How To Use A Bitcoin Private Key

Individual keys have been function of Bitcoin from the beginning. Wallet software often tries to shield users from the need to direct handle and understand private keys. Nonetheless, most users somewhen come confront to confront with individual keys, too often with unpleasant results.

A basic understanding of private keys can protect you from losing money and other mishaps, but it tin also offer useful insights into how Bitcoin works. This guide outlines Bitcoin’s the most important private fundamental concepts.

Bitcoin: A Secure Messaging System

Bitcoin may exist best known as an electronic cash system, but underneath it all runs a secure messaging system built on the Internet. Instead of relaying emails, texts, or web pages, the Bitcoin network processes value-transfer messages chosen
transactions. Individual keys help authenticate these letters and place each other.

An instance helps illustrate the problems that private keys solve. Imagine that Alice wants to pay Bob using an electronic coin with a confront value of ฿1. To do so, she must create a transaction identifying Bob every bit the payee. Then Alice needs to publish the transaction to the Bitcoin network.

To use this system, Alice must solve ii central problems:

1. Alice needs a way to identify both herself and Bob in the transaction. She can’t use a trusted authorisation such as a government registry or email provider considering that would create a central betoken of failure — the very thing Bitcoin was created to eliminate.
2. Alice needs a way to foreclose others from changing her transaction and forging transactions in her name.

Bitcoin solves both bug through a system called public key cryptography. This organization uses ii pieces of information to authenticate messages. A
public key
identifies a sender or recipient, and tin can be distributed to others. A
individual key
creates an unforgeable bulletin signature. Unlike the public keys, the private cardinal must be kept hole-and-corner. Public and private keys are mathematically linked through a
signature algorithm, a mathematical procedure for creating identities, signing messages, and validating signatures.

With this overview in listen, here are vi things nearly individual keys to proceed in heed as yous use Bitcoin.

i. A Private Key is Merely a Number

A Bitcoin individual key is but an integer between 1 and about ten⁷⁷. This may not seem like much of a pick, but for practical purposes it’southward essentially space.

If yous could process
i trillion
private keys per 2nd, information technology would take more than one 1000000 times the historic period of the universe to count them all. Even worse, but enumerating these keys would swallow more than the total energy output of the sun for 32 years. Bitcoin’s unabridged security model rests on the infeasibility of mapping this vast keyspace.

Because individual keys contain many digits, an alternative called Wallet Import Format (WIF) has been devised. This format begins with the number “five” and contains a sequence of letters and numbers. For example, here’southward a private cardinal represented in WIF format:

5KJvsngHeMpm884wtkJNzQGaCErckhHJBGFsvd3VyK5qMZXj3hS

Given the importance of keeping private keys secret, they are sometimes encrypted. A popular method produces strings of text that look like WIF encoding, merely starting with the number “vi.” Decrypting a individual central encoded in this manner requires the password that was set when the private key was encrypted.

2. Transactions are Messages Signed with a Private Key

To forestall forgery, Bitcoin requires that each transaction conduct a digital signature. This signature, like a private cardinal, is merely a number selected from a very large range. Wallet software generates a signature by mathematically processing a transaction together with the correct individual key.

Anyone with a signature and public key can hands cosign a bulletin. However, the merely way to produce a valid message signature is to use the individual key matching the published public key. In other words, digital signatures are practically impossible to forge.

Unlike a concrete signature y'all might write on a check, a transaction signature changes if the transaction changes even slightly. The way the signature volition alter is unpredictable, ensuring that only a person in possession of a private key can provide the right signature.

Notice that the internal format of a transaction is less important than the thought that transactions are digitally signed letters whose authenticity can exist quickly and cheaply checked. For details on transactions and how they’re used in Bitcoin, see A Visual Linguistic communication for Bitcoin Transactions.

3. Anyone Who Knows Your Private Key Can Steal Your Funds

Any valid transaction begetting a valid signature will exist accustomed by the Bitcoin network. At the same time, any person in possession of a private central tin can sign a transaction. These 2 facts taken together mean that someone knowing only your private key tin steal from y'all.

Many avenues are open to thieves who steal private keys. Ii of the near pop are storage media and communications channels. For this reason, extreme caution must be taken whenever storing or transmitting individual keys.

Software wallets usually store private keys in a “wallet file” on the main hard bulldoze. Wallets often place this file in a standard, well-known directory, making it an ideal target bitcoin-specific malware.

To counter this threat, software wallets offer an pick to encrypt the wallet file. Whatever aggressor gaining access to your wallet file would then need to decrypt it. The difficulty of decryption depends on the quality of the encryption and strength of the countersign existence used. Wallet files can be encrypted on many software wallets by calculation a password.

Although wallet backups are a good thought, they can potentially leak individual keys. For case, it may be tempting to save a backup of your software wallet to a deject storage service such as Dropbox. Still, anyone capable of viewing this backup online (a potentially long list of people) would exist in a position to steal some or all of your funds. A similar trouble could arise through emailing backups to yourself or leaving a private cardinal around the firm. Encryption tin reduce, but not eliminate the risk.

Preventing the accidental release of private keys is the main purpose of “cold storage.” For more information, see A Gentle Introduction to Bitcoin Common cold Storage.

