Blockchain Public Key & Private Key: A Detailed Guide
A bitcoin wallet contains a collection of key pairs, each consisting of a private key and a public key. The private key (k) is a number, usually picked at random. From the private key, we use elliptic curve multiplication, a one-way cryptographic function, to generate a public key (K). Nov 18, 2017 A public-key cryptography (or asymmetrical cryptography) is one that uses pairs of keys: 1. Public key (open to anyone); and 2. Private key (only known to the owner). In the case of Bitcoin.
The field of cryptography is fundamental to many cryptocurrency systems such as Bitcoin. Cryptography is the practice of secure communication in the presence of third parties. In other words, cryptography allows for data to be stored and communicated in such a way that third parties are prevented from reading the contents of what has been communicated. Cryptography is utilized in the creation of public and private keys to make cryptocurrency systems a secure network upon which users can safely operate.
The concept of ownership on a cryptocurrency system is primarily comprised of three interconnected elements:
- Digital keys (Public key and Private key)
- Cryptocurrency addresses
- Digital signatures
The most important of these three elements are a user’s digital keys, because they allow for many of the ownership features that can be found in cryptographically secure cryptocurrency systems. It is important to note that these digital keys are not stored on cryptocurrency networks themselves, and are instead, stored and created by cryptocurrency wallets, which exist independently of the network. These keys are generated in pairs, consisting of a public key and a private key. The public key can be thought of as being an individual’s bank account, whilst the private key is the secret PIN to that bank account.
The public key is cryptographically connected to a cryptocurrency address in the sense that the address is a representation of the public key. It is often the case that the public key is used to generate an actual cryptocurrency address. This address serves as a user’s account identifier to which funds can be paid into.
Public Key
The important aspect to understand about the incorporation of public key cryptography in cryptocurrency systems such as Bitcoin, is that they are practically irreversible. This means that the mathematical functions that constitute public key cryptography are relatively easy to calculate in one direction, and are practically impossible to calculate in the opposite direction. This cryptographic feature is at the heart of cryptocurrency systems, because it facilitates the creation of digital secrets and unforgeable digital signatures that are essential for ownership on these decentralized networks.
Cryptocurrencies such as Bitcoin utilize elliptic curve multiplication as the foundation for their cryptography. Elliptic curve point multiplication is the operation of successively adding a point along an elliptic curve to itself repeatedly. It is used in elliptic curve cryptography as a means of producing a one-way function, which is a function that is easy to compute in one direction, but difficult to do so in the opposite direction. In cryptocurrency systems such as Bitcoin, this one-way function takes the private key as an input to generate the public key, which is the output. Because of this, owners of a private key can confidently distribute their public key with the knowledge that no one will be able to reverse the function, and calculate the private key from the public key.
Cryptocurrency Addresses
A cryptocurrency address is simply a string of alphanumerical characters that a user can share with anyone that wants to send them money. As mentioned before, a cryptocurrency address is effectively a representation of the public key. An address is derived from the public key through the use of a one-way cryptographic hash function. With Bitcoin, the algorithms that are used to make a bitcoin address from the public key are the Secure Hash Algorithm 256 (SHA-256) and the RACE Integrity Primitives Evaluation Message Digest 160 (RIPEMD-160). Beginning with the public key, this string of values is first ran through the SHA-256 hashing algorithm to produce a hash, and then that hash is computed using RIPEMD160 to produce a bitcoin address. The bitcoin address, and addresses in other cryptocurrency systems, are what often appears in a transaction between two parties, with the address signifying the recipient of the funds.
Generate Public Key Btc From Private Key Software
Private Keys
The private key consists of alphanumerical characters that give a user access and control over their funds to their corresponding cryptocurrency address. The private key is used to sign transactions that allow the user to spend their funds. In other words, the private key creates unique digital signatures for every transaction that enable a user to spend their funds, by proving that the user does in fact have ownership of those funds.
