Course 52: Public vs Private Keys & Wallets

Blockchain & Mining Track · 25 min read · All Levels

Every cryptocurrency balance, every on-chain position, every DeFi interaction ultimately reduces to a single security primitive: a private key. The entity that controls the private key controls the funds — unconditionally, irreversibly, and without recourse. There is no customer support. There is no password reset. There is no bank to reverse a fraudulent transaction. This architecture gives crypto holders a degree of financial sovereignty unavailable in traditional finance, and an equivalent degree of personal responsibility. Understanding public/private key cryptography is not optional for serious traders. It determines how you choose your custody model, how you evaluate exchange counterparty risk, and whether your capital survives a hack, a business failure, or your own operational error. This course covers the mathematics of key pairs at an intuitive level, the derivation chain from private key to address, seed phrase mechanics, and the full spectrum of wallet custody from hot exchange accounts to air-gapped hardware devices. It builds directly on the blockchain architecture covered in Course 51: How Blockchain Works.

The Key Ownership Problem

In a traditional system, ownership is enforced by a trusted intermediary: a bank validates your identity and authorises transactions on your behalf. Remove that intermediary — as blockchain does — and you need a different mechanism to prove that a transaction is authorised by the legitimate owner of a given address. That mechanism is asymmetric (public-key) cryptography.

The core insight of asymmetric cryptography is that a pair of mathematically related keys can be generated such that: (1) a message encrypted with the public key can only be decrypted with the corresponding private key; and (2) a message signed with the private key can be verified by anyone holding the public key, without needing the private key itself. The public key can be shared freely — it is your "address label." The private key must remain secret — it is your "proof of ownership." The security guarantee comes from the mathematical asymmetry: deriving the private key from the public key is computationally infeasible, even with unlimited classical computing resources.

ECDSA and secp256k1: Bitcoin's Cryptographic Foundation

Bitcoin uses the Elliptic Curve Digital Signature Algorithm (ECDSA) with the secp256k1 elliptic curve. You do not need to master elliptic curve mathematics to use Bitcoin safely, but understanding the structure clarifies why private keys are so powerful and why losing one is permanent.

An elliptic curve is defined by the equation y² = x³ + ax + b over a finite field. For secp256k1, a = 0 and b = 7, giving y² = x³ + 7 (mod p), where p is a very large prime. The curve has a defined generator point G. Key generation works as follows:

Private key: a randomly chosen integer between 1 and n−1, where n is the order of the curve (approximately 2²⁵⁶). In Bitcoin, this is a 256-bit number, typically represented as 32 bytes (64 hex characters) or encoded in Wallet Import Format (WIF). The private key is your secret — 256 bits of entropy equivalent to a combination lock with more positions than atoms in the observable universe.
Public key: computed by multiplying the generator point G by the private key k using elliptic curve point multiplication: K = k × G. This operation is computationally straightforward in the forward direction and computationally infeasible in reverse — this is the "discrete logarithm problem" on elliptic curves. Given K, finding k requires solving ECDLP, which no known algorithm does efficiently.

When you sign a transaction, your wallet software uses the private key and a portion of the transaction data to produce a signature (r, s). Any node on the network can verify this signature using only your public key — confirming you authorised the transaction without ever seeing your private key. This is how Bitcoin achieves trustless ownership verification.

From Public Key to Bitcoin Address

Bitcoin addresses are not raw public keys. They are derived through a multi-step hashing process that adds error-detection, shortens the representation, and provides an additional security layer:

Compressed public key: The raw (uncompressed) public key is 65 bytes (04 prefix + 32-byte x + 32-byte y). Since the y coordinate can be inferred from x and the sign bit, wallets use a 33-byte compressed form (02 or 03 prefix + 32-byte x).
SHA-256 hash: apply SHA-256 to the compressed public key.
RIPEMD-160 hash: apply RIPEMD-160 to the SHA-256 output, producing a 20-byte (160-bit) hash. This is the public key hash.
Version prefix: prepend a network byte (0x00 for Bitcoin mainnet).
Checksum: double-SHA-256 the versioned hash, take the first 4 bytes as a checksum, append to the versioned hash.
Base58Check encoding: encode the result in Base58 (alphanumeric characters excluding 0, O, l, I to avoid visual ambiguity), producing the familiar Bitcoin address starting with "1" (P2PKH), "3" (P2SH), or "bc1" (Bech32/SegWit).

The double-hashing (SHA-256 followed by RIPEMD-160) provides a security backstop: even if weaknesses in ECDSA were discovered that could partially compromise public key exposure, addresses would still be protected by the hash. This is why the standard advice is to never reuse a Bitcoin address: once you spend from an address, the full public key is revealed on-chain, removing that hash protection layer for future deposits to the same address.

Fig 1 — Key derivation chain. The private key (purple) generates the public key via elliptic curve multiplication. The public key is double-hashed (SHA-256 then RIPEMD-160), a checksum is appended, and the result is Base58Check-encoded into a human-readable Bitcoin address.

