Skip to main content
Other Assets

Public-key cryptography

Pomegra Learn

Public-key cryptography

Cryptocurrency is built on public-key cryptography—a mathematical system that enables strangers to transact without sharing secrets. Before diving into wallets or transactions, you must understand how this system works. It's not theoretical; it's the foundation of everything that follows.

Public-key cryptography solves a profound problem: how can you prove you authorized a transaction without revealing the secret that could allow others to authorize transactions on your behalf? Traditional signatures prove identity through a physical mark that's difficult to forge. Digital signatures prove identity through mathematics.

This chapter explains the mechanisms that make cryptocurrency possible: how a pair of mathematically linked numbers (public and private keys) work together, how addresses are derived from keys, how digital signatures authenticate transactions, and how hashing creates tamper-proof records. These concepts underpin every transaction, every wallet, and every security model in the cryptocurrency ecosystem.

Asymmetric encryption and key pairs

Public-key cryptography is based on asymmetric encryption: a system where two different keys perform opposite operations. One key (your private key) encrypts data. Another key (your public key) decrypts it. Mathematically, they're linked but not interchangeable.

In practice, this means you can publish your public key to the world. Anyone can use it to verify your digital signature. But only you, holding the private key, can create that signature. The mathematics makes it computationally impossible to derive your private key from your public key, even with the world's fastest computers.

Bitcoin and Ethereum use the same cryptographic foundation: elliptic curve cryptography (ECDSA). The specific curve is called secp256k1. You don't need to understand the mathematics deeply—but the principle is essential: a private key is simply a very large number (typically expressed as a 256-bit hexadecimal string). Your public key is a number derived from your private key through a one-way function. You cannot reverse this process.

From keys to addresses

Your public key is long and unwieldy. To make it practical, cryptocurrencies derive a shorter address from your public key through a series of hash functions. The process is deterministic: the same public key always produces the same address. But the address cannot be reversed to reveal the public key (though the public key can be revealed when you spend funds).

Bitcoin addresses are created by hashing your public key through SHA-256, then through RIPEMD-160, then encoding the result in a readable format (Base58Check). Ethereum addresses are simpler: hash your public key with Keccak-256 and take the last 20 bytes.

This layering is important: your address is a hash of a hash of a hash. This creates privacy benefit—your public key remains hidden until you broadcast a transaction—and security benefit—a breach of your address doesn't immediately compromise your public key.

Digital signatures

A digital signature proves you authorized a transaction without revealing your private key. Here's how it works: you take a transaction message (which account sent how much to whom, when). You hash this message with a cryptographic hash function (SHA-256 for Bitcoin). You sign the hash using your private key, producing a signature (another long number). You broadcast the transaction and signature to the network.

Anyone on the network can take the same transaction message, hash it the same way, and use your public key to verify the signature. If the signature is valid, it proves you authored the transaction. If even one character in the transaction changes, the hash changes, and the signature becomes invalid. This makes transactions tamper-proof.

This is the core security model of cryptocurrency: your private key is your identity. Possession of the private key is proof of authorization. No password or biometric is needed. No institution needs to recognize you. The mathematics speaks for itself.

Cryptographic hashing

Hashing is a one-way function: it takes input of any size and produces a fixed-size output (256 bits for SHA-256) in a way that cannot be reversed. Change a single character of the input, and the output changes completely and unpredictably.

Bitcoin uses SHA-256 hashing extensively. Block headers are hashed to create block identifiers. Transactions are hashed to create transaction IDs. Merkle trees (trees of hashes) allow efficient verification that a transaction is included in a block. The entire security of proof-of-work rests on the difficulty of finding inputs that produce hashes below a target value.

Hashing creates tamper-proof records. If someone modifies a transaction from six months ago, its hash changes, which changes the block hash, which cascades through all subsequent blocks. The network immediately detects the tampering. This is why blockchain records are considered immutable: modifying the past would require redoing computational work equivalent to rebuilding the entire blockchain's history.

Security implications

Understanding public-key cryptography means understanding why your private key must remain private. It's not a password that can be reset. It's not protected by institutional security. If someone obtains your private key, they can create valid signatures that appear to authorize transactions. They can drain your account, and the blockchain will record these thefts as legitimate transactions.

Conversely, understanding these mechanics means understanding why cryptocurrency offers protection unavailable in traditional finance: no intermediary can freeze your account if they don't possess your private key. No government can seize funds without physical access to your hardware. No counterparty can refuse to settle. These properties flow directly from the mathematical properties of public-key cryptography.

The articles below deepen each of these concepts: how elliptic curves create key pairs, how addresses are derived and secured, how digital signatures authenticate transactions, and the security practices that protect private keys from theft and loss.

Articles in this chapter