A blockchain wallet is software written to store your private key, public key, and blockchain address. It is the interface that allows you to interact with a blockchain network (and in some cases, more than one!). Web3 wallets also enable:
But how does a Web3 wallet work? And why is it that when you go on Twitter, your feed is filled with repeated advice: “not your keys, not your crypto”?
Let’s dive in.
Cryptocurrency is not stored in the wallet. The wallet holds the keys that point to the tokens that are held in the transaction records of the blockchain. The wallet’s keys merely point to these transaction records.
When you create a crypto wallet, assuming it is one not sponsored by a centralized exchange, the wallet generates a key pair consisting of a private and public key (centralized exchange wallets, or custodial wallets, retain the keys on your behalf).The first step in setting up a wallet is generating the private key. The private key is a 256-bit integer. A bit defines the smallest unit of data inside of a computer, which can only hold a value of 1 or 0. Different numbers can be created and represented by just these binary numbers, for example, “11” represents 3, “100” represents 4, and “101” represents 5. In other words, a 256-bit number is a number that can be represented using 256 ones and zeros. From this 256-bit integer, the wallet turns the value into a decimal, and from decimal into hexadecimal, which is something you may recognize from your own crypto wallet:
Turning a 256-bit integer into a decimal:
Turning a decimal into a hexadecimal:
Once a private key is created, a public key is then derived using elliptic curve cryptography, which is a method traditionally used for digital signatures and pseudo-random generators.
The elliptic curve process involves randomly assigning a starting point on the curve, called the generator point. If you look at the image below, this is represented by point 1.
To output a random set of numbers from the elliptic curve, coordinate point “multiplication” is applied. Let’s say we “multiply” the coordinate point by 2. To illustrate the effect, let’s look at the graph above.
When we apply the coordinate point “multiplication”, we move from point 1 to 2G (the intersection). To get from 1 to 2G, we first draw a tangent from 1, find the intersection to the curve from that tangent, which is in this case, 2, then take the inverse, which results in point 2G.
This is a single round of elliptic curve “multiplication.” I put multiplication in quotations as this is not standard multiplication, but elliptic curve multiplication, which results in a random output compared to a standardized one. The implication of elliptic multiplication is that the outputs of the coordinate multiplication result in a dynamic change throughout each position on the curve, creating a truly random output. Note how different the coordinate point is from 1 to 2G simply by multiplying by 2.
Now, instead of using a simple example of multiplying by 2, we extend this foundational logic to deriving the public key: instead of multiplying a generator point by a single number, we apply coordinate point multiplication “private key” a number of times. The bouncing around of the coordinates and the subsequent random, dynamic outputs is what creates your public key.
From this process, you can see the difficulty in trying to derive a private key from its corresponding public key. This is symmetric encryption for key agreement.
There are two reasons why it is important to use an elliptical curve to derive the public key:
To add security, a blockchain address is then derived from the public key, though through a different method. The blockchain address is what is given to other parties for them to send you tokens. The blockchain address is shorter than the original public key, and the address is derived in a simple process:
Take your public key and run it through a SHA 256 hash function
Take the output from the SHA 256 hash function and run it through a RIPEMD160 hash function
Taking the hexadecimal from the start of this article, here’s the output once placed into a RIPEMD160 hash function:
Applying the RIPEMD160 hash function:
The fact that we took a public key derived using an elliptic curve multiplication and ran it through two additional hashing functions reflects the security embedded into these key pairs. In the case that a nefarious agent knew your blockchain address and successfully unraveled the elliptic-key cryptography to see your public key, there is still another layer of security: the encryption from the public key to the private key.
As such, a blockchain address acts as a digital fingerprint of the public key but doesn’t give away any information about the public key. This is akin to an email address when sending an email. You may know where it came from, but it doesn’t mean you have access to the account itself!
A blockchain wallet creates digital signatures for blockchain transactions. It allows the network of validators to verify if the sender is who they say they are, and if they hold the corresponding keys that give them the right to send tokens from one wallet to another. The private key is what signs a token transaction, while a public key is used by validating nodes to verify the authenticity of the signature.
A digital signature allows you to show that your private key corresponds mathematically to your public key (as used for verification by network validators), but you need not reveal the private key itself, as the digital signature acts as a method of authenticity. To prevent other agents from using a digital signature they did not create, each transaction that is “signed” has its own unique digital signature, such that it can only be used for that particular transaction. If an agent tried to reuse the digital signature for a different transaction, whether they owned the private key or not, the network validator nodes would recognize that a digital signature had been used previously, and the network will not accept it.
