Public vs. Private Keys Explained

Key Takeaways

• Private key = ownership. Anyone with it can spend your bitcoin. Never share it.
• Public key/address = receive + verify. Safe to share; proves nothing without a valid signature.
• Wallets generate many keys from a single seed phrase using HD (hierarchical deterministic) standards.
• Backups matter: Your seed phrase (and optional passphrase) is the ultimate recovery method.

What Are Private and Public Keys?

A private key is a large random number. From this number, a wallet derives a corresponding public key using one-way elliptic-curve math (secp256k1). Because the process is one-way, you can safely share the public key (or its address form) without revealing the private key.

• Private Key: Authorizes spending by producing digital signatures.
• Public Key: Used by the network to verify those signatures.
• Address: A human-friendly encoding of data derived from a public key (or script) used to receive bitcoin.

How It Works (Step by Step)

1. Keypair generation: Your wallet securely creates a random private key and derives its public key.
2. Address creation: The wallet encodes public-key data into an address (e.g., bc1q... or bc1p...).
3. Receiving: You share an address. Others send bitcoin to it; the transaction is recorded on the blockchain.
4. Spending: Your wallet builds a transaction and signs it with the private key. The signature proves you own the coins without revealing the private key.
5. Verification: Nodes use your public key to verify the signature before accepting the transaction.

Under the Hood

• Elliptic-Curve Cryptography: Historically, Bitcoin uses ECDSA for signatures; since the Taproot upgrade (2021), Taproot spends use Schnorr signatures (BIP340). Both operate on curve secp256k1.
• Unidirectional math: It’s easy to derive a public key from a private key, but computationally infeasible to reverse.
• Digital signatures: A signature binds your private key to a specific transaction (inputs/outputs). Anyone with the public key can verify it.

Seed Phrases & HD Wallets

Modern wallets are HD (Hierarchical Deterministic): they derive many keys from a single master seed (BIP32). The seed is usually shown as a 12–24 word mnemonic (BIP39 seed phrase).

• One backup → many addresses: Lose the device? Restore all keys from the seed phrase.
• Derivation paths (BIP44/49/84/86): Standardized paths define address types. Examples:
  • Legacy (P2PKH): m/44'/0'/0'/0/0
  • Native SegWit (P2WPKH bech32): m/84'/0'/0'/0/0
  • Taproot (P2TR bech32m): m/86'/0'/0'/0/0
• Passphrase (optional “25th word”): Adds another secret on top of the seed. Without it, the seed alone can’t restore the wallet.

Extended Keys: xpub vs xprv

HD wallets use extended keys to derive child keys:

• xprv / yprv / zprv / kprv…: Extended private keys (never share). Can derive all child private keys.
• xpub / ypub / zpub / vpub…: Extended public keys. Useful for “watch-only” wallets that can generate receive addresses and track balances, but cannot spend.
• Privacy note: Sharing an xpub may reveal your entire future address set and transaction graph. Prefer single receiving addresses or payment codes/invoices where possible.

Address Types & Formats

• Legacy (P2PKH): Starts with 1.... Higher fees; broad compatibility.
• SegWit (P2WPKH / P2WSH): Starts with bc1q... (bech32). Lower fees and better efficiency.
• Taproot (P2TR): Starts with bc1p... (bech32m). Enables Schnorr, key/path spending, and more private/malleable scripts.

Security Best Practices

• Never digitize your seed phrase (no screenshots, cloud notes, email). Write it on paper or metal; store securely in more than one place.
• Prefer hardware wallets for meaningful amounts. They isolate private keys from Internet-connected devices.
• Use a passphrase if supported (and you can safely remember/store it). Don’t forget it—funds become unrecoverable.
• Test your backup: Do a full restore on a spare device before depositing significant funds.
• Firmware & wallet hygiene: Keep devices updated; verify addresses on the device screen; beware of supply-chain and phishing attacks.

Common Mistakes (and How to Avoid Them)

• Confusing seed with password: The 12–24 words are your wallet. Anyone who sees them can spend your coins.
• Storing seed in photos/cloud: Extremely risky; malware often scans for mnemonics and private keys.
• Reusing addresses: Hurts privacy. Most wallets auto-rotate receive addresses—use them.
• Sharing xpub casually: Avoid leaking your transaction graph; use different accounts where needed.
• No backup of passphrase: If you enable one, back it up as carefully as your seed.

Advanced: Multisig & Sharding

• Multisig (e.g., 2-of-3): Requires multiple private keys to spend. Good for teams, treasuries, or personal key-splitting (geographic redundancy).
• Shamir’s Secret Sharing (SLIP-0039): Splits a seed into several shares; a threshold of shares is needed to reconstruct it.
• Watch-Only Setups: Combine a watch-only (xpub) wallet on your phone with a hardware signer that holds private keys offline.

FAQ

Can someone guess my private key from my address?

No. With modern cryptography and proper randomness, it’s computationally infeasible.

Is a seed phrase the same as a private key?

The seed phrase is a human-readable backup that deterministically derives many private keys (HD wallet). It’s even more powerful—guard it carefully.

What if I lose my device?

Restore your wallet on a new device using the seed phrase (and passphrase, if used). Without the backup, funds are unrecoverable.

What signature algorithm does Bitcoin use?

Legacy outputs use ECDSA; Taproot outputs use Schnorr signatures (BIP340). Both rely on curve secp256k1.

Is it safe to share my public key or address?

Yes. They’re designed to be shared. However, sharing an xpub can reveal your broader transaction graph—use with caution.