Public Key Cryptography

A blockchain wallet address is derived from a user's public key through cryptographic hashing (e.g., Keccak-256 for Ethereum). This creates a pseudonymous identity on-chain. The corresponding private key is the sole proof of ownership, allowing the user to authorize transactions from that address. This mechanism ensures that anyone can verify a transaction's origin without knowing the signer's private information.

Every blockchain transaction must be digitally signed. The process uses the Elliptic Curve Digital Signature Algorithm (ECDSA) or similar:

• The sender signs the transaction hash with their private key, creating a unique digital signature.
• Network nodes verify the signature using the sender's public key.
• This proves the transaction was authorized by the legitimate key holder and that the data was not altered in transit, ensuring integrity and non-repudiation.

PKC secures peer-to-peer communication within blockchain networks. Protocols like Transport Layer Security (TLS) use PKC for initial handshakes to establish secure, encrypted channels between nodes. This prevents eavesdropping and man-in-the-middle attacks on propagated transactions and blocks. Some consensus mechanisms also use PKC for validator identity, where a node's public key identifies it as an authorized block proposer or signer.

Blockchains implement specific cryptographic primitives based on PKC:

• ECDSA (secp256k1 curve): The standard for Bitcoin and Ethereum transaction signatures.
• EdDSA (Ed25519 curve): Used by Solana and other high-throughput chains for faster signing.
• BLS Signatures: Enables signature aggregation, crucial for scaling in networks like Ethereum 2.0 (consensus) and Chia, reducing on-chain data footprint.

HD Wallets (defined by BIP-32/44) use a single master seed to generate a tree of key pairs. From one seed, users can derive countless public/private key pairs for different accounts or addresses. The public master key can generate a sequence of receiving addresses without exposing private keys, enhancing both usability and privacy. This is the standard for most modern wallet software.

Public keys enable complex authorization schemes. Multisignature (multisig) wallets require transactions to be signed by multiple private keys corresponding to a set of predefined public keys. Smart contracts, such as those governing Decentralized Autonomous Organizations (DAOs) or asset vaults, can encode logic that checks for valid signatures from specific public keys before executing actions, distributing control and enhancing security.

RSA is a foundational public-key cryptosystem based on the computational difficulty of factoring large integers. It is widely used for secure data transmission and digital signatures, though it is less common in modern blockchains due to its larger key sizes and slower performance compared to elliptic curve cryptography.

• Key Generation: Based on the product of two large prime numbers.
• Usage: Historically used for key exchange and signatures.
• Example: Early PGP encryption and SSL/TLS certificates.

Elliptic Curve Cryptography (ECC) is a public-key cryptography approach based on the algebraic structure of elliptic curves over finite fields. It provides equivalent security to RSA with significantly smaller key sizes, making it the standard for most modern blockchains.

• Key Principle: Security relies on the elliptic curve discrete logarithm problem.
• Advantage: Smaller keys (e.g., 256-bit) provide security comparable to RSA 3072-bit keys.
• Blockchain Use: Forms the basis for Bitcoin (secp256k1 curve) and Ethereum addresses and signatures.

A Digital Signature Algorithm (DSA) is a standard for generating and verifying digital signatures. The Elliptic Curve Digital Signature Algorithm (ECDSA) is its more efficient elliptic curve variant, which is critical for blockchain transaction authorization.

• Function: Proves a message was created by a known sender (authentication) and was not altered (integrity).
• Process: A signature is generated using a private key and verified with the corresponding public key.
• Example: Every Bitcoin transaction is signed with ECDSA using the secp256k1 curve.

EdDSA is a modern, high-performance digital signature scheme based on twisted Edwards curves, such as Ed25519. It is designed to be faster and more secure against side-channel attacks than ECDSA.

• Key Features: Deterministic (no need for a random number generator), faster verification, and simpler implementation.
• Usage: Increasingly adopted in newer blockchain protocols and cryptographic libraries.
• Example: Used in Solana, Zcash's Sapling upgrade, and the Monero cryptocurrency.

A blockchain address is a derived, shortened representation of a public key, acting as a public identifier for receiving assets. Derivation involves cryptographic hashing for security and compression.

• Common Process: Public Key → (Hashing with SHA-256 & RIPEMD-160) → Public Key Hash → (Encoding, e.g., Base58Check) → Address.
• Purpose: Hashing provides a layer of security (quantum resistance) and creates a shorter, more user-friendly format.
• Example: A Bitcoin address (e.g., 1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa) is derived from a public key hash.

Hierarchical Deterministic (HD) Wallets use public key cryptography to generate a tree of key pairs from a single master seed (a root private key). This allows for managing unlimited addresses without storing multiple private keys.

