Foundational Knowledge
A blockchain wallet is software written to store your private key, public key, and blockchain address. It is the interface that allows you to interact with a blockchain network (and in some cases, more than one!). Web3 wallets also enable:
- Sending tokens from your wallet
- Viewing tokens that are “held” by the wallet
- Inspecting the metadata of tokens sent to you
But how does a Web3 wallet work? And why is it that when you go on Twitter, your feed is filled with repeated advice: “not your keys, not your crypto”?
Let’s dive in.
Web3 Wallets: The Technical Details
Cryptocurrency is not stored in the wallet. The wallet holds the keys that point to the tokens that are held in the transaction records of the blockchain. The wallet’s keys merely point to these transaction records.
How Private Keys, Public Keys, and Blockchain Addresses are Derived
When you create a crypto wallet, assuming it is one not sponsored by a centralized exchange, the wallet generates a key pair consisting of a private and public key (centralized exchange wallets, or custodial wallets, retain the keys on your behalf).The first step in setting up a wallet is generating the private key. The private key is a 256-bit integer. A bit defines the smallest unit of data inside of a computer, which can only hold a value of 1 or 0. Different numbers can be created and represented by just these binary numbers, for example, “11” represents 3, “100” represents 4, and “101” represents 5. In other words, a 256-bit number is a number that can be represented using 256 ones and zeros. From this 256-bit integer, the wallet turns the value into a decimal, and from decimal into hexadecimal, which is something you may recognize from your own crypto wallet:
Turning a 256-bit integer into a decimal:
108165236279178312660610114131826512483935470542850824183737259708197206310322
Turning a decimal into a hexadecimal:
ef235aacf90d9f4aadd8c92e4b2562e1d9eb97f0df9ba3b508258739cb013db2
Once a private key is created, a public key is then derived using elliptic curve cryptography, which is a method traditionally used for digital signatures and pseudo-random generators.
The elliptic curve process involves randomly assigning a starting point on the curve, called the generator point. If you look at the image below, this is represented by point 1.
To output a random set of numbers from the elliptic curve, coordinate point “multiplication” is applied. Let’s say we “multiply” the coordinate point by 2. To illustrate the effect, let’s look at the graph above.
When we apply the coordinate point “multiplication”, we move from point 1 to 2G (the intersection). To get from 1 to 2G, we first draw a tangent from 1, find the intersection to the curve from that tangent, which is in this case, 2, then take the inverse, which results in point 2G.
This is a single round of elliptic curve “multiplication.” I put multiplication in quotations as this is not standard multiplication, but elliptic curve multiplication, which results in a random output compared to a standardized one. The implication of elliptic multiplication is that the outputs of the coordinate multiplication result in a dynamic change throughout each position on the curve, creating a truly random output. Note how different the coordinate point is from 1 to 2G simply by multiplying by 2.
Now, instead of using a simple example of multiplying by 2, we extend this foundational logic to deriving the public key: instead of multiplying a generator point by a single number, we apply coordinate point multiplication “private key” a number of times. The bouncing around of the coordinates and the subsequent random, dynamic outputs is what creates your public key.
From this process, you can see the difficulty in trying to derive a private key from its corresponding public key. This is symmetric encryption for key agreement.
There are two reasons why it is important to use an elliptical curve to derive the public key:
- The multiplication is a “trapdoor function” or one-way hash, which makes it impossible to go backward to find the private key
- The public key is still mathematically connected to the private key, which can act as a digital signature on transactions, verifying its authenticity (more on this below)
To add security, a blockchain address is then derived from the public key, though through a different method. The blockchain address is what is given to other parties for them to send you tokens. The blockchain address is shorter than the original public key, and the address is derived in a simple process:
Take your public key and run it through a SHA 256 hash function
(SHA256(publickey))
Take the output from the SHA 256 hash function and run it through a RIPEMD160 hash function
RIPEMD160(SHA256(publickey))
Taking the hexadecimal from the start of this article, here’s the output once placed into a RIPEMD160 hash function:
Hexadecimal:
*ef235aacf90d9f4aadd8c92e4b2562e1d9eb97f0df9ba3b508258739cb013db2*
Applying the RIPEMD160 hash function:
*b334d3207ee8f1f0365f8e49cc6e2f92a34e115b*
The fact that we took a public key derived using an elliptic curve multiplication and ran it through two additional hashing functions reflects the security embedded into these key pairs. In the case that a nefarious agent knew your blockchain address and successfully unraveled the elliptic-key cryptography to see your public key, there is still another layer of security: the encryption from the public key to the private key.
As such, a blockchain address acts as a digital fingerprint of the public key but doesn’t give away any information about the public key. This is akin to an email address when sending an email. You may know where it came from, but it doesn’t mean you have access to the account itself!
