Public Key

The primary function of a public key is to verify digital signatures created by its corresponding private key. This is the core mechanism for proving ownership and authorizing transactions without revealing the secret key. For example, when you sign an Ethereum transaction with your private key, network nodes use your public key to cryptographically confirm the signature's validity.

A blockchain address is not the public key itself but a hashed and encoded version of it. This process enhances security and shortens the identifier.

• Bitcoin: A public key is hashed (SHA-256, then RIPEMD-160) and encoded with a version byte and checksum to create a Base58Check address (e.g., 1A1zP1...).
• Ethereum: The public key is hashed with Keccak-256, and the last 20 bytes of the hash become the standard hex address (e.g., 0x742d35...).

Blockchains rely on established cryptographic standards to generate key pairs.

• Elliptic Curve Cryptography (ECC): The most common foundation, using specific curves like secp256k1 (Bitcoin, Ethereum) or Ed25519 (Solana, Near).
• RSA: Rarely used in modern blockchains due to larger key sizes and slower performance compared to ECC. These standards ensure the mathematical one-way relationship between the private and public key is secure.

The role of a public key differs between two major blockchain accounting models:

• Account Model (Ethereum, Solana): The public key (or its derived address) is the account identifier. State (balances, smart contract code) is stored directly against this address.
• UTXO Model (Bitcoin, Cardano): The public key controls unspent transaction outputs (UTXOs). Ownership is proven by signing with the private key to unlock a UTXO, but the public key itself is not a persistent account.

HD Wallets (defined by BIP-32) generate a tree of key pairs from a single master seed. A public extended public key (xpub) can derive a sequence of child public keys without access to the private keys. This allows for:

• Generating unlimited receive addresses securely.
• Enabling watch-only wallets that can track balances but not spend.
• Structuring keys for organizational use (e.g., different departments).

Public keys are fundamental components in advanced wallet structures:

• Multi-Signature (Multisig): A wallet address is controlled by multiple public keys (e.g., 2-of-3). Transactions require signatures from a defined threshold of the corresponding private keys.
• Smart Contract Wallets (Ethereum): Addresses like those created by Safe (formerly Gnosis Safe) are smart contracts that hold assets. The contract's logic defines which public keys are authorized signers, enabling complex governance and recovery schemes.

The security of a public key rests on cryptographic one-way functions, such as Elliptic Curve Cryptography (ECC). These functions make it computationally infeasible to:

• Derive the private key from its public counterpart.
• Forge a valid digital signature without possessing the private key. This mathematical asymmetry is the foundation for secure authentication and transaction signing.

A blockchain address (e.g., 0x...) is a hashed representation of the public key. This process adds a critical security layer:

• Hash functions like Keccak-256 are used, which are collision-resistant (extremely unlikely two keys produce the same address).
• It provides a shorter, more user-friendly identifier while hiding the full public key until a transaction is made, offering a minor privacy benefit.

The public key itself is not a secret, but its security is entirely dependent on private key custody. Critical risks include:

• Loss: If the private key is lost, access to all associated assets is permanently irrecoverable.
• Theft: Compromise of the private key grants an attacker full control.
• This necessitates secure storage solutions like hardware wallets or institutional custody services.

Future quantum computers, leveraging Shor's algorithm, pose a theoretical threat to current public-key cryptography (e.g., ECC, RSA). They could potentially:

• Compute a private key from its public key, breaking the one-way function.
• The blockchain industry is researching post-quantum cryptography (PQC) to develop algorithms resistant to such attacks.

Attackers exploit the human element by creating addresses (vanity addresses) that look similar to a victim's. This enables:

• Address Poisoning: Sending $0-value transactions to a victim's history, hoping they copy the fake address for future payments.
• Phishing: Displaying a deceptive address on a fake website or interface. Users must always verify the full address, not just the first/last few characters.

Certain blockchain protocols or smart contract interactions can inadvertently expose public keys, increasing privacy risks:

• In Bitcoin, the full public key is revealed when spending from a Pay-to-Public-Key-Hash (P2PKH) address.
• This can enable address clustering, linking multiple transactions to a single entity. Protocols like Taproot (Schnorr signatures) help mitigate this by making all signatures look identical.

The private key is a secret, cryptographically generated number that mathematically corresponds to a public key. It is used to:

• Digitally sign transactions, proving ownership of assets.
• Decrypt messages sent to the corresponding public key.
• Generate the public key through a one-way cryptographic function (e.g., Elliptic Curve Cryptography).

Crucially, a private key must remain secret, as its compromise leads to a complete loss of control over the associated blockchain address and funds.

A digital signature is a cryptographic proof created by signing a message (like a transaction) with a private key. It serves two primary functions:

• Authentication: Verifies the message originated from the holder of the specific private key.
• Integrity: Ensures the message was not altered after signing.

Anyone can verify the signature's validity using the signer's public key and the original message, without needing the private key. This is the mechanism that secures every blockchain transaction.

A wallet address is a human-readable representation of a public key, derived through additional hashing and encoding (like Base58 or Bech32). It acts as the public identifier for receiving assets on a blockchain.

Key characteristics:

• Generated from a public key via a one-way hash function (e.g., Keccak-256 for Ethereum).
• Often includes a checksum to prevent typos.
• Examples: 0x... (Ethereum), bc1q... (Bitcoin SegWit).

While a public key can be used to verify signatures, the address is the primary identifier shared to receive funds.

Elliptic Curve Cryptography (ECC) is the asymmetric cryptographic system used by most major blockchains (e.g., Bitcoin's secp256k1 curve) to generate key pairs. Its security relies on the computational difficulty of the Elliptic Curve Discrete Logarithm Problem (ECDLP).

Advantages for blockchain:

• Provides strong security with shorter key lengths compared to RSA.
• Enables efficient signature generation (ECDSA) and verification.
• Facilitates public key derivation from a private key, which is a one-way function.

This mathematical foundation makes key pair generation and digital signatures both secure and computationally feasible.

Public Key Infrastructure (PKI) is a framework of roles, policies, and procedures needed to create, manage, distribute, and revoke digital certificates. In traditional web security, it uses Certificate Authorities (CAs) as trusted third parties to bind public keys to identities (e.g., for HTTPS).

Contrast with Blockchain:

• Blockchains use a decentralized PKI model. Trust is established through consensus and cryptographic proof, not a central authority.
• Identity is proven by demonstrating control of a private key, with the network validating signatures against the public key.

PKI concepts help contextualize blockchain's trustless verification model.

A cryptographic hash function (e.g., SHA-256, Keccak-256) is a one-way function that converts input data of any size into a fixed-size output (hash). It is critically used in public key cryptography for:

• Creating addresses: A public key is hashed to produce a wallet address.
• Signing data: Transactions are hashed before being signed by the private key.
• Ensuring integrity: Any change to the input data produces a completely different hash.

These functions are deterministic, pre-image resistant, and collision-resistant, forming a core component of the security chain from private key to public transaction.