Bitcoin’s address system has undergone significant evolution since its inception in 2009 and mainstream emergence in 2013. From simple public-key-based addresses to advanced cryptographic constructs like Taproot, the journey reflects a continuous push toward efficiency, security, and privacy. This guide explores how Bitcoin addresses are generated, the different types in use today—legacy, SegWit, and Taproot—and the underlying mechanisms that power modern wallet systems.
How Are Bitcoin Public Keys Generated?
At the core of every Bitcoin address lies a cryptographic keypair: a private key and its corresponding public key. The private key is a randomly generated number that must remain secret. Using elliptic curve multiplication, this private key is mathematically transformed into a public key. This process is deterministic—meaning the same private key will always produce the same public key.
Once the public key is derived, it undergoes hashing (using SHA-256 and RIPEMD-160) and encoding (typically Base58Check or Bech32) to create a human-readable Bitcoin address. This final output is what users share to receive funds.
👉 Discover how secure key generation powers scalable blockchain applications
What Are Deterministic Wallets?
A Bitcoin wallet isn’t just a single key—it’s typically a collection of keypairs used for sending and receiving transactions. Early wallets generated random, independent private keys for each transaction. While this reduced address reuse, it introduced a major risk: losing any single key meant losing access to funds permanently.
Modern wallets use deterministic wallets, particularly hierarchical deterministic (HD) wallets, which derive all keys from a single root seed. This seed is usually represented as a mnemonic phrase—a sequence of 12 to 24 easy-to-remember words. As long as you have this seed, you can regenerate your entire wallet, including all past and future addresses.
This advancement drastically improves security and usability. Even if device data is lost, recovery is possible with the seed phrase alone.
BIP 39 and Mnemonic Phrases
Most Bitcoin wallets today follow BIP 39, a standard that defines how mnemonic phrases are created and converted into binary seeds. These seeds then feed into BIP 32, which outlines the hierarchical derivation path for generating child keys. Together, they form the backbone of HD wallets used by popular tools like Trezor, Ledger, Electrum, and Mycelium.
The use of standardized derivation paths ensures interoperability across wallets—meaning you can recover your funds on a different device using the same seed phrase.
Legacy Bitcoin Addresses
The earliest Bitcoin addresses are known as legacy addresses, recognizable by their "1" prefix (e.g., 1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa). These rely on two primary transaction types: P2PKH and P2SH.
P2PKH (Pay-to-Public-Key-Hash)
P2PKH was the original method for sending Bitcoin. In this model, funds are locked to the hash of a public key. When Alice receives BTC from Bob, the transaction output is tied to her public key hash. To spend it, she must provide both her full public key and a digital signature proving ownership of the corresponding private key.
While secure, P2PKH transactions include signature data within the main transaction block, increasing size and cost.
P2SH (Pay-to-Script-Hash)
P2SH allows funds to be sent to the hash of a custom script rather than a public key. This enables advanced features like multi-signature wallets, where multiple parties must sign off before funds can be moved. The spender reveals the full script and satisfies its conditions when redeeming the funds.
Despite being more flexible, P2SH still contributes to blockchain bloat due to embedded script data.
SegWit Addresses: A Step Toward Efficiency
Launched in 2017, the Segregated Witness (SegWit) upgrade addressed scalability and malleability issues by separating ("segregating") signature data ("witness" data) from the main transaction data.
This change introduced two new address formats:
P2WPKH (Pay-to-Witness-Public-Key-Hash)
Functionally similar to P2PKH but optimized for SegWit, P2WPKH stores signatures in a separate witness field. This reduces transaction size and lowers fees—often by 25–40% compared to legacy transactions. These addresses start with "bc1q" and use Bech32 encoding.
P2WSH (Pay-to-Witness-Script-Hash)
P2WSH serves the same purpose as P2SH but benefits from SegWit’s efficiency gains. It supports complex scripts while reducing on-chain data footprint. Like P2WPKH, it uses witness fields for signature storage.
To ensure backward compatibility, nested SegWit addresses (P2SH-P2WPKH) were introduced—they appear as P2SH addresses ("3...") but unlock SegWit capabilities. However, native SegWit (bech32) remains the most efficient option.
👉 See how next-gen wallet infrastructure simplifies Bitcoin integration
The Taproot Upgrade: Privacy and Scalability Combined
Activated in November 2021, Taproot represents one of Bitcoin’s most impactful upgrades since SegWit. It enhances privacy, reduces fees, and unlocks advanced smart contract capabilities through three core proposals: BIP 340 (Schnorr Signatures), BIP 341 (Taproot), and BIP 342 (Tapscript).
P2TR (Pay-to-Taproot) Addresses
P2TR addresses—prefixed with "bc1p"—are the newest address type enabled by Taproot. They allow complex transactions (like multi-sig or time-locked contracts) to appear indistinguishable from simple single-signature transfers. This obfuscation significantly improves user privacy.
Moreover, Taproot reduces data overhead, making transactions cheaper and more scalable.
Schnorr Signatures: The Engine Behind Taproot
Unlike Bitcoin’s original ECDSA signatures, Schnorr signatures offer superior cryptographic properties:
- Signature Aggregation: Multiple signatures can be combined into one, reducing transaction size.
- Linear Signatures: Enable safer multi-party signing schemes (e.g., MuSig).
- Smaller Size & Faster Verification: Improve network performance and lower costs.
For multi-signature setups, this means no longer exposing the number of participants—a major leap in privacy.
Frequently Asked Questions
Q: What’s the difference between a private key and a seed phrase?
A: A private key controls access to a single address. A seed phrase generates a root seed that can derive many private keys in an HD wallet.
Q: Which Bitcoin address type should I use today?
A: For new wallets, use native SegWit (bech32) or Taproot (P2TR) addresses. They offer lower fees and better privacy than legacy types.
Q: Can I send Bitcoin from a legacy address to a Taproot address?
A: Yes—Bitcoin transactions are interoperable across address types. However, sending to modern addresses saves on future spending fees.
Q: Why are Schnorr signatures more secure than ECDSA?
A: Schnorr signatures are provably secure under standard assumptions, resistant to certain attacks (like malleability), and support aggregation—features ECDSA lacks.
Q: Do all wallets support Taproot?
A: Not yet. Support is growing among software and hardware wallets, but older clients may not recognize P2TR addresses.
Q: Is my old wallet unsafe if it uses legacy addresses?
A: Security isn’t compromised, but you’ll pay higher fees and sacrifice privacy. Upgrading to SegWit or Taproot is recommended for new transactions.
👉 Explore enterprise-ready solutions for building with Bitcoin
Core Keywords
Bitcoin address, private key, public key, SegWit, Taproot, HD wallet, mnemonic phrase, Schnorr signature
By understanding these components—from key derivation to address formats—you gain deeper insight into how Bitcoin balances decentralization with usability. Whether you're developing applications or managing personal funds, leveraging modern standards ensures optimal performance, cost-efficiency, and long-term security.