Log In Get Started

Public vs Private Keys

Fundamentals / Crypto & Blockchain Beginner 12 min read Updated Jan 19, 2026
Isometric illustration of a hardware wallet signing a transaction, deriving a public key and address, and network nodes verifying the signature.

Digital signatures link private authorization to public verification across the network.

Public and private keys are the backbone of blockchain systems. They provide a way to prove control over digital assets without relying on a central authority. Understanding what each key does, how they work together, and how they appear in real applications removes much of the mystery around wallets, addresses, and transactions.

1. Why Keys Matter in Crypto Systems

Blockchains maintain a shared ledger that no single party controls. The ledger must accept valid transactions while rejecting unauthorized ones. Without passwords or account managers, the system needs a method to verify that the person attempting to move funds has the right to do so. Public key cryptography supplies that verification mechanism.

With a key pair, the private key authorizes actions by producing a digital signature, and the public key allows anyone to verify that the signature is genuine. This arrangement removes the need to trust an intermediary and enables open participation in the network.

2. Asymmetric Cryptography in Brief

Public key cryptography is called asymmetric because it uses two different keys that play complementary roles. A private key is a large, random number kept secret. A public key is derived from the private key through a one way mathematical function. The one way property means that deriving the private key from the public key is computationally infeasible with current knowledge and computing resources.

In many fields, public key cryptography is used both for encryption and for digital signatures. Blockchains rely primarily on digital signatures. A signature proves that the holder of a private key authorized a specific message. Network participants use the corresponding public key to verify the signature automatically.

3. The Private Key

Definition. A private key is a secret number that grants control over an on chain account or address. If a transaction is signed with that private key, the network will recognize it as authorized.

Generation and randomness. Private keys are typically generated from high quality randomness, known as entropy. The security of a key depends heavily on the quality of the randomness used to create it. Weak randomness can allow an attacker to guess a key or reconstruct it from patterns. At common key sizes, pure brute force guessing is not practical, which is why implementation quality and randomness are central concerns.

Seed phrases and hierarchical keys. Many wallets use a mnemonic seed phrase, often 12 or 24 words, defined by standards such as BIP39. The seed initializes a hierarchical deterministic wallet, which can derive many private keys from a single root. The derived keys follow paths defined by standards such as BIP32 and BIP44. This design allows one backup to reproduce a large set of addresses. The seed phrase is not an additional password. It is a human readable representation of the root secret.

Custody models. In noncustodial settings, the end user controls the private key. In custodial settings, a service provider holds the private key on behalf of the user. Institutional custodians may split control across multiple parties or devices, using techniques such as multisignature schemes, hardware security modules, or multiparty computation.

4. The Public Key

Definition. A public key is derived from a private key and can be shared widely. It is used to verify signatures or, in some systems, to derive addresses. Sharing a public key does not reveal the private key.

Verification. When a transaction is sent to the network, it carries a signature created with the private key. Nodes reconstruct or reference the public key and verify that the signature matches the transaction data. If it matches, the network accepts that the private key holder authorized the action.

Curves and algorithms. Many blockchains use elliptic curve algorithms. Bitcoin uses ECDSA over the secp256k1 curve. Solana and some others use Ed25519. Ethereum uses ECDSA over secp256k1 and applies the Keccak hash function in address derivation and message hashing. The details differ, but the core idea is the same. The public key allows anyone to verify that a signature could only have been created by the corresponding private key holder.

5. Addresses and Their Relationship to Keys

An address is a shorter identifier used to receive assets. It is not always the same as the public key. Many systems derive the address by hashing the public key and encoding it for usability and error detection.

Bitcoin. A Bitcoin address is typically generated by hashing the public key and then representing it in an encoding such as Base58Check or Bech32. The hashing step means the public key is not revealed until the first spend. This adds a modest privacy and security benefit by reducing direct exposure of the public key before it is needed on chain.

Ethereum. An Ethereum address is the last 20 bytes of the Keccak hash of the public key. It is commonly displayed in hexadecimal. Some wallets use a checksum capitalization scheme, sometimes referred to as EIP 55 formatting, to help detect typing errors.

Practical view. In daily use, people share addresses rather than public keys. The address is where assets can be sent. The private key, or a derived child key in a hierarchical wallet, is used to authorize activity from that address or account.

6. What a Digital Signature Does in a Transaction

A blockchain transaction is a structured message that encodes what the signer intends to do. The signer uses their private key to generate a digital signature over the message. Verification proceeds as follows.

First, the transaction is hashed using a function such as SHA 256 or Keccak 256. Second, the private key algorithm produces signature values that depend on both the message hash and the private key. Third, other nodes take the message hash and the public key to verify the signature mathematically. If valid, the transaction is accepted for propagation and possible inclusion in a block.

Two features deserve emphasis. The signature binds to the exact message content. Any change to amounts, destinations, or parameters will change the hash and invalidate the signature. In addition, because verification uses only the public key, any node can check validity without learning the private key.