Seed Phrases and BIP39: One Backup for Everything

Managing individual private keys for every address you use is operationally untenable. A 256-bit private key looks like: 3a1b9f4c8e2d7a0f5b3c6e9d1a4f7b2e8c5d0a3f6b9e2c5d8a1f4b7e0c3d6. Transcribing this by hand without error is nearly impossible. Storing it digitally introduces its own risks. Losing it means losing every coin it controlled. Bitcoin Improvement Proposal 39 (BIP39) solves this with mnemonic seed phrases.

BIP39 works as follows:

Entropy generation: your wallet generates 128–256 bits of cryptographically secure random entropy (typically 128 bits for 12 words, 256 bits for 24 words).
Checksum addition: a checksum (first bits of SHA-256 of the entropy) is appended, making the total bit length divisible by 11.
Word mapping: the combined bit string is split into groups of 11 bits. Each 11-bit value (0–2047) maps to a word from the BIP39 wordlist (2,048 standardised English words). The result is a 12- or 24-word mnemonic phrase.
Seed derivation: the mnemonic phrase is passed through PBKDF2-HMAC-SHA512 with an optional passphrase ("25th word") and 2,048 iterations, producing a 512-bit seed.

This 512-bit seed is the master secret. From it, every private key and address your wallet will ever use is deterministically derived. If you lose your hardware wallet, buy a new one, enter the same 24 words, and your entire wallet history is restored. The phrase is the wallet. Guard it accordingly.

BIP44 and Hierarchical Deterministic Wallets

Bitcoin Improvement Proposal 32 (BIP32) defines hierarchical deterministic (HD) wallets: from a single master seed, an unlimited tree of child keys can be derived deterministically. BIP44 specifies a standardised derivation path structure: m / purpose / coin_type / account / change / index

For Bitcoin, the standard path is m/44'/0'/0'/0/0 for the first receiving address. For Ethereum: m/44'/60'/0'/0/0. The same 24-word seed, passed through different derivation paths, generates the separate address spaces for Bitcoin, Ethereum, and every other BIP44-compatible asset — all from one backup.

Fig 2 — HD wallet derivation tree. A single master seed generates unlimited child keys via BIP44 derivation paths. Different coin types (Bitcoin, Ethereum, Tron) branch at the coin_type level. Every address in this tree can be regenerated from the original 12 or 24 seed words.

Wallet Types: A Practical Taxonomy

The word "wallet" is used loosely in crypto to describe anything from a hosted exchange account to a physical steel plate with engraved seed words. The meaningful distinction is who holds the private key:

Custodial wallets (exchanges and lending platforms): the service provider holds the private keys. You have an account balance, not on-chain ownership. The counterparty risk is the entire solvency and operational security of the provider. FTX held $8 billion in customer assets when it filed for bankruptcy in November 2022. Counterparty risk on exchange holdings is the same species of risk covered in Course 6: Risk Management 101 — it must be sized appropriately.
Non-custodial software wallets (hot wallets): the private keys are stored on your device, typically encrypted with a password. Examples include MetaMask (browser extension), Trust Wallet, Exodus, Electrum. They are convenient and connected to the internet ("hot"), which means malware, keyloggers, browser exploits, and phishing attacks represent real threat vectors. Suitable for active trading capital and operational float, not for long-term holdings.
Hardware wallets (cold storage): dedicated devices (Ledger, Trezor, Coldcard) that store the private key in a secure element chip, physically isolated from the internet. The device signs transactions internally — the private key never leaves the hardware, even when the device is connected to a compromised computer. The connected computer sees only the signed transaction, not the key. This is the security model for significant cold storage holdings.
Paper wallets: a private key and corresponding address printed on paper. Secure against digital attacks; vulnerable to physical destruction, loss, theft, and water damage. Generally superseded by hardware wallets for most purposes but still valid for long-term archival storage in properly controlled environments.
Air-gapped signing devices: dedicated hardware that never connects to any network. Transactions are transferred in and out via QR code, NFC, or SD card. The highest security tier for significant long-term holdings.

Hardware Wallets: How the Security Model Works

Understanding the security architecture of a hardware wallet removes the mystery around why they are considered the gold standard for self-custody. The flow for sending a Bitcoin transaction with a Ledger or Trezor:

Your computer constructs the unsigned transaction (inputs, outputs, amounts) using companion software (Ledger Live, Electrum, etc.).
The unsigned transaction is sent to the hardware wallet over USB or Bluetooth.
The hardware wallet displays the transaction details on its own trusted screen — amount, destination address. You physically verify these on the device. No malware on your computer can alter what is displayed on the hardware wallet's screen.
You confirm by pressing a physical button on the device. The secure element retrieves the private key from protected storage and signs the transaction inside the chip.
The signed transaction (but not the private key) is returned to your computer and broadcast to the network.

The critical insight: your private key never travels to your computer. Even if your computer is fully compromised, an attacker can at most construct a fraudulent unsigned transaction for you to review. As long as you verify the destination address on the hardware wallet's screen before confirming, your funds are safe. This is why hardware wallet vendors strongly advise always verifying addresses on the device screen, never trusting the computer display for confirmation.