These digital signatures, as with most components of a blockchain network, are created using math. A private key is combined with transaction data, which after some math, creates a digital signature. This digital signature can then be combined with the original transaction data and the wallet’s corresponding public key, and output confirmation as to if the true private key generated the digital signature. The security behind authenticating a transaction is one of the core, but overlooked, features that Web3 wallets enable.
At the beginning of this section, I explained that a wallet doesn’t contain any tokens. Now that we understand private-public key pairs and block addresses, we can extend that understanding to the fact that a Web3 wallet only stores pointers to the tokens for which a private key can access. As such, the term wallet is a misnomer. It’s more like a fancy, digital keychain. A digital keychain that provides access to your house…of crypto.
Given that a private key acts as the key to one’s home, it is imperative that it is kept, well, private. If you were to lose access to your wallet without having saved the private key or seed phrase, you will lose access to the tokens. They will still exist on the blockchain, but there will be no way to access them without the corresponding private key verifying the wallet’s ownership of those tokens.
Seed phrase? Yes. A seed phrase represents the large randomly generated number set that makes up your private key but instead represents the hexadecimal as a sequence of words. This is for human readability, as opposed to anything else. A seed phrase is generally 12 to 24 words and is derived from the private key. The mnemonic sentence comes from a fixed list of 2048 words, and the first four letters of each word are unique. In the case that you lost your wallet, you could recover or create a new private key from the mnemonic seed phrase. The word choices are specified by BIP39, which is the standard for which seed phrases are created for deterministic wallets. I linked to the GitHub documentation for those that want to dive in deeper.
There are a few distinctions to make when it comes to wallets: non-custodial and custodial wallets. A non-custodial wallet (the preferred) means that you, as an individual, retain the private keys to the wallet. As you possess the private key, you could always have a right to recover the assets held in the wallet through the private key or its corresponding seed phrase. The other type of wallet (the not-preferred) is a custodial wallet, in which you do not retain the private keys. Most exchanges offer custodial wallets, which comes at a major risk: given the function of wallets in Web3, you may own the “house” but you don’t own the key to get into the “house.” The dangers are highlighted in the recent events with both Celsius and Voyager freezing crypto account access and token transfer. If you don’t own the keys to your crypto, you don’t own it at all.
There are a few non-custodial wallet types: hardware wallets (cold wallets) and web/mobile-based wallets (hot wallets). A hardware wallet is a physical device that is not connected to the internet. For a transaction to be signed, a hardware wallet requires the physical device present along with the device password. A key distinction is that the signing of a transaction takes place “in-device,” which provides an extra layer of security since a transaction can only be approved if signed through the device itself.
A web-based wallet (hot wallet) is one in which the wallet is built into a browser extension connected to the internet. These are the most prone to attack given that the private keys are stored directly in your browser, so if an attacker had accessed your browser, they would also be able to access your private keys, and therefore, your crypto too! For added protection, a mobile wallet through an app can leverage second-layer security through facial recognition or a digital fingerprint to confirm a transaction.
The key message is that wallets are vital to interacting with the blockchain, but not because they hold your cryptocurrencies - they don’t! Wallets are important because they contain your private keys, and by extension, your digital signature. This feature is what allows for fraud prevention to be built into the internet settlement layer (blockchain). Analyzing the mathematics behind the process that derives the public key and subsequent address showcases the security built in. The next time someone asks, what’s in your wallet, you’ll know the answer :)
Bottinelli, Paul. “An Illustrated Guide to Elliptic Curve Cryptography Validation.” NCC Group Research, 18 Nov. 2021, https://research.nccgroup.com/2021/11/18/an-illustrated-guide-to-elliptic-curve-cryptography-validation/.
How Does Bitcoin Work? https://learnmeabitcoin.com/. Accessed 14 July 2022.
Jameson Lopp’s Bitcoin Resources. https://www.lopp.net/bitcoin-information.html. Accessed 14 July 2022.
Voshmgir, Shermin. Token Economy: How Blockchains and Smart Contracts Revolutionize the Economy. 1st edition, 2nd amended printing, BlockchainHub, 2019.