Illustrative example

Suppose Alice wants to send funds to Bob. She constructs a transaction that specifies Bob’s address, the amount, and the fee parameters. Her wallet signs the transaction with Alice’s private key. The network verifies the signature using the public key and confirms that the funds she controls are sufficient. If all checks pass, miners or validators may include the transaction in a block. At no point does Alice reveal her private key to the network.

7. Why Public and Private Keys Exist in Blockchains

Blockchains aim to coordinate agreement without a central gatekeeper. Keys make it possible to express ownership and authorization in that setting.

Ownership without custodian. A private key is a portable proof of control. It allows the holder to authorize moves of assets recorded on a public ledger that anyone can audit. The public key enables universal verification without calling a help desk or trusting a specific server.

Nonrepudiation and accountability. A valid signature binds an action to a specific key pair. Participants can verify that a transaction was authorized by the relevant key holder. This supports accountability in a permissionless environment.

Open participation. Anyone can generate a key pair and begin receiving assets. No account application is required. This property underlies the pseudonymous nature of many crypto systems, where the address is the public facing identifier.

8. How Keys Fit into the Broader Market Structure

Key management influences every layer of the crypto market.

Retail wallets. Consumer software and hardware wallets implement seed phrases, key derivation, and signing flows. They present addresses as QR codes and hold private keys locally, often within secure enclaves or dedicated hardware. Some solutions integrate biometric or device PINs as local access controls. These local controls restrict access to the wallet application but do not change the underlying cryptographic model.

Exchanges and custodians. Centralized platforms aggregate user deposits into controlled addresses. They often employ hardware security modules, segregated hot and cold storage, and approval workflows. Institutional providers may use multisignature arrangements or multiparty computation to distribute key control across multiple operators or data centers. These practices are designed to reduce single point risk in large scale custody.

Miners and validators. Block producers maintain keys that sign blocks or attestations. On proof of stake networks, validator signing keys and withdrawal keys are often separated to limit the blast radius of a compromise. Double signing or key misuse can lead to penalties, so key segregation and operational processes are central to validator operations.

Smart contracts and DeFi protocols. Protocol upgrades, parameter changes, and treasury movements often require signatures from predefined keys or multisignature wallets. Administrative authority is expressed cryptographically. Governance frameworks may distribute control across multiple signers to balance agility with restraint.

Enterprise adoption. Businesses that process crypto payments or hold tokenized assets integrate key management into internal controls, audit trails, and compliance tooling. Change management and incident response frequently center on how keys are created, stored, accessed, and retired.

9. Addresses, Messages, and Approvals in Practice

Not every signature moves funds. Many applications ask users to sign messages to authenticate, approve allowances, or authorize contract interactions.

Authentication. Some websites request a signature to prove control of an address during login. The site sends a challenge message, the wallet signs it, and the site verifies the signature with the public key. This flow provides account binding without passwords. Typed data standards, such as EIP 712 in the Ethereum ecosystem, structure the message so the wallet can show human readable fields before signing.

Token approvals. ERC 20 tokens on Ethereum use allowances. A user signs a transaction approving a smart contract or a service to spend up to a limit from the user’s balance. The approval is itself a transaction that requires a signature from the private key. Later transfers by the contract use that allowance according to the rules of the token and contract.

NFT interactions. Minting, listing, or transferring nonfungible tokens involves signatures as well. Marketplaces may prepare orders off chain that the user signs. On chain settlement contracts verify the signature before executing the trade logic.

10. Common Algorithms and Data Flows

ECDSA and EdDSA. Bitcoin and Ethereum commonly use ECDSA. Solana and others may use Ed25519, a form of EdDSA. Both provide compact signatures and fast verification. In ECDSA, signature values often appear as r and s. Reusing randomness in ECDSA can reveal the private key, which is why robust randomness is essential in wallets. EdDSA designs use deterministic randomness derived from the message and key to avoid that class of failure.

Hashing and chain identifiers. Before signing, transactions are hashed. Networks often embed a chain identifier and a nonce to protect against replay, which means a signature valid on one chain or account cannot be reused on another context.

Revealing public keys. On Bitcoin, the public key is revealed when spending from a typical address. On Ethereum, the public key can be recovered from the signature and transaction data. This is used by nodes to verify that the transaction was authorized by the account owner.

11. Security Assumptions and Failure Modes

Brute force infeasibility. With standard key sizes and modern curves, brute forcing a private key from a public key is not practical. The effective key space is astronomical. Real compromises usually arise from implementation flaws, social engineering, or system intrusion rather than raw mathematics.

Random number quality. Weak randomness during key generation or signature creation can expose keys. Historical incidents have involved repeated or predictable nonces in ECDSA signatures that allowed attackers to compute private keys. High quality randomness is a central engineering requirement.