Multi-Signature Wallets

A multi-signature (multisig) wallet requires M-of-N private keys to authorise a transaction. A 2-of-3 multisig requires any 2 of 3 specified keys to sign. Use cases for traders and asset holders:

Personal security (2-of-3): one key on a hardware wallet, one on a second hardware wallet stored elsewhere, one in a vault or with a trusted third party. Theft of one device or loss of one backup does not compromise funds.
Organisational treasury (3-of-5): no single individual in a company can unilaterally move funds. Required signers must collude to steal, and any one signer loss does not prevent access. This is the model used by most institutional crypto custodians.
Time-locked inheritance: a 1-of-2 where the second key is held by an executor or stored with legal documentation, becoming accessible only after a defined event.

Bitcoin multisig is implemented natively in the protocol (P2SH, P2WSH). Ethereum multisig is typically implemented via smart contracts (Gnosis Safe). The smart contract implementation introduces its own risks, including contract bugs — a topic developed in Course 55: Smart Contracts & How They Work.

Security Best Practices

These principles are not suggestions. They are the minimum operational security standard for anyone holding significant crypto positions:

Never store your seed phrase digitally. Never type it into any website, app, or text field. Never photograph it. Never send it anywhere. The only exceptions are dedicated air-gapped devices designed explicitly for seed entry. Anyone asking for your seed phrase — any support agent, any "wallet recovery" service — is attempting theft, without exception.
Use hardware wallets for holdings exceeding your threshold. Define that threshold. $500? $5,000? Wherever you draw that line, hardware wallet adoption should sit below it.
Store the seed phrase backup physically in multiple locations. A single paper backup in one location is a single point of failure against fire, flood, and theft simultaneously. Consider metal seed phrase backups (stainless steel plates) for durability.
Verify receiving addresses on the hardware wallet screen before every transaction. Clipboard-hijacking malware silently replaces copied addresses with attacker-controlled ones. Visual verification on the device screen is the countermeasure.
Use unique addresses for every transaction. HD wallets generate fresh addresses automatically. Reusing addresses exposes your public key after the first spend, reducing security against future cryptographic advances.
Maintain a clear distinction between trading float (hot/exchange) and long-term holdings (cold/hardware). Only capital you are actively trading needs to be online and accessible. Long-term holdings should live in cold storage.

Custody Strategy for Active Traders

Active traders face a genuine tension between security and operational flexibility. Keeping all capital in cold storage is maximally secure but impractical for daily trading. A practical tiered model used by professional traders:

Tier 1 — Active trading capital (hot, exchange custody): only the position sizes you intend to trade in the near term. Sized using the free crypto position size calculator and risk management principles from Course 6. Counterparty risk accepted in exchange for liquidity and execution speed.
Tier 2 — Medium-term working capital (hot wallet, self-custodied): capital allocated to DeFi protocols, staking, or on-chain trading. Accessible within minutes via MetaMask or Trust Wallet. Exposure to software exploit risk but no exchange counterparty risk.
Tier 3 — Long-term holdings (cold storage, hardware wallet): capital not expected to be moved in the next three to twelve months. Ledger, Trezor, or Coldcard. The seed phrase backup is physically secured at two or more separate locations.

The proportion across tiers is a personal risk management decision dependent on your trading frequency, position sizes, and risk tolerance. The no-signup crypto risk calculator at DennTech can help you model the dollar exposure at each tier relative to your overall crypto allocation. The capital allocation frameworks covered in Course 36: Portfolio Construction are directly applicable to custody tier sizing.

Summary

Every crypto asset is ultimately controlled by a private key. Private keys generate public keys via one-way elliptic curve multiplication. Public keys generate addresses via double-hashing. BIP39 seed phrases encode the master secret in 12 or 24 human-readable words, from which a full HD wallet tree is deterministically derived via BIP44 derivation paths — giving you one backup for every address you will ever use. Wallet custody exists on a spectrum from fully custodial (exchange) to fully self-custodied cold storage, with hardware wallets representing the practical security optimum for significant holdings. Multi-signature arrangements extend security further by distributing signing authority across multiple keys. The foundational security discipline: your seed phrase must never be digital, never be shared, and must be physically backed up in multiple secure locations. With private keys and custody architecture mastered, the curriculum moves to the consensus layer: Course 53: Proof of Work Explained examines how Bitcoin's mining mechanism produces and defends the blockchain you just learned to own.

Your Free Crypto Tools for This Course

The concepts introduced in this course connect directly to several of DennTech’s free crypto tools. There is no registration required to use any of them:

Risk & Position Size Calculator — the essential crypto risk management calculator for determining correct trade size based on your account and stop-loss distance.
Profit / Loss Calculator — calculate exact P&L, entry-to-exit percentage, and net return including fees before you commit to a trade.
Liquidation Price Calculator — if you use any leverage at all, know your liquidation price before entering the trade.
Stop-Loss / Take-Profit Calculator — pre-calculate all exit levels based on your entry price, so your plan is complete before the trade opens.

← How Blockchain Works All Courses Proof of Work Explained →