At heart, a crypto wallet is a UI layer on top of your public and private keypair and abstracts the interface to access the blockchain. This keypair serves as your “passport” through the web3 ecosystem. You’ve probably heard catchphrases like “not your keys, not your coins” which hint towards the importance of these keys and their ownership, but what are they actually? How do they work, and where do they come from? How do they guarantee your identity on the blockchain?
This blog post will take a deep dive into the technicalities of keys (and wallets) to understand the mathematics and cryptography that underpin them.
Public-Key Cryptography Basics
To understand what a wallet actually is, you first need to understand public key cryptography. Public-key cryptography (also called asymmetric cryptography) is a type of cryptosystem for secure data transmission that gives every user two keys – a public key known to everyone and a hidden private key.
The canonical example (which is inverse in crypto) of how these keys are used is that Alice wants to send a message for Bob’s eyes only. To do this, Alice encrypts the message using Bob’s widely available public key. Bob then uses his private key to decrypt the message.
Popular public-key cryptography algorithms that can create keypairs and encrypt/decrypt messages include modular exponentiation-based RSA. RSA is one of the most popular algorithms employed and uses large primes to generate key pairs.
Generating the Keys
When you create a new self-custodial wallet, you generate a new private key, then compute the public key from the private key. The wallet serves as a UI on top of your keys.
While the process of deriving the keypairs and addresses is standardized, blockchains may differ in the operations applied to the private keys. The details described below pertain to Ethereum.
Generating the Private Key
The private key is a randomly generated 256-bit number; there are roughly equivalent private key addresses as there are atoms in the universe. The operating system or wallet application dictates the randomness of the private key — it is crucial to have sufficient entropy in a private key generation, so the number generated is not predictable.1
Generating the Public Key
The public key is then derived from the private key using the Elliptic Curve Digital Signature Algorithm (ECDSA), a variant of DSA. Ethereum, like Bitcoin, uses the elliptic curve parameter secp256k1 as defined by the National Institute of Standards and Technology (NIST).
Generating the Ethereum Address
Once the public key is calculated, the one-way function Keccak-256 is applied, and the 160 right-most hash output bits are used as the Ethereum address. The address is often prefixed with 0x to indicate they are in hexadecimal format.
Public Key vs. Ethereum Address
Note that the Ethereum address is not the same as the public key. The Ethereum address, which is a hash of the public key, is the alphanumeric string that users disseminate to receive funds. While the Ethereum address is available on every transaction, the public key can be derived from the values in the transaction header, which can be used to verify the authenticity of the signature.
Key Storage in Wallets
Once the keys have been generated, they must be securely stored to prevent theft. The early bitcoin crypto wallets stored the private key in a local ‘wallet.dat’ file. More modern wallets provide more robust storage solutions by exporting keys to secure cloud storage systems or integrating with a hardware wallet like Ledger to provide access to funds.
The private keys, meanwhile, are often further encrypted/hashed. Centralized exchanges like Coinbase store your private keys on their servers, while for modern self-custodial wallets like MetaMask that are browser-based, the private keys are kept in the browser’s data store.
Master Seed and Recovery Pharse
Most wallets ask users to keep the recovery phrase in a safe place, usually offline. This phrase, which consists of 12-24 words which in specific order can map to the “Master seed”. The master seed is a randomly generated 256 bits, that can be used to derive an infinite number of private keys. This is how wallets can generate many accounts, each with their own private/public keys, while still allowing you to restore all of them with one recovery phrase.
With the keys stored safely in your wallet, they can now be used to “sign transactions” and otherwise participate in the web3 economy.
This works in sort of an inversion of the Alice-Bob message encryption example. To “sign” a transaction on the blockchain, the user puts the transaction and their private key into a mathematical function that spits out the signature.
The signing algorithm uses a temporary private key and the transaction data to produce two outputs, commonly called r and s. This signature is then appended to the transaction message. To verify that a user signed the message, any third-party verifier can use the inverse of the signature generation function that takes in the transaction data, the user’s public key, and the two signature values to output a return value q. The transaction is valid if q is equal to the signature value r.
Of course, wallet users will never personally have to call any functions – the inner technical details of transaction signing are abstracted away by the wallet UI.
At its core, a wallet is a program that generates a public/private key pair for you and signs and encrypts messages using them. In a departure from the traditional understanding of wallets, crypto wallets do not actually store your crypto assets; they just secure the assets stored in the blockchain and restrict their access.
The difference between a custodial wallet like Coinbase and a self-custodial wallet like MetaMask is that custodial wallets have access to and take care of your private key, while with self-custodial wallets, you’re responsible for them yourself. In future articles, we’ll explore methods for managing your private keys, including sharing them via MPC, bringing in multisig approaches, and others.
(1)This uniqueness of the private key is at the core of the authentication mechanism here at Dynamic, we believe that utilizing the private key for the authentication flow, provides far superior security to any password you might come up with