Public and private keys in cryptocurrencies are arguably the most important things to understand when it comes to getting involved with blockchain tech, especially Bitcoin. This article is designed to help get a solid grasp on what these mean, what they do, and why they’re important. With software making the process of using cryptos easier than ever, it can lead to confusion and/or loss of funds if you don’t have a good understanding of how this works.

The Lockbox Analogy

While the transparency behind the blockchain is often understood, how the keys relate to it may not be. The best way to think about this is by imagining a clear lockbox. It can withstand anything you can throw at it, so it’s unbreakable. At the same time, because it’s clear, you’re able to see inside, so if someone tells you it holds something (like a diamond), you can just peek and see for yourself. However, to open it, you need a special key – and nobody else is capable of getting it unless they get it from you somehow.

In the case of the blockchain, that is what holds all of the contents. Essentially, it’s sort of like a vault. Inside are many of these little lockboxes, and you are able to show off contents by using their public keys. Others can then verify everything from the box’s history to its current balance, as well as trace where coins came from and where they go in the future. An example of this would be the address “1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa,” which is the one Satoshi used when mining the genesis block (first one). Using that, you can verify that it holds 50 BTC and they haven’t moved.

To actually access those coins, however, you would also need the private key. You can’t just guess it, and it’s not something that’s public – only Satoshi has the capability of using it. So while you can see the coins sitting there, you can’t actually do anything with them.

Coins are NOT Truly in Your Wallet

We often refer to coins as being “in” a wallet, but what the wallet is actually doing is just keeping a log of your private keys (and public ones) so that you can see your balances on the blockchain and spend coins as needed. Most wallets have a way to both import and export your private keys, such that you can change wallets, access hard fork coins, etc. The private key is just the way of showing you are the one that is the owner of the coins – nothing more, nothing less. But it’s also very important that you keep these secure as a result, as anyone else with your private key has access to use the coins as they wish.

This setup is also why there are hardware wallets, software wallets, brain wallets, and cold wallets – while clients with GUIs make it easier to send the coins, all you need to access them is your private key. With that, you can even craft a transaction manually.

A Note on Change Addresses

When coins are sent from your wallet, entire inputs are utilized. Whatever is left is then sent back to a change address that is (usually) generated automatically, with your wallet having the private key that goes to it. If you send 31 BTC, for example, comprised of two 25 BTC inputs, the remaining 19 BTC is what will be sent to the change address. Most wallets now use deterministic address generation so that worrying about backing up after every send isn’t necessary, but not all do, so it’s important to look into whether or not the one you’re using does (ones that do will give a seed of some type when creating the wallet, which is used to regenerate the addresses, both private and public). This is especially important with altcoins, as most won’t include this ability and you can lose access to coins by not keeping frequent backups.

Concluding Notes

Private keys should never be shared with another person for any reason. Treat them like access keys to your bank account – because they are. Public keys can be shared a lot more liberally, though it is important to keep in mind that you may tie your identity to your address(es) in the process. Due to transactions all being traced through the system, it’s a good idea to be careful with who you link your public key address to your identity with.