For example:
When Bob decides to purchase a coffee from Alice’s store for 5 bitcoins, Bob presents his public key and digital signature (the private key is applied to the transaction to produce the unique digital signature) in order to spend those bitcoins. This signature can only be produced by someone with knowledge of the private key, which in this case is Bob. However, anyone with access to the public key and digital signature can use these two elements to verify that Bob does in fact exercise ownership over those 5 bitcoins. This is how everyone else on the Bitcoin network can verify and accept Bob’s transaction as valid, without needing to reveal Bob’s private key.
Digital Signatures
A digital signature is a mathematical scheme that is used for showing the authenticity of a digital message or document. A digital signature that is valid will give the recipient of a digital message or document reason to believe that the message or document was in fact created by a known sender. A digital signature also indicates that the sender cannot in any way deny having sent the message or document, and that the message or document was not altered at any point while it was in transit.
Digital signatures play an important role in cryptocurrency systems, because they prove ownership of funds and allow the individual in control of those funds to spend them. For example, the digital signature algorithm that is utilized in Bitcoin is known as the Elliptic Curve Digital Signature Algorithm, which is also known as ECDSA. ECDSA is the algorithm that underpins the signature scheme in Bitcoin, and it is based on elliptic curve cryptography. This is the same cryptographic approach that is used in producing private and public key pairs. In Bitcoin, a digital signature is effectively intended to serve three distinct purposes:
- Firstly, a digital signature serves as proof that the owner of a private key, who will by extension have ownership of his/her funds, has indeed authorized that those funds can be spent.
- Secondly, a digital signature serves as proof that the authorization is undeniable.
- Thirdly, a digital signature proves that the transaction that has been authorized by the signature has not or cannot be modified by anyone after it has been signed.
Digital Signatures in Bitcoin: How They Work
As mentioned before, a digital signature is a mathematical scheme, and this mathematical scheme consists of two parts. The first part is an algorithm that creates the signature. This signature is created using a private key (which is also known as the signing key) and the hash of the transaction that is to be signed. The second part of the mathematical scheme is an algorithm that allows anyone to verify that the digital signature that is produced is valid.
The first part of producing a digital signature in Bitcoin can be represented mathematically in the following way:
Sig = Fsig(Fhash(m),dA)
Where:
- dA is the signing private key
- m is the transaction
- Fhash is the hashing function
- Fsig is the signing algorithm
- Sig is the resulting signature
The signing function (Fsig) produces a signature (Sig) that comprises of two values: R and S:
- Sig = (R, S)
Once R and S have been calculated, they are serialized into a byte stream that is encoded using an international standard encoding scheme that is known as the Distinguished Encoding Rules (or DER). In order to verify that the signature is valid, a signature verification algorithm is used. Verification of a digital signature requires the following:
- Signature (R and S)
- Transaction hash
- The public key that corresponds to the private key that was used to create the signature
Verification of a signature effectively means that only the owner of the private key (that generated the public key) could have produced the signature on the transaction. The signature verification algorithm will return ‘TRUE’ if the signature is indeed valid.
In cryptocurrencies, a private key allows a user to gain access to their wallet. The person who holds the private key fully controls the coins in that wallet. For this reason, you should keep it secret. And if you really want to generate the key yourself, it makes sense to generate it in a secure way.
Here, I will provide an introduction to private keys and show you how you can generate your own key using various cryptographic functions. I will provide a description of the algorithm and the code in Python.
Do I need to generate a private key?
Most of the time you don’t. For example, if you use a web wallet like Coinbase or Blockchain.info, they create and manage the private key for you. It’s the same for exchanges.
Mobile and desktop wallets usually also generate a private key for you, although they might have the option to create a wallet from your own private key.
So why generate it anyway? Here are the reasons that I have:
- You want to make sure that no one knows the key
- You just want to learn more about cryptography and random number generation (RNG)
What exactly is a private key?