• Standard: Defined by BIP-32 (Bitcoin Improvement Proposal 32).
• Mechanism: A master extended private key can derive child private and public keys. The extended public key can derive only child public keys, enabling secure watch-only wallets.
• Benefit: Simplifies backup (one seed phrase) and enables structured key management for different accounts or purposes.

The security of a public key system begins with secure key generation and private key custody. A private key must be generated with sufficient entropy (randomness) to prevent brute-force attacks. Best practices include:

• Using cryptographically secure random number generators (CSPRNGs).
• Storing private keys in hardware security modules (HSMs) or air-gapped cold storage.
• Never storing private keys in plaintext on internet-connected devices.
• Utilizing hierarchical deterministic (HD) wallets to derive keys from a single seed phrase for backup.

The choice of cryptographic algorithm is a fundamental security decision. Most blockchains use the Elliptic Curve Digital Signature Algorithm (ECDSA) with the secp256k1 curve (e.g., Bitcoin, Ethereum). However, post-quantum cryptography (PQC) is an emerging consideration, as large-scale quantum computers could theoretically break ECDSA and RSA. Developers should:

• Stay informed on NIST-standardized PQC algorithms like CRYSTALS-Dilithium.
• Consider hybrid cryptographic systems that combine classical and quantum-resistant algorithms for future-proofing.

Proper signature verification is essential to ensure a transaction's authenticity and integrity. A critical vulnerability to mitigate is the replay attack, where a valid signed transaction is maliciously or accidentally rebroadcast. Blockchains implement defenses such as:

• Nonces: Sequence numbers that increment with each transaction from an account.
• Chain IDs: Unique network identifiers (e.g., in EIP-155 for Ethereum) that bind a signature to a specific blockchain.
• Always verifying the signer's address matches the transaction sender.

While public keys are meant to be public, their exposure can have security implications. Most blockchain addresses are a hash (e.g., Keccak-256, RIPEMD-160) of the public key, not the key itself. This provides a layer of cryptographic agility. However, once a public key is revealed (e.g., after signing a transaction), the associated address is permanently linked. For enhanced privacy:

• Use stealth addresses or zero-knowledge proofs to decouple transactions from a persistent public identity.
• Be aware that quantum computers could derive the private key from a known public key, making post-quantum signatures crucial.

The strongest cryptography can be defeated by human error. Social engineering attacks, such as phishing, are a primary vector for private key theft. Attackers trick users into revealing seed phrases or signing malicious transactions. Best practices include:

• Never entering a seed phrase on any website.
• Verifying transaction details meticulously in wallet interfaces before signing.
• Using multi-signature (multisig) wallets for high-value assets, requiring multiple approvals.
• Educating end-users on recognizing phishing attempts and fake wallet apps.

A digital signature is a cryptographic proof, generated using a private key, that verifies the authenticity and integrity of a message or transaction. It proves:

• Authentication: The signer is who they claim to be.
• Non-repudiation: The signer cannot later deny having signed.
• Integrity: The message was not altered after signing.

In blockchains like Bitcoin and Ethereum, every transaction must be signed by the sender's private key, creating a signature that anyone can verify with the corresponding public key.

A blockchain address (e.g., 0x... or bc1...) is a shortened, human-readable representation of a public key, derived through cryptographic hashing. It serves as the public identifier for receiving assets. The process typically involves:

1. Generating a public key from a private key.
2. Hashing the public key (often with SHA-256 and RIPEMD-160).
3. Adding a checksum and encoding it (e.g., Base58, Bech32).

While addresses are shared publicly to receive funds, the irreversible nature of hashing prevents the original public key from being easily deduced from the address alone.

Asymmetric cryptography, or public-key cryptography, is a system that uses a pair of mathematically linked keys: a public key and a private key. It solves the key distribution problem of symmetric cryptography by enabling two core functions without a pre-shared secret:

• Encryption: Data encrypted with a public key can only be decrypted by the corresponding private key.
• Digital Signatures: Data signed with a private key can be verified by anyone with the public key.

This asymmetry is fundamental to blockchain for creating verifiable ownership and secure peer-to-peer transactions.

A cryptocurrency wallet is a software or hardware device that manages the cryptographic keys essential for interacting with a blockchain. Its primary functions are:

• Key Generation & Storage: Securely creates and stores private keys.
• Transaction Signing: Uses the stored private key to sign outgoing transactions.
• Address Management: Generates and displays public addresses for receiving funds.
• Balance Querying: Reads the blockchain to display asset balances associated with its addresses.

Critically, wallets do not "store" coins; they store the keys that control the coins recorded on the distributed ledger.