Software and hardware risks. Malware, clipboard hijacking, supply chain tampering, or side channel leaks can undermine key security. QR codes and addresses can be swapped if the display or channel is compromised. Hardware wallets and secure enclaves attempt to isolate private keys from general purpose operating systems. Enterprise custodians often rely on hardware security modules or MPC to limit attack surfaces.

Social engineering and transaction intent. Users sometimes sign messages or transactions they do not fully understand. For example, an unlimited token approval can later allow a contract to move funds according to its logic. Typed data and clear signing interfaces help reduce ambiguity by presenting structured fields before signature.

Loss and finality. If a private key or its seed phrase is lost without a secondary recovery mechanism, assets controlled by that key become effectively inaccessible. There is no administrator who can reset a key on a public blockchain. Some systems and organizations address this risk with multisignature schemes, key shard arrangements, or social recovery designs that distribute authority over multiple parties.

12. Multisignature, MPC, and Shared Control

Multisignature wallets. A multisig wallet requires a threshold of signatures from a set of authorized keys to execute an action. For example, a 2 of 3 wallet can spend funds when any two keys sign. The logic is enforced by the blockchain through a smart contract or native script. Multisig helps distribute control and can reduce the impact of a single key compromise.

Multiparty computation. MPC avoids creating a single private key in one place. Instead, multiple parties each hold a share, and the signature is computed collectively without reconstructing the full key. This approach is used by some custodians to simplify operations and reduce concentration of risk. The tradeoffs differ from multisig because MPC typically presents a single public address on chain, while control is split off chain among parties.

13. Real World Context and Examples

Peer to peer transfer. Alice controls the private key for address A. Bob shares address B. Alice’s wallet prepares a transaction moving a specific amount from A to B, signs it with A’s private key, and broadcasts it. Network nodes verify the signature using the public key derived from A’s private key and confirm that the funds are available. If a miner or validator includes the transaction in a block, Bob’s address receives the funds.

Login without passwords. A publisher wants to authenticate returning users. The site serves a challenge message that includes a timestamp and a session identifier. The user signs the challenge with their private key. The publisher verifies the signature with the public key and records the session as authenticated for the corresponding address. No password database is needed.

Treasury controls. A project treasury sits in a multisig wallet managed by several contributors. Spending requires threshold approval. Each signer uses their own private key. The blockchain enforces the rule that a transfer is valid only when enough independent keys have approved it. This separates authorization from any single device or person.

Validator operations. On a proof of stake network, a validator signs attestations or blocks with a designated signing key. Operational policies separate this key from withdrawal or staking ownership keys. If the signing key is compromised, the validator can rotate keys or exit while keeping control of the staked funds with the withdrawal key.

14. Misconceptions to Avoid

Public keys do not reveal private keys. The derivation is one way. Sharing a public key or address is expected in normal operation.

Signatures do not encrypt. A signature proves authorization and integrity. It does not hide the content of a message. Most blockchain transactions are public by design. Some networks add separate encryption for privacy, but that is a distinct layer from signature verification.

Addresses are not usernames. An address uniquely identifies a destination on chain, but it does not represent a real world identity. Analytics can link addresses over time, yet the base model is pseudonymous rather than name based.

15. How Keys Enable Trust Minimization

Public and private keys let the network replace institutional trust with mathematical verification. Ownership is expressed through signatures. Authorization travels with the key rather than an account stored on a central server. Anyone can check the rules without privileged access. These properties support permissionless participation and composability across protocols, which together define much of the appeal of open blockchain platforms.

16. Looking Across Chains

While Bitcoin, Ethereum, and Solana differ in transaction formats and application layers, their security model rests on the same pillars. A private key authorizes. A public key verifies. Addresses route funds. Hashes bind signatures to exact message content. Consensus rules ensure that only valid, signed transactions are finalized. The consistency of these roles across networks makes key literacy a transferable skill for participants and developers.

17. Practical Reflections

In daily use, key pairs play several visible roles. Wallets display addresses, prepare and sign messages, and present prompts that summarize what a signature will authorize. Hardware devices isolate private keys from internet connected systems. Custodians and enterprises design workflows around separation of duties. Validators and protocol governors use keys to secure network operations and governance decisions. Across all these settings, the technical foundation remains the same. The private key confers authority, and the public key allows universal verification.

Key Takeaways

  • A private key is a secret number that authorizes actions on chain, while a public key enables anyone to verify those actions.
  • Addresses are user friendly identifiers derived from public keys or their hashes and are used for receiving assets.
  • Digital signatures bind exact message content to the signer’s key, enabling authorization without revealing the private key.
  • Keys underpin the broader market structure, from retail wallets and custodians to validators, smart contracts, and enterprise operations.
  • Security hinges on robust randomness, sound implementations, and operational controls rather than brute force resistance alone.

Continue learning

Back to scope

View all lessons in Crypto & Blockchain

View all lessons
Related lesson

Risks Unique to Forex

Related lesson

TradeVae Academy content is for educational and informational purposes only and is not financial, investment, or trading advice. Markets involve risk, and past performance does not guarantee future results.