Bitcoin Private Key
Think of Bitcoin as an open messaging system secured by public key cryptography secured through digital message signatures created with a unique private key. In contrast to systems protected by username and password logins, this single point of access – a private key – means it is critical to securely generate, use and store it. A basic understanding of the private key can protect you from loss or theft – but it also provides insight into how Bitcoin works.
While Bitcoin is usually considered to be digital cash, in reality, it is a secure messaging system built on the Internet that, instead of sending texts, emails, etc. – the Bitcoin network processes “value-transfer messages” called transactions. These transactions are authenticated and identified with the help of private keys.
When someone (Sue) uses Bitcoin to pay another person (Tom), a transaction is created to identify Tom as the payee. Then Sue publishes the transaction to the Bitcoin network. Sue identifies both herself and Tom in the transaction without using a “trusted authority” and prevents others from altering her transaction or forging others in her name because Bitcoin uses “public key cryptography”.
Public key cryptography uses two prices of information to authenticate messages: a public key identifies a sender or recipient – and can be given to others. A private key creates an unforgeable message signature and must be kept secret. The public and private keys are mathematically linked through a signature algorithm – a mathematical procedure for creating identities, signing messages, and validating signatures.
What exactly is a private key?
The Bitcoin private key is a number that, for practical purposes, is essentially infinite. If one could process one trillion private keys per second, it would take more than one million times the age of the universe to count them all, making it infeasible to map this vast keyspace. The chance of someone finding one private-key via brute-force is a number with 48 zeros on the right side.
Because private keys contain many digits, an alternative called Wallet Import Format (WIF) was created to make it easier to copy and use – but it is just another way of representing the original private key. For added security, private keys are also sometimes encrypted. Decrypting a private key encoded in this manner requires the password that was set when it was encrypted.
How is a private key used?
Bitcoin requires that each transaction bear a digital signature to prevent forgery. Like a private key, this signature is just a number selected from a very large range that is generated by wallet software to mathematically process the transaction together with the correct private key.
Anyone can authenticate a message (transaction) with a signature and public key. However, to produce a valid message (transaction) the private key matching the published private key must be used – making digital signatures practically impossible to forge. A transaction signature changes unpredictably if the transaction changes even slightly, thus only the person in possession of the private key can provide the correct signature.
The important point to realize is that digitally signed messages (transactions) can be quickly and inexpensively checked for authenticity.
How does one secure a private key?
Private keys are most vulnerable when they are stored or transmitted, which means selection of a wallet is important. A Bitcoin wallet is like your bank account, it is used to store, send and receive Bitcoins. The public key is used to send and receive, but the private key gives you access to your “account” which can be classified as either a HOT or COLD storage wallet. Wallet software hides the process of generating, using and storing private keys so understanding security and how they interact with chosen software is important.
HOT wallet refers to any type of online storage wallet, meaning it is accessible via a web portal and therefore is susceptible to hacking.
COLD wallet refers to any type of offline storage, meaning it is more secure because hackers do not have access to physically stored wallets.
There are four types of Bitcoin wallets:
- Software Wallets – these are hot wallets that require download of software to create and use either on a desktop or mobile devices. Some software clients require downloading the Blockchain and others do not. As many wallets as you want can be created using these apps, but they are only as secure as the device on which they are stored. Malware can steal your wallet information, so security precautions should be taken.
- Online Wallets – these are the easiest to use and the least recommended because the user does not hold the private keys for funds stored. While you can sign up, create a wallet, access it from any Internet-connected device, and easily make transactions – your private keys are stored on another server of which you have no control, that could be hacked. Online wallets should only be used for making small transactions – not holding a large number of Bitcoins.
- Paper Wallets – these are more secure than software or online wallets simply because the private keys are physically printed on paper, making this a cold wallet option. Once a paper wallet is printed, using it simply requires you to add the public-private key combination into an existing wallet service. While more secure in some ways, paper can easily be torn, damaged or destroyed – so making multiple copies and storing them in multiple secure locations is vital. Should someone gain possession of your paper wallet – they own your Bitcoin.
- Hardware Wallets – these are considered the most secure option for storing Bitcoin. These cold storage devices are USB shaped and are plugged into a computer only while making a transaction. They are secure from computer malware because they generate private keys offline, on the actual device vs. on your computer. They can be secured with a passcode so even if stolen, the thief could not access the device – you’d simply buy and set up a new one, enter the proper “word seeds” (human-readable representations of your private key), passcode, and access your coins again. The most important practice using a hardware wallet is to safely and securely store your access codes and word seeds. Of all the wallet options, a hardware wallet requires payment to buy the device – but the peace-of-mind and security are worth every penny.
All in all, one could think of software and online wallets for use same as the wallet in your pocket or purse – for walking-around spending. You would never keep your life savings in an ordinary wallet, and the same holds true for your Bitcoin. Any valid transaction using a valid signature is accepted by the Bitcoin network. Therefore, any person in possession of a private key can sign a transaction and steal your bitcoins.
It is also important to realize that your bitcoins are not stored in wallets – either hot or cold ones. Your bitcoin is stored on the blockchain as balances and transactions. Should you lose a hardware wallet, you can restore your private key on another wallet that supports word seeds, gain access to your funds, and move on.
How are Public and Private Keys generated?
A public key is obtained by subjecting a private key to a set of mathematical operations known as Elliptic Curve Cryptography (ECC) wherein a private key is an integer, a public key is a 2D coordinate composed of two integers, and to make it easier to process – the public key is transformed into a single value.
Each step is irreversible and is a function that is easy to perform in one direction, but practically impossible to perform in the opposite direction – thus is very secure.
PRIVATE key –––> PUBLIC key –––> ADDRESS
Private keys and public keys can be shortened to make them more usable and easier to copy.
An address results from applying a multi-step transformation to a public key.
No network is needed at any point to generate a private key or the corresponding address. All computers on the Bitcoin network know about the mathematical relationship between public and private keys, and the vast private key space ensures that any properly-selected key will be unique.
Private keys are an essential part of Bitcoin and, while wallet software hides the need to handle them, it is important to understand how they work and their importance to avoid loss of funds.