That’s the top-line explanation, but in reality the public vs private key distinction is much more nuanced. And if you’re new to the crypto scene, it’s important you have a firm grip on the differences.
In this edition of RhinoLearn, we’ll explain the complexities of public and private keys in crypto, so you know exactly how your wallet and assets are protected.
Why public and private keys are so important
Question: much crypto do you own right now?
Some readers will hold loads of Bitcoin, because it’s the original crypto asset and still the most recognisable. Others will be stashing away Ethereum, to capitalise on the Merge. Others will be going big on USDT or USDC, because they think stablecoins are the best bet for the current market.
But here’s the thing: you don’t actually own these tokens at all. What you really own is a key to your wallet that enables you to access them.
Keys are fundamental to cryptography. They allow us to send and receive digital assets without an intermediary to supervise the process, and prove our identity so we can access these assets.
Public and private keys are two, complimentary sides of this process. And while the public vs private key distinction sounds simple on the surface — one is available to the public, the other is visible only to the owner – it’s a fair bit more complicated than that in reality.
Ok, so what is a private key?
When you create your wallet, a private key will be generated automatically.
This is a string of letters and numbers that allows you to prove you own your wallet, and so can spend, withdraw, transfer or invest any funds that are present in your account.
If you want an old-school example from the fiat world, a private key is like the password you use to get into your bank account. It’s super-sensitive and you should never share it with anyone. However, private keys have to be way longer and harder to crack than a conventional password.
The whole point of crypto transactions is that they’re irreversible and decentralised. There’s no way for funds to be restored once they’ve been hacked, and no fraud team on hand to hunt down the hackers. This means your account needs to be double, triple and quadruple-secure.
So private keys typically consist of hundreds of characters. They’re so long, in fact, that they’re practically impossible to write down, let alone remember. That’s why wallet creators have come up with recovery (or seed) phrases which usually consist of 12-15 words: they allow you to enter your wallet without requiring the key itself.
Right, got it. Now what is a public key?
The public key is generated from the private key. Although the two rely on the same basic number sequences, the public key is far shorter than its private counterpart. Once the public key is created, it then passes through another algorithm to create your wallet address.
While your private key allows you to access and use your funds, your public key has two key functions:
- It allows other people to send funds to you.
- It proves your ownership of the public key.
(If this sounds complicated, don’t worry: we’ll explain all below).
It’s actually possible to generate several public keys from the same private key. However, you’ll only ever have one private key. And while it’s theoretically possible to guess or calculate the public key from the private key, the reverse would take hundreds of years to crack.
Ok, so how do private and public keys work?
When two parties wish to exchange funds via a blockchain, the details of the transaction are first encrypted (when the funds are sent), then decrypted (when they are received). Public and private keys govern both stages of this process.
- First, the sender uses the recipient’s public key, in the form of their wallet address, to encrypt the message.
- Then, the recipient uses their private key to sign the transaction and decrypt it. The signature proves ownership of the private key, but it does not reveal the key itself.
This is known as asymmetric encryption, and to understand the benefits, we first need to consider the alternative: yep, you guessed it, symmetric encryption.
With symmetric encryption, both sides use the same key. It’s a bit like creating a shared document and using a common password to open it.
However, this has obvious problems for blockchains, which rely on total transparency. How do you share the key with the other party without a hacker snooping on you and discovering it? As we’ve already said, blockchain transactions are totally non-reversible, so the security method needs to be foolproof.
With asymmetric cryptography, however, we have a two-key process. While a hacker can see the recipient’s public key, in the form of their wallet address, they can’t see the private key and so cannot gain access to the funds within the wallet.
This means anyone can send funds to anyone else and sign the transaction with their public key, thereby ensuring that the funds are safely received.
And, because the public key is derived from the private key, it acts as proof that the recipient is who they say they are – and, with this proof, the blockchain can be updated without any risk of foul play, ensuring a state of trust.
So, the two keys are not alternatives or rivals, but two sides of the same technology. It’s not a question of ‘public key vs private key: which is better?’ In fact, the two go hand-in-hand.
Ok, so now you’ve seen public and private keys explained, how about putting them to use on rhino.fi? You can use your keys to make instant, low-cost swaps and trades and access the best of multi-chain DeFi without complex bridges or network switches.
And if you want to go deeper into crypto security, why not read our guide on how to spot crypto scams. You’ll see all the tell-tale signs to look out for, so you can explore the DeFi universe with total confidence.