When dealing with Ethereum, ensuring the accuracy of your addresses is crucial. Ethereum checksum validation is a nifty cryptographic feature that helps users verify their blockchain addresses, ensuring they are valid and free from typos. If you check your Metamask or any other Ethereum wallet address, for instance, you will notice a mix of letter capitalization.
Interestingly, every Ethereum address has two versions: a checksummed version that includes uppercase letters and a non-checksummed version that doesn't.
The checksummed version is a 42-character string, including the '0x' prefix and a mix of uppercase and lowercase letters. It uses a mix of uppercase and lowercase letters to encode a hash of the address itself. This format is also known as EIP-55, which stands for Ethereum Improvement Proposal 55. In contrast, the non-checksummed version is a simpler 40-character string that is entirely lowercase. This difference is not just aesthetics but is essential in enhancing security.
Interestingly, every Ethereum address has two versions: a checksummed version that includes uppercase letters and a non-checksummed version that doesn't.
The checksummed version is a 42-character string, including the '0x' prefix and a mix of uppercase and lowercase letters. It uses a mix of uppercase and lowercase letters to encode a hash of the address itself. This format is also known as EIP-55, which stands for Ethereum Improvement Proposal 55. In contrast, the non-checksummed version is a simpler 40-character string that is entirely lowercase. This difference is not just aesthetics but is essential in enhancing security.
How Ethereum Checksum Addresses Work
Base Address: Start with the original hexadecimal Ethereum address, which is a 40-character string composed of numbers (0-9) and lowercase letters (a-f).
Keccak-256 Hash: Compute the Keccak-256 hash (which is the same as SHA-3 hash) of the lowercase hexadecimal address, excluding the '0x' prefix. This hash results in a 64-character hexadecimal string.
Apply Checksum: For each character in the original lowercase address:
Compare it to the corresponding character in the first 40 characters of the Keccak-256 hash.
Determine if it's a letter ('a'-'f'). This can be checked by examining the corresponding 4*ith bit of the Keccak-256 hash.
If the 4*ith bit of the hash is 1, convert the letter to uppercase. In other words, If the hash character (interpreted as a hexadecimal number) is 8 or above, convert the corresponding address character to uppercase.
If the 4*ith bit of the hash is 0, keep the letter in lowercase. In other words, If the hash character is less than 8, keep the corresponding address character in its original lowercase form.
Below is an implementation of the checksum in JavaScript
