulty of finding two different inputs that produce the same hash
These properties are what make hashing fundamental to Bitcoin’s security.
If you care about how Bitcoin security works under the hood, BitVault is built around the same principle: simple primitives, composed carefully, to protect real users. Learn more at BitVault page.