Basics of Crypto Security
It's not hard to understand the high level of how private and public keys play their role in crypto wallets, and how they relate to seed phrases.
May 12 2021
When embarking on the journey of owning and managing your own cryptocurrency, the array of choices and number of new concepts may seem overwhelming. Cryptocurrency wallets make the process of managing your own cryptocurrency relatively straightforward - but there are some common terms and basic concepts that you should understand. In this article, we will summarize what encryption keys are, and how they are related to seed phrases and software wallets.
A cryptocurrency wallet generates encryption keypairs from a seed phrase, and then uses those keys to perform crypto transactions.
Although there may be many pairs of encryption keys in a wallet (to support varied wallet addresses), there is one "master" key pair.
Private keys are used to digitally sign crypto transactions.
Public keys are used to associate crypto with a blockchain address.
How are Seed Phrases and Keys related?
At its core, a cryptocurrency wallet is a secure container for your "private key." But what does that mean, and is it the same thing as the seed phrase? The answer is that they are closely related, but are not exactly the same.
A cryptocurrency wallet produces, or optionally, you give it, a BIP39 seed phrase, which you always keep securely backed up. From that seed phrase, the wallet software mathematically calculates a master private key and master public key. It is this master private key that is what people commonly refer to as your cryptocurrency "private key." If a cryptocurrency wallet is lost or destroyed, this original seed phrase can allow a new wallet to re-generate the private and public keys, and thus re-gain access to your cryptocurrency. This high-level view gives you an understanding of what your private key is, the relationship between your seed phrase and your private key, and why it is so important to back up your seed phrase.
Be aware that there can be more than one set of private and public keys: if you are using a Hierarchical Deterministic Wallet (HD Wallet), which most modern wallets are, your wallet will produce a large number of private/public keypairs that can be used to perform individual cryptocurrency transactions that preserve your privacy and security. Fortunately, the wallet handles that detail for you, and your single seed phrase (and wallet passphrase, if you chose to add one) will restore all of your private keys when needed.
How do private and public keys work?
Cryptocurrency wallets use standard encryption software to generate unique encryption keypairs, and then use those unique keys to perform secure identification and authorization of your crypto transactions. The term "keypair" is used because cryptocurrency uses a type of encryption called asymmetric encryption - also known as public-key encryption, or Public Key Infrastructure (PKI). Asymmetric encryption relies on two unique keys that work as a related pair. This type of encryption is called public-key encryption because of the way it is used: one key must be kept private, while the other can safely be shared publicly.
The wallet uses the private key to digitally sign cryptocurrency transactions. This digital signature added with a private key is like a stamp of authenticity: the related public key can be used to verify that only the holder of the private key could have signed that transaction, and that the transaction was not tampered with after it was signed.
There is another interesting role that the public key plays: cryptocurrency wallets use a hashed value of the public key to identify the location on the blockchain network where a private key owner may receive cryptocurrency payments - so when you share your payment address with someone who will pay you in cryptocurrency, you are actually giving them a form of your public key, which tells the blockchain network where to pay you - it acts as an accounts receivable address.
What are "Quick Response" (QR) codes?
Either the private or the public key can be represented as a QR barcode. Depending on the wallet holder's intent, they can either publish a public key QR code to ask people to pay them there, or they can choose to send individual people a unique public key QR code where they would like to be paid. It is very important never to publish the QR code for a private key - if a private key QR code is generated at all, it should only be retained as part of a secure private key backup strategy!
Related Articles Around the Web