Part One of a Three-Part Series
Private keys: An overview
In many ways, owning cryptocurrency comes down to merely holding a private key. Unlike in the “real” world, where owning physical property usually involves possessing a deed with your name on it or having a receipt of sale, owning is equivalent to knowing in the crypto world. In simpler terms, knowing a private key is equivalent to owning crypto assets, since private keys are what enable you to authorize transactions with them.
In the real world, transactions are usually authorized with your signature. However, in the crypto world, only private keys can authorize them, cryptographically, granting access to funds. Although anyone can generate a transaction involving your crypto assets, only the person in possession of the private key can sign, and thus validate, the transaction.
Although fake signatures are a problem in the real world, the crypto world is protected by its underlying cryptography nature. As of today, no known hack allows someone to sign transactions on your assets without your key.
What are private keys, and how are they generated?
Private keys are numbers within a specific range, usually very large. From a mathematical perspective, a private key is just a random positive integer. A more technical and accurate description, however, would be: A private key is a cryptographically strong random number that has been obtained using a random number generator given a defined positive range.
Most of the time, computers use pseudorandom number generators (PRNGs) to generate these random positive integers. (True random number generators are hard to come by; these generators often require specialized hardware and use physical sources such as thermal noise in electrical circuits or the precise timing of Geiger counter clicks.) PRNGs are cryptographically strong functions seeded with a value that has enough entropy. Entropy is a complex concept, but its objective is simple: to provide unpredictability to functions. By using secure entropy sources, PRNGs can create numbers that are extremely unlikely to not be random (within a given, acceptable range).
The range given to a PRNG to securely create a valid Ethereum or Bitcoin private key is 2^256–1 (imagine a combination lock of the numbers 0–9, which is 78 digits long). Due to the size of this range, the probability of generating two private keys with the same number is negligible. The set of integers your key is selected from is a massive number—it is roughly the same as the total number of visible atoms in the universe.
Public keys, addresses, and their relationship to private keys
Since private keys are meant to be kept . . . well . . . private, we need a different mechanism to allow other individuals to find our assets and for us to find theirs. As a result, all blockchains use the concept of addresses—unique numbers derived from your private key. These addresses are the location of your crypto assets and can be shared with whomever you need to know your crypto assets’ balance (if you want to).
A blockchain address is created using your public key to ensure you are the owner of the address in question. In turn, this public key is generated from your private key. This process is unidirectional, which means you can use a private key to create an account, but not an account to guess a private key.
Private keys can derive public keys, and public keys can derive blockchain addresses. However, blockchain addresses cannot be used to derive their public keys, and public keys cannot be used to derive their private keys.
This unidirectional process is done via cryptographic trapdoor functions. A trapdoor function is a one-way function that can only generate its value based on a specific input, and it cannot be used to derive the original input from it. It’s like knowing how to bake a cake and having a rough idea of what is in a cake; yet it’s impossible to tell the exact ingredients of a specific cake from tasting it alone.
Depending on the blockchain ecosystem, these one-way functions vary. For instance, most popular blockchain systems use elliptic curve-based algebraic constructions to generate their public keys. Independently of these characteristics, the outcome is always deterministic: a public key is unique to its corresponding private key, and the private key always generates the same public key.
Blockchain addresses also use one-way functions, called hash functions. Bitcoin and Ethereum addresses are created from one or more cryptographically strong hashing functions over your public key, in addition to specific mathematics depending on the particular blockchain. Because of how these hashing operations work, you can be confident to an almost absolute degree that your blockchain address is unique to your public key, and thus, to your private key.
The universal language of math keeps our secrets
The cryptography and mathematics behind private keys are the reason why our crypto assets are safe—as long as we keep our keys secure. As of today, it is impossible to find and brute force any blockchain address connected to your private keys due to the fact that it would cost more energy than is stored by the sun.
In our next blog, we will look at popular blockchain ecosystems and some of the math behind public key generation. We’ll provide some code examples for you to try calculating the keys from the process each blockchain describes and using existing libraries that make the generation process easier. Stay tuned!