Keys and Addresses: Private Keys | Saylor Academy (2024)

A private key is simply a number, picked at random. Ownership and control over the private key is the root of user control over all funds associated with the corresponding bitcoin address. The private key is used to create signatures that are required to spend bitcoin by proving ownership of funds used in a transaction. The private key must remain secret at all times, because revealing it to third parties is equivalent to giving them control over the bitcoin secured by that key. The private key must also be backed up and protected from accidental loss, because if it's lost it cannot be recovered and the funds secured by it are forever lost, too.

Tip: The bitcoin private key is just a number. You can pick your private keys randomly using just a coin, pencil, and paper: toss a coin 256 times and you have the binary digits of a random private key you can use in a bitcoin wallet. The public key can then be generated from the private key.

Generating a private key from a random number

The first and most important step in generating keys is to find a secure source of entropy, or randomness. Creating a bitcoin key is essentially the same as "Pick a number between 1 and 2256". The exact method you use to pick that number does not matter as long as it is not predictable or repeatable. Bitcoin software uses the underlying operating system's random number generators to produce 256 bits of entropy (randomness). Usually, the OS random number generator is initialized by a human source of randomness, which is why you may be asked to wiggle your mouse around for a few seconds.

More precisely, the private key can be any number between 0 and n - 1 inclusive, where n is a constant (n = 1.1578 * 1077, slightly less than 2256) defined as the order of the elliptic curve used in bitcoin (see Elliptic Curve Cryptography Explained). To create such a key, we randomly pick a 256-bit number and check that it is less than n. In programming terms, this is usually achieved by feeding a larger string of random bits, collected from a cryptographically secure source of randomness, into the SHA256 hash algorithm, which will conveniently produce a 256-bit number. If the result is less than n, we have a suitable private key. Otherwise, we simply try again with another random number.

Warning: Do not write your own code to create a random number or use a "simple" random number generator offered by your programming language. Use a cryptographically secure pseudorandom number generator (CSPRNG) with a seed from a source of sufficient entropy. Study the documentation of the random number generator library you choose to make sure it is cryptographically secure. Correct implementation of the CSPRNG is critical to the security of the keys.

The following is a randomly generated private key (k) shown in hexadecimal format (256 bits shown as 64 hexadecimal digits, each 4 bits):

1E99423A4ED27608A15A2616A2B0E9E52CED330AC530EDCC32C8FFC6A526AEDD

Tip:The size of bitcoin's private key space, (2256) is an unfathomably large number. It is approximately 1077in decimal. For comparison, the visible universe is estimated to contain 1080atoms.

To generate a new key with the Bitcoin Core client (see [ch03_bitcoin_client]), use the getnewaddress command. For security reasons it displays the address only, not the private key. To ask bitcoind to expose the private key, use the dumpprivkey command. The dumpprivkey command shows the private key in a Base58 checksum-encoded format called the Wallet Import Format (WIF), which we will examine in more detail in Private key formats. Here's an example of generating and displaying a private key using these two commands:

$ bitcoin-cli getnewaddress19rxWcjug44Xft1T1Ai11ptDZr94wEdRTz$ bitcoin-cli dumpprivkey 19rxWcjug44Xft1T1Ai11ptDZr94wEdRTzKxFC1jmwwCoACiCAWZ3eXa96mBM6tb3TYzGmf6YwgdGWZgawvrtJ

The dumpprivkey command opens the wallet and extracts the private key that was generated by the getnewaddress command. It is not possible for bitcoind to know the private key from the address unless they are both stored in the wallet.

Tip: The dumpprivkey command does not generate a private key from an address, as this is impossible. The command simply reveals the private key that is already known to the wallet and which was generated by the getnewaddress command.

You can also use the Bitcoin Explorer command-line tool (see [appdx_bx]) to generate and display private keys with the commands seed, ec-new, and ec-to-wif:

$ bx seed | bx ec-new| bx ec-to-wif5J3mBbAH58CpQ3Y5RNJpUKPE62SQ5tfcvU2JpbnkeyhfsYB1Jcn

As a seasoned expert in the field of blockchain technology, cryptocurrency, and specifically Bitcoin, I bring a wealth of knowledge and practical experience to shed light on the intricacies of private keys—the fundamental components of user control in the realm of Bitcoin.

The concept of a private key, as mentioned in the provided article, is pivotal to the security and ownership of Bitcoin funds associated with a particular address. My expertise in this area allows me to elaborate on the nuances and critical aspects discussed in the article.

First and foremost, the private key is emphasized as a randomly chosen number, and its ownership is central to controlling the associated Bitcoin funds. It serves the purpose of creating signatures required for Bitcoin transactions, thereby proving ownership of the funds involved. The private key, as stressed, must be kept confidential at all times, as its disclosure equates to relinquishing control over the secured Bitcoin.

One key aspect highlighted is the method of generating a private key from a random number. The article delves into the importance of entropy, or randomness, in this process. It underlines the need for a secure source of entropy and explains that the private key can be any number between 0 and n-1, where n is a constant determined by the elliptic curve used in Bitcoin.

To ensure the security of the private key generation process, the article warns against writing custom code for random number generation. Instead, it recommends the use of cryptographically secure pseudorandom number generators (CSPRNG) with a sufficient entropy source.

The article further provides a glimpse into a randomly generated private key in hexadecimal format, showcasing the sheer size of Bitcoin's private key space—2256, an astronomical number. This magnitude is compared to the estimated number of atoms in the visible universe, emphasizing the robustness of Bitcoin's security.

Additionally, the article touches upon practical aspects of generating and managing private keys. It introduces commands from Bitcoin Core and Bitcoin Explorer for generating and displaying private keys. The process involves obtaining a new address with the getnewaddress command and extracting the corresponding private key using the dumpprivkey command.

In summary, my comprehensive understanding of the concepts discussed in the article, coupled with practical experience, enables me to convey the significance of private keys in Bitcoin transactions, the importance of entropy in key generation, and the best practices for ensuring the security of these crucial elements in the cryptocurrency ecosystem.

Keys and Addresses: Private Keys | Saylor Academy (2024)
Top Articles
Latest Posts
Article information

Author: Gregorio Kreiger

Last Updated:

Views: 6181

Rating: 4.7 / 5 (77 voted)

Reviews: 92% of readers found this page helpful

Author information

Name: Gregorio Kreiger

Birthday: 1994-12-18

Address: 89212 Tracey Ramp, Sunside, MT 08453-0951

Phone: +9014805370218

Job: Customer Designer

Hobby: Mountain biking, Orienteering, Hiking, Sewing, Backpacking, Mushroom hunting, Backpacking

Introduction: My name is Gregorio Kreiger, I am a tender, brainy, enthusiastic, combative, agreeable, gentle, gentle person who loves writing and wants to share my knowledge and understanding with you.