If your only interaction with crypto is buying through an exchange then it can be hard to understand concepts like private keys and public addresses, because you'll have limited exposure to them. But given that it is good practice to take full control of your crypto it is important to understand what private keys and public addresses are, and how they work.
One of the most common strategies that people use to learn is by association. Comparing a new subject, or idea, to something you are already familiar with, makes it more relatable, and provides a framework to understand its logic.
You can use this approach when trying to explain the concepts of crypto keys and addresses to someone who is new to the subject, by relating them to the keys and addresses they are familiar with; in relation to their physical home.
A good place to start thinking about keys and addresses within crypto, is by thinking about their function in relation to where you live.
A physical key is a security feature that enables anyone in possession of it to enter a property - like a house or an apartment - and access anything within it.
For that reason a key is protected, and you would think very carefully about sharing it with anyone, especially if your home contains items of significant value.
Though you would carefully protect the key to your home, it is necessary to share its location - as described by the details that make up your address - in order for anyone to find it. Deliveries, guests, utilities and communications all need to know where to find you.
Though there is minor variation from country to country, property addresses follow a similar format, otherwise their use would become virtually impossible to manage - house name/number, street number, city, post/zip code.
Some people may choose to not share their address because privacy and security is of particular concern, such as celebrities or anyone in a position of power. You can in fact choose to create an alias, such as a post office box, as a way to increase privacy.
Addresses are assigned to a property as part of a centralised system of record, such as a Land Registry, which can be referred to for finding details of any address within the record.
Keeping these familiar concepts of keys and addresses in mind, and their associated themes - security and location - we can try and relate them to the functions that keys and addresses provide within crypto.
Just as a physical key secures the contents of a property or a vault, a key in the context of crypto protects virtual funds - cryptocurrency - located at a virtual address within a blockchain.
Just like a physical key, a private key gives whoever holds it access to the funds it unlocks, so it is designed to be very hard to guess.
A Bitcoin private key is normally represented by a string of 64 characters from letters A-F and numbers 0-9, otherwise known as hexadecimal, but can be represented in a number of different ways, such as a string of 256 ones and zeros (bits - the smallest unit of information in computing).
Given their length and the random way in which keys are generated, the probability of two Private Keys being the same is greater than all the grains of sand on earth.
But though this makes them impossible to guess, should they be exposed, it automatically exposes the funds they protect. This zero sum feature means Private Keys must be kept secret and closely protected. Remember, there is no customer support hotline for crypto, the whole point is to be in control, which means taking full responsibility.
Managing multiple 64 character Private Keys would clearly be a nightmare, apart from the online threat from bad actors, there is always the risk of losing or destroying them by mistake. Learn Crypto has written about the most famous stories of lost bitcoin.
Luckily crypto wallets can derive all Private Keys from one piece of information known as a Seed, which is a collection of memorable words known as mnemonics. Think of a Seed like a really long password string, acting as the ultimate failsafe for recovery Private Keys. Protecting it is therefore, of critical importance.
The term used to describe wallets that can derive all Private Keys from a single Seed is called Hierarchical Deterministic or HD for short. Almost all modern non-custodial crypto wallets have this capability.
Given their length and the random way in which keys are generated, the probability of two Private Keys being the same is greater than the number of grains of sand on Earth.
On the Bitcoin blockchain, the location of the virtual funds secured by a Private Key is indicated by a Public Address, which follows a similar format mixing letters and numbers, but is shorter, featuring from 26-35 characters, depending on the format.
Similar to your postal address, a Bitcoin public address - sometimes known as an invoice address - can be shared as it doesn’t give access to funds. As the Bitcoin blockchain is completely open, an address enables anyone with an internet connection to see its balance, using something called a block explorer.
Think of a Block Explorer like a browser for the blockchain, where you search for addresses or transaction IDs, rather than keywords, similar to searching a property address database.
Though Public Addresses contain no personal information, they are not anonymous, rather pseudonymous, which means someone determined enough might be able to identify you by association.
If for example, you add a Bitcoin address to your Twitter bio, and then tweet something that identifies you, then it can be inferred that you you own that address and the value held.
Given the privacy and security concerns of reusing Public Addresses they are only intended for single use.
Each time you want to receive funds most crypto wallets will automatically generate a new Public Address, which means that the only detail your share publicly is specific to the transaction sent to that address.
You might think that continually generating Public Addresses would make managing them within your wallet a nightmare?
This actually isn’t the case because there is another extended form of Public Address, working in the background, which simplifies the creation of addresses and management of funds within your crypto wallet.
In the case of Bitcoin it is called an Extended Public Key, or xpub key for short, which is a much longer format the standard Public Address.
All sharable Public Addresses are derived from an xpub key, which is how your wallet knows to assign incoming funds to one Bitcoin account within your wallet.
Though your xpub key won’t allow anyone to access your funds, by sharing it you will allow someone to know the full Bitcoin balance for that Bitcoin account.
If you are wondering where the Private and Extended Public keys we’ve described can be found, that will depend on the type of crypto wallet you are using.
Some wallets place the custody (control) of keys in the hands of whoever is providing the service; the most obvious example are cryptocurrency exchanges - like Coinbase or Kraken.
Your exchange wallet allows you to generate an address to receive funds, or to send funds, but you don’t have access to the Private Keys or the Extended Public Keys. Some crypto users prefer to have an exchange look after keys, rather than take that responsibility themselves.
The flip-side is that should the exchange be hacked or suddenly shut down, the Private Keys could be compromised, along with your funds, and there is no law specifically insuring crypto assets held in custody. This is why one of the most common mantras within crypto is ‘not your keys, not your coins.’
The opposite of a custodial wallet - where you allow a third party to control Private Keys - is a non-custodial wallet, one in which you control them.
Your Private Keys are encrypted within the software (if it’s an App) or hardware (if it’s a physical device) and aggregated into the Seed introduced above.
The extended public key can be accessed within the settings for each account within the wallet, but is rarely needed. One example is for collating historical activity for collating crypto taxes.
Your Seed will be generated when you set-up the wallet, prompting you to make a copy. Given how important it is, the method of Seed storage is crucial. You should avoid storing it online given it could be exposed to hackers, and should use an offline method that is durable and secure.
The most common approach to storing a Seed is to write the phrases down on a piece of paper - the majority of hardware wallets ship with a Seed Recovery Sheet. Paper might be cheap and convenient, but isn’t the most resilient material, so those who take their crypto security seriously punch their Seed into a stainless steel sheet.
So to summarise the basics of Keys & Addresses:
The majority of new crypto users are largely oblivious to keys, Seeds and addresses, because their interaction is only limited to buying and selling on an exchange, which holds custody of most of that information. If, however, you want to expand your knowledge, and really leverage the power of crypto, you should take full control, which means understanding the roles that crypto keys and addresses play.