What are private keys and public keys?
The keys to secure and manage your bitcoin
Bitcoin uses public and private keys to secure bitcoin transactions and ensure your bitcoin are only accessible to you.
Bitcoin isn’t a physical asset, rather it exists as digital records of transactions on the blockchain. Owning an amount of bitcoin simply means there’s a transaction on the blockchain to an address in which you control the ability to spend.
If you can spend it, you own it.
Spending bitcoin can only be done using the private key that corresponds to the correct public key for the bitcoin in question. You can think of private and public keys like a locked mailbox. The private key is like the master key that opens the mailbox, giving exclusive access and control over its contents. The public key is like the locked mailbox itself, which anyone can see and deposit mail into, but which nobody except for the master key-holder can open.
When you use a custodial Bitcoin wallet, like Strike, the private keys are held for you on your behalf, giving you indirect control over spending your bitcoin. Taking self-custody of your bitcoin means you are sending your bitcoin to an address to which you control private keys directly, a process that comes with added benefits and responsibilities. Self-custody is all about self-sovereignty–taking exclusive control over your money.
A private key is simply a very large, secret number used to authorize transactions.
Specifically, a private key is a unique 256-bit number, meaning it’s a number between 0 and 2²⁵⁶ or 1.1579 X 10⁷⁷ ( aka ~115 quattuorvigintillion). In Bitcoin, this number is typically represented in hexadecimal format: 64 characters with numbers from 0-9 and capital letters A-F, resulting in private key that might look something like this:
E8C5F60C6CCCD437D71597401C6A808F96C5EE74AEA6C4BCD8F24883A0DFC858
(This example private key is for illustrative purposes only. Remember, you should never share or expose your private key because it's used to to spend your bitcoin.)
Many modern self-custodial Bitcoin wallets will generate and manage your private keys within the wallet. The process for generating private keys starts by using randomness (aka “entropy”) to create a seed phrase – a sequence of 12 to 24 words selected from a standardized list. The unique seed phrase is then used to create a seed, then master key, then subsequent private keys to be used for making transactions. To summarize:
This entire process is known as hierarchical deterministic or “HD” wallets. It allows multiple hierarchies of private keys to be created from a single source, including private keys generated from private keys, and ensures that the same keys can always be recreated given the same starting point (aka “deterministic"). This simplifies wallet backup and recovery, while offering greater flexibility in key management.
When you set up a self-custodial Bitcoin wallet, the wallet’s software will typically generate your seed phrase and prompt you to write it down. Your wallet will then generate and manage your private keys from your unique seed phrase, letting you easily authorize transactions in the wallet app without needing to view or manage your private keys directly.
Controlling access to your wallet app and your seed phrase is how you assert control over your private keys when taking self-custody. The most important thing to remember concerning your private keys and seed phrase, is that they must be kept secret and secure, since they are used to spend your bitcoin.
A public key is a unique code generated from a private key, which can be shared publicly without compromising the secrecy of the private key. Public keys are generated using industry-standard cryptographic “one-way functions”, (aka elliptic curve cryptography), which means that while it’s easy to generate a public key from a private key, there is no known way to do the reverse.
Public keys are used for receiving bitcoin and are foundational in the creation of Bitcoin addresses. A Bitcoin address is just a shorter, more efficient, and human-readable version of a public key. When you want to receive bitcoin, your wallet’s software can easily generate a Bitcoin address from one of your public keys, which you can give to your friend to send you bitcoin.
When it comes time to spend your bitcoin, your wallet software uses the private key that corresponds to the public key that was used to receive the funds and generates a digital signature to authorize the transaction. This digital signature combines the uniqueness of the private key and a cryptographic summary of the transaction itself. Most importantly, signatures can be verified using only the public key without exposing the private key itself.
What this all means is that if you control your private keys, then you can generate Bitcoin addresses to receive bitcoin, and only you can spend those bitcoin by authorizing transactions with a digital signature created using your private key.
Bitcoin transactions follow the UTXO model (Unspent Transaction Outputs), which means that each peer-to-peer transaction has inputs (the source) and outputs (the destination).
Each amount of bitcoin you own is the output of a previous transaction, which was sent to a Bitcoin address generated from one of your public keys. In order to spend that bitcoin you must sign the transaction using the private key associated with the public key used to receive it. This is why keeping your private keys secret and secure when self-custodying bitcoin is critical.
Here’s a step-by-step example of Alice sending 1 bitcoin to Bob:
© 2024 NMLS ID 1902919 (Zap Solutions, Inc.)