Formally, a private key for Bitcoin (and many other cryptocurrencies) is a series of 32 bytes. Now, there are many ways to record these bytes. It can be a string of 256 ones and zeros (32 * 8 = 256) or 100 dice rolls. It can be a binary string, Base64 string, a WIF key, mnemonic phrase, or finally, a hex string. For our purposes, we will use a 64 character long hex string.
Why exactly 32 bytes? Great question! You see, to create a public key from a private one, Bitcoin uses the ECDSA, or Elliptic Curve Digital Signature Algorithm. More specifically, it uses one particular curve called secp256k1.
Now, this curve has an order of 256 bits, takes 256 bits as input, and outputs 256-bit integers. And 256 bits is exactly 32 bytes. So, to put it another way, we need 32 bytes of data to feed to this curve algorithm.
There is an additional requirement for the private key. Because we use ECDSA, the key should be positive and should be less than the order of the curve. The order of secp256k1 is FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141, which is pretty big: almost any 32-byte number will be smaller than it.
Naive method
So, how do we generate a 32-byte integer? The first thing that comes to mind is to just use an RNG library in your language of choice. Python even provides a cute way of generating just enough bits:
Looks good, but actually, it’s not. You see, normal RNG libraries are not intended for cryptography, as they are not very secure. They generate numbers based on a seed, and by default, the seed is the current time. That way, if you know approximately when I generated the bits above, all you need to do is brute-force a few variants.
When you generate a private key, you want to be extremely secure. Remember, if anyone learns the private key, they can easily steal all the coins from the corresponding wallet, and you have no chance of ever getting them back.
So let’s try to do it more securely.
Cryptographically strong RNG
Along with a standard RNG method, programming languages usually provide a RNG specifically designed for cryptographic operations. This method is usually much more secure, because it draws entropy straight from the operating system. The result of such RNG is much harder to reproduce. You can’t do it by knowing the time of generation or having the seed, because there is no seed. Well, at least the user doesn’t enter a seed — rather, it’s created by the program.
In Python, cryptographically strong RNG is implemented in the secrets module. Let’s modify the code above to make the private key generation secure!
That is amazing. I bet you wouldn’t be able to reproduce this, even with access to my PC. But can we go deeper?
Specialized sites
There are sites that generate random numbers for you. We will consider just two here. One is random.org, a well-known general purpose random number generator. Another one is bitaddress.org, which is designed specifically for Bitcoin private key generation.
Can random.org help us generate a key? Definitely, as they have service for generating random bytes. But two problems arise here. Random.org claims to be a truly random generator, but can you trust it? Can you be sure that it is indeed random? Can you be sure that the owner doesn’t record all generation results, especially ones that look like private keys? The answer is up to you. Oh, and you can’t run it locally, which is an additional problem. This method is not 100% secure.
Now, bitaddress.org is a whole different story. It’s open source, so you can see what’s under its hood. It’s client-side, so you can download it and run it locally, even without an Internet connection.
So how does it work? It uses you — yes, you — as a source of entropy. It asks you to move your mouse or press random keys. You do it long enough to make it infeasible to reproduce the results.
Are you interested to see how bitaddress.org works? For educational purposes, we will look at its code and try to reproduce it in Python.
Aug 24, 2017 Running php artisan key:generate in a Laravel project where the.env file does not contain an APPKEY= line results in the following output: Application key base64:KEYHERE= set successfully. However, the key is not written to the.env file, so the status message is incorrect. You can generate a key by the following command: php artisan key:generate The key will be written automatically in your.env file. APPKEY=YOURGENERATEDKEY If you want to see your key after generation use -show option. Php artisan key:generate -show Note: The.env is a hidden file in your project folder. Free key generate software. Application Key. The next thing you should do after installing Laravel is set your application key to a random string. If you installed Laravel via Composer or the Laravel installer, this key has already been set for you by the php artisan key:generate command. Typically, this string should be 32 characters long.