Web3 Wallet – Digital Signatures
A blockchain wallet creates digital signatures for blockchain transactions. It allows the network of validators to verify if the sender is who they say they are, and if they hold the corresponding keys that give them the right to send tokens from one wallet to another. The private key is what signs a token transaction, while a public key is used by validating nodes to verify the authenticity of the signature.
A digital signature allows you to show that your private key corresponds mathematically to your public key (as used for verification by network validators), but you need not reveal the private key itself, as the digital signature acts as a method of authenticity. To prevent other agents from using a digital signature they did not create, each transaction that is “signed” has its own unique digital signature, such that it can only be used for that particular transaction. If an agent tried to reuse the digital signature for a different transaction, whether they owned the private key or not, the network validator nodes would recognize that a digital signature had been used previously, and the network will not accept it.
These digital signatures, as with most components of a blockchain network, are created using math. A private key is combined with transaction data, which after some math, creates a digital signature. This digital signature can then be combined with the original transaction data and the wallet’s corresponding public key, and output confirmation as to if the true private key generated the digital signature. The security behind authenticating a transaction is one of the core, but overlooked, features that Web3 wallets enable.
What’s In Your Wallet?
At the beginning of this section, I explained that a wallet doesn’t contain any tokens. Now that we understand private-public key pairs and block addresses, we can extend that understanding to the fact that a Web3 wallet only stores pointers to the tokens for which a private key can access. As such, the term wallet is a misnomer. It’s more like a fancy, digital keychain. A digital keychain that provides access to your house…of crypto.
Key Management
Given that a private key acts as the key to one’s home, it is imperative that it is kept, well, private. If you were to lose access to your wallet without having saved the private key or seed phrase, you will lose access to the tokens. They will still exist on the blockchain, but there will be no way to access them without the corresponding private key verifying the wallet’s ownership of those tokens.
Seed Phrase
Seed phrase? Yes. A seed phrase represents the large randomly generated number set that makes up your private key but instead represents the hexadecimal as a sequence of words. This is for human readability, as opposed to anything else. A seed phrase is generally 12 to 24 words and is derived from the private key. The mnemonic sentence comes from a fixed list of 2048 words, and the first four letters of each word are unique. In the case that you lost your wallet, you could recover or create a new private key from the mnemonic seed phrase. The word choices are specified by BIP39, which is the standard for which seed phrases are created for deterministic wallets. I linked to the GitHub documentation for those that want to dive in deeper.
Wallet Types: To Custody or To Not Custody?
There are a few distinctions to make when it comes to wallets: non-custodial and custodial wallets. A non-custodial wallet (the preferred) means that you, as an individual, retain the private keys to the wallet. As you possess the private key, you could always have a right to recover the assets held in the wallet through the private key or its corresponding seed phrase. The other type of wallet (the not-preferred) is a custodial wallet, in which you do not retain the private keys. Most exchanges offer custodial wallets, which comes at a major risk: given the function of wallets in Web3, you may own the “house” but you don’t own the key to get into the “house.” The dangers are highlighted in the recent events with both Celsius and Voyager freezing crypto account access and token transfer. If you don’t own the keys to your crypto, you don’t own it at all.
Non-Custodial Wallet Types: Hot and Cold
There are a few non-custodial wallet types: hardware wallets (cold wallets) and web/mobile-based wallets (hot wallets). A hardware wallet is a physical device that is not connected to the internet. For a transaction to be signed, a hardware wallet requires the physical device present along with the device password. A key distinction is that the signing of a transaction takes place “in-device,” which provides an extra layer of security since a transaction can only be approved if signed through the device itself.
A web-based wallet (hot wallet) is one in which the wallet is built into a browser extension connected to the internet. These are the most prone to attack given that the private keys are stored directly in your browser, so if an attacker had accessed your browser, they would also be able to access your private keys, and therefore, your crypto too! For added protection, a mobile wallet through an app can leverage second-layer security through facial recognition or a digital fingerprint to confirm a transaction.
Conclusion
The key message is that wallets are vital to interacting with the blockchain, but not because they hold your cryptocurrencies - they don’t! Wallets are important because they contain your private keys, and by extension, your digital signature. This feature is what allows for fraud prevention to be built into the internet settlement layer (blockchain). Analyzing the mathematics behind the process that derives the public key and subsequent address showcases the security built in. The next time someone asks, what’s in your wallet, you’ll know the answer :)
Sources:
Bottinelli, Paul. “An Illustrated Guide to Elliptic Curve Cryptography Validation.” NCC Group Research, 18 Nov. 2021, https://research.nccgroup.com/2021/11/18/an-illustrated-guide-to-elliptic-curve-cryptography-validation/.
How Does Bitcoin Work? https://learnmeabitcoin.com/. Accessed 14 July 2022.
Jameson Lopp’s Bitcoin Resources. https://www.lopp.net/bitcoin-information.html. Accessed 14 July 2022.
Voshmgir, Shermin. Token Economy: How Blockchains and Smart Contracts Revolutionize the Economy. 1st edition, 2nd amended printing, BlockchainHub, 2019.