All articles
EVM address checksum in Trezor Suite
Ethereum addresses are unique identifiers used in the Ethereum blockchain to send and receive transactions, interact with smart contracts, and hold your ETH or tokens. They consist of 42 characters, comprising a prefix 0x followed by 40 hexadecimal characters (i.e., the numerals 0-9, and the letters a-f). However, these addresses are case-insensitive, which means they can be written in either lowercase or uppercase.
To improve the readability and security of Ethereum addresses, a checksum mechanism was introduced in Ethereum Improvement Proposal 55 (EIP-55).
The checksum is designed to protect against common typing errors when manually entering or copy-pasting an address. This helps ensure that an Ethereum address is correctly formatted and reduces the risk of sending funds to an incorrect or non-existent address due to a typo.
The checksum uses a case-mixing technique based on the hash of the address. Here’s how it works:
1. Lowercase address: Start with the address in its lowercase form, without the 0x prefix.
2. Keccak-256 hash: Compute the Keccak-256 hash of this lowercase address.
3. Apply case-mixing: For each character in the original address:
- If the corresponding character in the hash is greater than or equal to 8, the original address character is converted to uppercase.
- Otherwise, it remains in lowercase.
- Of course, we cannot write decimal digits in uppercase, so they remain the same.
4. Resulting checksummed address: The final address with the checksum applied will have a mixture of uppercase and lowercase letters, for example:
Error Detection: If a user mistakenly modifies an address or inputs it incorrectly, the checksum mechanism increases the chance that the error will be detected. Trezor Suite will flag an address as invalid if the case-mixing does not match the checksum rules.
Improved Security: By helping to prevent errors, the checksum reduces the risk of funds being sent to the wrong address, providing an extra layer of security when making transactions.
To improve the readability and security of Ethereum addresses, a checksum mechanism was introduced in Ethereum Improvement Proposal 55 (EIP-55).
The checksum is designed to protect against common typing errors when manually entering or copy-pasting an address. This helps ensure that an Ethereum address is correctly formatted and reduces the risk of sending funds to an incorrect or non-existent address due to a typo.
How does EIP-55 work?
The checksum uses a case-mixing technique based on the hash of the address. Here’s how it works:1. Lowercase address: Start with the address in its lowercase form, without the 0x prefix.
2. Keccak-256 hash: Compute the Keccak-256 hash of this lowercase address.
3. Apply case-mixing: For each character in the original address:
- If the corresponding character in the hash is greater than or equal to 8, the original address character is converted to uppercase.
- Otherwise, it remains in lowercase.
- Of course, we cannot write decimal digits in uppercase, so they remain the same.
4. Resulting checksummed address: The final address with the checksum applied will have a mixture of uppercase and lowercase letters, for example:
0x32Be343B94f860124dC4fEe278FDCBD38C102D88
Trezor Suite checks whether an address has been used before (i.e., has a transaction history). If the address is not checksummed (i.e., all lowercase) and has been used before, it will automatically be checksummed. If the address is not checksummed and has never been used, Suite will display the following warning:
The address can then be checksummed by pressing the Convert to checksum button. If the address has an incorrect checksum, it will be invalid.
Benefits of EIP-55
Error Detection: If a user mistakenly modifies an address or inputs it incorrectly, the checksum mechanism increases the chance that the error will be detected. Trezor Suite will flag an address as invalid if the case-mixing does not match the checksum rules.Improved Security: By helping to prevent errors, the checksum reduces the risk of funds being sent to the wrong address, providing an extra layer of security when making transactions.