Quick note: bitaddress.org gives you the private key in a compressed WIF format, which is close to the WIF format that we discussed before. For our purposes, we will make the algorithm return a hex string so that we can use it later for a public key generation.
Bitaddress: the specifics
Bitaddress creates the entropy in two forms: by mouse movement and by key pressure. We’ll talk about both, but we’ll focus on the key presses, as it’s hard to implement mouse tracking in the Python lib. We’ll expect the end user to type buttons until we have enough entropy, and then we’ll generate a key.
Bitaddress does three things. It initializes byte array, trying to get as much entropy as possible from your computer, it fills the array with the user input, and then it generates a private key.
Bitaddress uses the 256-byte array to store entropy. This array is rewritten in cycles, so when the array is filled for the first time, the pointer goes to zero, and the process of filling starts again.
The program initiates an array with 256 bytes from window.crypto. Then, it writes a timestamp to get an additional 4 bytes of entropy. Finally, it gets such data as the size of the screen, your time zone, information about browser plugins, your locale, and more. That gives it another 6 bytes.
After the initialization, the program continually waits for user input to rewrite initial bytes. When the user moves the cursor, the program writes the position of the cursor. When the user presses buttons, the program writes the char code of the button pressed.
Finally, bitaddress uses accumulated entropy to generate a private key. It needs to generate 32 bytes. For this task, bitaddress uses an RNG algorithm called ARC4. The program initializes ARC4 with the current time and collected entropy, then gets bytes one by one 32 times.
This is all an oversimplification of how the program works, but I hope that you get the idea. You can check out the algorithm in full detail on Github.
Doing it yourself
For our purposes, we’ll build a simpler version of bitaddress. First, we won’t collect data about the user’s machine and location. Second, we will input entropy only via text, as it’s quite challenging to continually receive mouse position with a Python script (check PyAutoGUI if you want to do that).
That brings us to the formal specification of our generator library. First, it will initialize a byte array with cryptographic RNG, then it will fill the timestamp, and finally it will fill the user-created string. After the seed pool is filled, the library will let the developer create a key. Actually, they will be able to create as many private keys as they want, all secured by the collected entropy.
Initializing the pool
Here we put some bytes from cryptographic RNG and a timestamp. __seed_int and __seed_byte are two helper methods that insert the entropy into our pool array. Notice that we use secrets.
Seeding with input
Here we first put a timestamp and then the input string, character by character.
Generating the private key
This part might look hard, but it’s actually very simple.
First, we need to generate 32-byte number using our pool. Unfortunately, we can’t just create our own random object and use it only for the key generation. Instead, there is a shared object that is used by any code that is running in one script.
What does that mean for us? It means that at each moment, anywhere in the code, one simple random.seed(0) can destroy all our collected entropy. We don’t want that. Thankfully, Python provides getstate and setstate methods. So, to save our entropy each time we generate a key, we remember the state we stopped at and set it next time we want to make a key.
Second, we just make sure that our key is in range (1, CURVE_ORDER). This is a requirement for all ECDSA private keys. The CURVE_ORDER is the order of the secp256k1 curve, which is FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141.
Finally, for convenience, we convert to hex, and strip the ‘0x’ part.
In action
Let’s try to use the library. Actually, it’s really simple: you can generate a private key in three lines of code!
You can see it yourself. The key is random and totally valid. Moreover, each time you run this code, you get different results.
Conclusion
As you can see, there are a lot of ways to generate private keys. They differ in simplicity and security.
Generating a private key is only a first step. The next step is extracting a public key and a wallet address that you can use to receive payments. The process of generating a wallet differs for Bitcoin and Ethereum, and I plan to write two more articles on that topic.
If you want to play with the code, I published it to this Github repository.
I am making a course on cryptocurrencies here on freeCodeCamp News. The first part is a detailed description of the blockchain.
I also post random thoughts about crypto on Twitter, so you might want to check it out.