4. A Private Key Generates a Public Key Which Generates an Address

A public key is obtained past subjecting a individual key to a set of mathematical operations defined in a fix of standards known as Elliptic Bend Cryptography (ECC). Whereas a private cardinal is an integer, a public fundamental is a 2D coordinate composed of 2 integers. To make a public primal easier to process, it can be transformed into a single value. One arroyo appends the y-coordinate to the x-coordinate. This technique produces an “uncompressed” public key. A “compressed” public cardinal uses merely the x-coordinate with a symmetry flag.

Each of these steps is irreversible. An address can’t generate a public key, nor tin can a public key generate a private key. This human relationship is known as a mathematical trapdoor — a function that’s easy to perform in one management, simply practically impossible to perform in the reverse direction. This unidirectionality underpins Bitcoin’s security model.

Just as private keys can exist shortened to brand them more usable with displays and keyboards, so as well can public keys. An address results from applying a multi-footstep transformation to a public cardinal. This results in a string of text and digits, normally starting with the number “i”.

Notice that no network is needed at any betoken in the generation of a private key or the corresponding accost. Every computer on the Bitcoin network knows near the mathematical relationship between public and private keys. This enables each participant to select private keys and sign transactions independently of the Bitcoin network. The vast private keyspace ensures that whatsoever properly-selected fundamental will be unique.

5. Security Depends on Choosing a Good Private Key

Knowledge of a private fundamental is the but verification needed to spend an electronic money. Private keys should therefore be kept secret. Notwithstanding, careless selection of a private key can lead to theft just equally easily as its accidental release.

For example, imagine that nosotros want to use a private primal that’s easy to remember. The number
1
is both easy to remember and a valid Bitcoin private key. But how secure would information technology exist?

The private primal
i
generates this address:

1EHNa6Q4Jz2uvNExL497mE43ikXhwF6kZm

If y'all follow the link, you’ll observe that the accost has already been involved in over 1,000 transactions for a total of over 7 BTC within the concluding few years. If you wanted, you could easily spend any available funds at this address because the private central is known to yous.

Now imagine you’re a thief adamant to steal bitcoin. One strategy might be to compile a list of easy-to-remember individual keys. Side by side, generate the addresses for these keys and monitor the Bitcoin network for incoming payments to i of them. When one arrives, immediately sign a transaction moving the funds to another accost y'all control.

Contrast the ease of this scheme with a state of affairs in which a private central was chosen by a perfect random number generator. With no inkling what the cardinal might be, creature force iteration would be the just pick. As nosotros’ve already seen, carrying out this plan is physically impossible.

What would happen if the random number generator were non quite random? For case, what if all output private keys were amassed near a abiding value within a narrow range?

Any aggressor aware of such a defect could drastically reduce the necessary search space. Under the right conditions, it would become practical to monitor all of the addresses based on the faulty random number generator and steal funds from any ane of them at volition.

The demand to select a good private central becomes specially important with
brain wallets. One method to create a brain wallet starts with a passphrase such as “to exist or not to be”, then applies a mathematical function to convert this text to a individual key. Applying the virtually pop conversion algorithm (SHA-256) to this passphrase generates the accost:

1J3m4nneGFppRjx6qv92qyz7EsMVdLfr8R

As you can see, this address was used equally belatedly every bit 2016 to store funds, which were immediately withdrawn.

Unfortunately, it’s not ever piece of cake to tell what qualifies every bit an insecure brain wallet passphrase and what doesn’t. Attackers can exploit this uncertainty and the inexperience of new users to steal funds. For example, a thief might compile an enormous database of common phrases and passwords. Such a database might number in the trillions of entries or more, simply would yet be searchable in its entirety with little computational effort.

Compare this situation to the one with website passwords. If you register for a web service using a password someone else happens to take called, you don’t take over their account because your username must be unique. Bitcoin private keys are different in that they serve the dual role of user identification (via address generation) and authentication (via digital signatures).

Secure individual keys are generated with a high degree of unpredictability so they can’t be guessed before or after the fact.

6. Individual Keys are (Somewhat) Portable

For the most part, wallet software hides the process of generating, using, and storing private keys. However, individual keys can become visible from time to time. When this happens, understanding individual keys and how they interact with your specific software becomes of import.

Newspaper wallets present the well-nigh common route by which private keys show up exterior of software wallets. Although they come up in a multitude of formats, the essential characteristic of any newspaper wallet is a printed private key.

Many software wallets back up
sweeping. A sweep creates a new transaction paying one of the software wallet’s existing addresses. This process may or may non empty the address associated with the individual key. For more data on the dangers of manipulating blank individual keys, encounter V Ways to Lose Money with Bitcoin Alter Addresses.

Should your wallet awarding begin to malfunction, its private keys tin can often be imported into another application. This rescue process provides the second main route through which individual keys get visible to end users. A closely-related procedure consists of restoring the state of a software wallet through a fill-in file.

Conclusions

Bitcoin tin can exist thought of as an open messaging system secured past public cardinal cryptography. In contrast to other systems protected by username and password logins, Bitcoin is secured through digital message signatures created with a unique individual key. This single signal of access places a very high value on the secure generation, employ, and storage of private keys.