User Rating 0.0 ★★★★★

Total Usage 0 times

Category Dev Generators

Private keys grant full control of funds. Never share them. This tool runs entirely offline in your browser.

Batch Mode

History

No addresses generated yet.

Is this tool helpful?

Your feedback helps us improve.

★ ★ ★ ★ ★

About

An Ethereum address is a 20-byte identifier derived from the last 20 bytes of a Keccak-256 hash of the public key. The public key itself is a point on the secp256k1 elliptic curve, computed by multiplying the generator point G by a 256-bit private key k. Mishandling key generation - using weak randomness, reusing keys, or exposing private material - results in permanent, irrecoverable loss of funds. There is no password reset on a blockchain. This tool performs real secp256k1 scalar multiplication and genuine Keccak-256 hashing entirely in your browser. No data leaves your machine. Addresses are encoded with EIP-55 mixed-case checksums to catch transcription errors.

Limitations apply. This generator assumes your browser provides cryptographically secure randomness via crypto.getRandomValues. It does not protect against compromised operating systems, clipboard hijackers, or screen-capture malware. For high-value storage, use dedicated hardware wallets. This tool is suitable for development, testing, and educational purposes. For production wallets holding significant value, verify generated keys against a second independent implementation before depositing funds.

Formulas

The private key k is a random integer sampled uniformly from the range [1, n − 1], where n is the order of the secp256k1 curve. The corresponding public key is the elliptic curve point:

Q = k ⋅ G

where G is the generator point of secp256k1. The uncompressed public key is serialized as 0x04 || Q_x || Q_y (65 bytes). The Ethereum address is then derived as:

addr = 0x || Keccak256(Q_x || Q_y)[12:]

The notation [12:] means taking bytes from index 12 to 31 (the last 20 bytes of the 32-byte hash). EIP-55 checksum encoding applies mixed-case formatting. Let h = Keccak256(lowercase(addr)). For each hex character addr[i]:

{

uppercase(addr[i]) if h[i] ≥ 8lowercase(addr[i]) if h[i] < 8

Where h[i] refers to the i-th nibble (4-bit value) of the hash. The secp256k1 curve is defined by y² ≡ x³ + 7 (mod p), where p = 2²⁵⁶ − 2³² − 977. Point addition uses standard affine coordinate formulas with modular inverse computed via Fermat's little theorem: a⁻¹ ≡ a^{p − 2} (mod p).

Reference Data

Parameter	Value	Description
Curve	secp256k1	Elliptic curve used by Ethereum and Bitcoin
Field Prime p	2²⁵⁶ − 2³² − 977	Prime modulus of the finite field
Curve Order n	FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141	Number of points on the curve
Generator G_x	79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798	x-coordinate of base point
Generator G_y	483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8	y-coordinate of base point
Private Key Size	256 bits (32 bytes)	Random integer in range [1, n − 1]
Public Key (Uncompressed)	65 bytes	Prefix 0x04 + x (32 bytes) + y (32 bytes)
Hash Function	Keccak-256	Pre-standardization SHA-3 variant (different padding than NIST SHA-3)
Address Length	20 bytes (40 hex chars + 0x prefix)	Last 20 bytes of Keccak-256 hash of public key
Checksum Standard	EIP-55	Mixed-case encoding for error detection
Keccak Rate	1088 bits	Sponge construction rate parameter
Keccak Capacity	512 bits	Sponge construction capacity parameter
Keccak Rounds	24	Number of permutation rounds
Curve Equation	y² ≡ x³ + 7 (mod p)	Short Weierstrass form with a = 0, b = 7
Cofactor	1	Every point (except identity) is a generator
Key Space	~2²⁵⁶	Approximately 1.16 × 10⁷⁷ possible keys
Collision Resistance	2¹²⁸	Birthday bound for 256-bit hash
Address Collision	2⁸⁰	Birthday bound for 160-bit address

Frequently Asked Questions

The private key is generated using the Web Crypto API's crypto.getRandomValues(), which provides cryptographically secure pseudorandom numbers seeded by the operating system's entropy pool (e.g., /dev/urandom on Linux, CryptGenRandom on Windows). The generated 256-bit value is validated to fall within the range [1, n − 1] where n is the secp256k1 curve order. Values of 0 or ≥ n are rejected and regenerated. This matches the security guarantees of hardware wallet random number generators.

Ethereum adopted Keccak-256 before NIST finalized SHA-3. The NIST standard (FIPS 202) changed the padding scheme from Keccak's original 0x01 suffix to 0x06. This means SHA3-256 and Keccak-256 produce different hash outputs for the same input. Using the wrong hash function will generate invalid Ethereum addresses. This tool implements the original Keccak-256 with 0x01 padding, exactly as specified in the Ethereum Yellow Paper.

Theoretically yes, because the address space is 160 bits (2¹⁶⁰ ≈ 1.46 × 10⁴⁸ possible addresses) while the key space is ~256 bits. By the pigeonhole principle, approximately 2⁹⁶ private keys map to each address. However, finding such a collision requires approximately 2⁸⁰ operations (birthday bound), which exceeds current computational capabilities by many orders of magnitude. The probability of randomly generating a collision is negligible.

EIP-55 encodes error detection directly into the address string using mixed-case hexadecimal. Each hex digit a-f is uppercased if the corresponding nibble in the Keccak-256 hash of the lowercase address is ≥ 8. This catches single-character transcription errors with approximately 99.986% probability (1 − 0.5¹⁵ for a typical address with 15 variable-case characters). It does not protect against adversarial attacks where someone deliberately crafts a similar-looking address.

Browser environments introduce attack surfaces not present in hardware wallets: browser extensions can read page content, clipboard hijackers can replace copied addresses, and compromised JavaScript CDNs can exfiltrate keys. This tool runs entirely offline with no external dependencies or network requests, mitigating most browser-specific risks. For wallets holding more than trivial value, verify the generated private key against a second independent implementation (e.g., Python's eth_keys library) and consider transferring to a hardware wallet for long-term storage.

Scalar multiplication computes k · G by iterating through up to 256 bits of the private key, performing point doubling at each step and conditional point addition. Each operation requires modular arithmetic on 256-bit integers, including modular inverse via exponentiation (Fermat's method: a^p−2 mod p). JavaScript's native BigInt handles this, but it is interpreted rather than compiled to constant-time machine instructions. Typical generation takes 20-100ms in modern browsers. Hardware wallet chips perform the same operation in under 1ms using dedicated silicon.