So, you’re looking to buy your first Bitcoin, but how exactly do you keep it safe? The key, quite literally, is a private key
Bitcoin is best known as a peer-to-peer electronic cash system – one that is decentralised and eliminates the need for a middle-man. As a result, users trading or mining Bitcoin must secure their funds themselves, typically with the use of a cryptocurrency wallet.
Once you own a wallet, you have two vital keys: a public key and a private key. The public key is publicly known to anyone who wishes to view it. People can freely view a public key on a blockchain (where all transactions are recorded). Whilst anybody has the privilege to view such information, they do not have the means to access or move these funds in any way, shape, or manner without access to the private key.
Bitcoin works through pseudo-anonymity, meaning no identifying information is displayed. To ensure this, the use of public keys and private keys is quintessential. The public key helps identify the sender/recipient and can be accessed by other people. The private key, however, creates a unique digital signature that is unforgeable. This must be kept secret; if you lose it, you lose access to all of your cryptocurrency. The public key and private key are linked together by a signature algorithm, which is a mathematical process that helps create them.
Philip Zimmermann, former special director of Computer Professionals for Social Responsibility (CPSR) between the years 1997-2000, created what is known as PGP (Pretty Good Privacy). Zimmermann created PGP in a bid to promote awareness of privacy in the digital age. With digital data being so easy to access and rifle through, it is important that certain measures were taken to prevent information from being accessed by people you otherwise wouldn’t want to have access to your data.
PGP is the product of a storied journey in cryptographic discoveries – it is the art of writing messages in code. A key is essentially a string of alphanumeric text generated by PGP by employing special encryption algorithms. Initially, a public key is created, which you can share with whoever you wish. This is then used to encode a message so that its meaning remains unknown, except to you.
The private key is then used to decrypt the message that has been encrypted by your public key. This means only the owner of the private key can decode the message encoded by the public key. The designation of which key is public and which is private is entirely arbitrary since there is no real functional difference between them. PGP chooses one to serve as public and the remaining one is destined to be the private key. The reason for this is as simple as either key can encrypt information leaving the other key to convert the encrypted message into its original form.
This solved an issue that was previously problematic. Older methods of encryption relied on keeping the method of encryption secret. PGP, however, is well documented. It is the selection of complex keys that serve to encrypt data making it difficult to hack. The size of the key can also be increased whenever needed in order to remain relevant in a progressive world.
Despite the age of PGP, it still remains relevant today, providing the basis of how public and private keys function in cryptography.
Whilst PGP provided the foundations for encryption security in the years that followed its creation, Bitcoin relies less on ‘encryption’ because it works through the use of cryptographic hash functions, which are one-way. They cannot be decrypted back into the original text and are a fixed size.
SHA-256 stands for Secure Hash Algorithm, and is one of the strongest hash functions available. This one-way function converts text of any size into a 256-bit string. The reason this particular hashing function is useful is because if someone was to attempt to recreate it, they would need to do a brute-force search of all inputs and outputs to try and recreate the 256-bit string.
However, if even a single part of the input data changes, the output is so drastically changed that the hash values would appear uncorrelated; meaning the exact input has to be used. To replicate a hash of 256 bits would take an enormous amount of trial and error, particularly considering the hashes are randomly generated.
So, as you may well have gathered, a private key should never be disclosed to anybody but yourself. By losing it, you lose access to your wallet and by default your cryptocurrency. Whoever gains access to your private key would control your wallet and coins. To add salt to the wound, there is typically no way to recover your private key.
However, if you have been using a third-party platform, such as an exchange, and the exchange has been hacked rather than your specific account, there might be recourse. Major exchanges have been known to occasionally reimburse users in the event of a hack, and some offer generous insurance coverage. Of course, using a third-party platform also guarantees they have the private keys, which in turn means you are placing your trust with the third-party platform.
For more exclusive guides from Coin Rivet, click here.