Bitcoin uses public and private keys to secure bitcoin transactions and ensure your bitcoin are only accessible to you.

Bitcoin isn’t a physical asset, rather it exists as digital records of transactions on the blockchain. Owning an amount of bitcoin simply means there’s a transaction on the blockchain to an address in which you control the ability to spend.

If you can spend it, you own it.

Spending bitcoin can only be done using the private key that corresponds to the correct public key for the bitcoin in question. You can think of private and public keys like a locked mailbox. The private key is like the master key that opens the mailbox, giving exclusive access and control over its contents. The public key is like the locked mailbox itself, which anyone can see and deposit mail into, but which nobody except for the master key-holder can open.

• Private key: The secret key to “unlock” your bitcoin and authorize spending
• Public key: The public code that can be shared with others so they can send you bitcoin

When you use a custodial Bitcoin wallet, like Strike, the private keys are held for you on your behalf, giving you indirect control over spending your bitcoin. Taking self-custody of your bitcoin means you are sending your bitcoin to an address to which you control private keys directly, a process that comes with added benefits and responsibilities. Self-custody is all about self-sovereignty–taking exclusive control over your money.

What is a private key?

A private key is simply a very large, secret number used to authorize transactions.

Specifically, a private key is a unique 256-bit number, meaning it’s a number between 0 and 2²⁵⁶ or 1.1579 X 10⁷⁷ ( aka ~115 quattuorvigintillion). In Bitcoin, this number is typically represented in hexadecimal format: 64 characters with numbers from 0-9 and capital letters A-F, resulting in private key that might look something like this:

E8C5F60C6CCCD437D71597401C6A808F96C5EE74AEA6C4BCD8F24883A0DFC858

(This example private key is for illustrative purposes only. Remember, you should never share or expose your private key because it's used to to spend your bitcoin.)

Many modern self-custodial Bitcoin wallets will generate and manage your private keys within the wallet. The process for generating private keys starts by using randomness (aka “entropy”) to create a seed phrase – a sequence of 12 to 24 words selected from a standardized list. The unique seed phrase is then used to create a seed, then master key, then subsequent private keys to be used for making transactions. To summarize:

• Seed phrase: The unique sequence of 12 to 24 random words that are the source from which keys can be generated or recovered should your wallet be lost or destroyed.
• Seed: The unique sequence of characters derived from the seed phrase, which is used to generate the master key.
• Master key: A unique key derived from the seed, which is used to generate one or more private keys.
• Private keys: Unique 256-bit numbers stored in your wallet’s software, derived from the master key, and which are used to create public keys and authorize transactions.

This entire process is known as hierarchical deterministic or “HD” wallets. It allows multiple hierarchies of private keys to be created from a single source, including private keys generated from private keys, and ensures that the same keys can always be recreated given the same starting point (aka “deterministic"). This simplifies wallet backup and recovery, while offering greater flexibility in key management.

When you set up a self-custodial Bitcoin wallet, the wallet’s software will typically generate your seed phrase and prompt you to write it down. Your wallet will then generate and manage your private keys from your unique seed phrase, letting you easily authorize transactions in the wallet app without needing to view or manage your private keys directly.

Controlling access to your wallet app and your seed phrase is how you assert control over your private keys when taking self-custody. The most important thing to remember concerning your private keys and seed phrase, is that they must be kept secret and secure, since they are used to spend your bitcoin.

What is a public key?

A public key is a unique code generated from a private key, which can be shared publicly without compromising the secrecy of the private key. Public keys are generated using industry-standard cryptographic “one-way functions”, (aka elliptic curve cryptography), which means that while it’s easy to generate a public key from a private key, there is no known way to do the reverse.

Public keys are used for receiving bitcoin and are foundational in the creation of Bitcoin addresses. A Bitcoin address is just a shorter, more efficient, and human-readable version of a public key. When you want to receive bitcoin, your wallet’s software can easily generate a Bitcoin address from one of your public keys, which you can give to your friend to send you bitcoin.

When it comes time to spend your bitcoin, your wallet software uses the private key that corresponds to the public key that was used to receive the funds and generates a digital signature to authorize the transaction. This digital signature combines the uniqueness of the private key and a cryptographic summary of the transaction itself. Most importantly, signatures can be verified using only the public key without exposing the private key itself.

What this all means is that if you control your private keys, then you can generate Bitcoin addresses to receive bitcoin, and only you can spend those bitcoin by authorizing transactions with a digital signature created using your private key.

How are public and private keys used in bitcoin transactions?

Bitcoin transactions follow the UTXO model (Unspent Transaction Outputs), which means that each peer-to-peer transaction has inputs (the source) and outputs (the destination).

Each amount of bitcoin you own is the output of a previous transaction, which was sent to a Bitcoin address generated from one of your public keys. In order to spend that bitcoin you must sign the transaction using the private key associated with the public key used to receive it. This is why keeping your private keys secret and secure when self-custodying bitcoin is critical.

Here’s a step-by-step example of Alice sending 1 bitcoin to Bob:

1. Requesting an address: Alice requests Bob’s Bitcoin address. The address is generated from one of Bob’s public keys, which is derived from one of his private keys.
2. Creating the transaction: Using her Bitcoin wallet, Alice creates a transaction by entering Bob’s Bitcoin address, the amount to send, and her desired fee rate.
3. Managing UTXOs: Alice’s wallet software selects the inputs and outputs.
   • Inputs: A UTXO of 0.5 bitcoin and a UTXO of 0.75 bitcoin
   • Outputs: A UTXO of 1.0 bitcoin to Bob’s Bitcoin address and a UTXO of 0.249 bitcoin to one of Alice’s own Bitcoin addresses (aka a “change” address)
   • Difference: The difference of 0.001 bitcoin goes to the miner as the fee
4. Signing the transaction: Alice’s wallet software creates a digital signature and signs the transaction using the transaction’s data and the private keys that match the public keys of the UTXO she is spending.
5. Broadcasting to the network: The signed transaction is broadcast to the Bitcoin network.
6. Verifying the transaction: Miners on the network verify the transaction by checking the digital signature against Alice’s public key (derived from the address), thereby ensuring that the legitimate owner of the bitcoin has authorized the spend.
7. Mining: When a miner finds a winning hash, the miner groups the transaction with other valid transactions into a block, which is broadcast to the Bitcoin network.
8. Adding the transaction: Nodes receive the new block of transactions and confirm its validity before adding that block to their copy of the blockchain.