What is a bitcoin key?

Keys are fundamental to bitcoin custody. Understanding the basics is important for keeping your bitcoin secure, and can serve as a huge stepping stone to further your education on the underlying mechanics of the bitcoin economy. In this article, we’ll cover what bitcoin keys are, what they’re used for, how they’re created, and where they’re stored!

What is a bitcoin key?

A bitcoin key is not a physical object like the key to a door or lockbox. It refers to a cryptographic key, which is information, specifically a large number. The number can be recorded physically, such as written on a piece of paper, but it is primarily used in a digital environment for cryptographic operations related to sending and receiving bitcoin, which we will discuss soon.

Numbers can be expressed in different formats, such as decimal (most frequently used by humans) but also binary or hexadecimal (often seen in the context of computers). Let’s look at an example of a number which could be a bitcoin key…

Decimal:

71682411172490623033337656633519473022506920733609242497116693094460037925220

Same number in hexadecimal:

9e7ace942bcb36520c38516820d614aad19476b1f6afa9559d962a19a64a0964

Same number in binary:

1001111001111010110011101001010000101011110010110011011001010010000011000011100001010001011010000010000011010110000101001010101011010001100101000111011010110001111101101010111110101001010101011001110110010110001010100001100110100110010010100000100101100100

The numbers used for bitcoin keys are so large even supercomputers would be unable to make relevant headway in scanning through all of the possibilities—doing this would take modern technology billions of years. This means that if a bitcoin key is selected in an unpredictable way and then kept hidden, it will offer robust security against the possibility of anyone else ever encountering it. As we’ll cover in the next sections, keeping keys secret is imperative to protecting bitcoin balances.

Key pairs are used to receive and send bitcoin

It’s important to understand that bitcoin keys come in pairs. There is always a private key and a corresponding public key, both of which are numbers. Taken together, they are called a keypair. The private key is always created first, and then it can use cryptography (elliptic curve secp256k1) to produce its public key partner. This process is one-directional—a public key by itself is unable to reverse-engineer its corresponding private key.

A public key is used to receive bitcoin, by building an address that people can send bitcoin to. The bitcoin becomes “locked” to that address on the blockchain. To spend the bitcoin out of that address, the corresponding private key is required to provide a cryptographic signature, “unlocking” it. Without a signature from the correct private key, the bitcoin network will reject any attempt to move the bitcoin.

Therefore, a private key is highly sensitive and intended to be kept private. You must protect your private keys so that other people can’t spend bitcoin that belongs to you. Meanwhile, public keys are not as sensitive, because they can’t be used to transfer bitcoin. Public keys can reveal balance information, however, which is a privacy consideration.

Not your keys, not your coins

Because private keys are required to approve the movement of bitcoin, ultimate control over an amount of bitcoin is determined by who holds the private keys associated with those funds. 

If you purchase bitcoin on an exchange and don’t transfer the bitcoin to an address controlled by your own keys, then you may (or surprisingly, you may not) have some legal claim to the bitcoin, but you cannot access that bitcoin without permission from the custodian that actually holds the keys. If the custodian runs a fractional reserve and issues more claims to bitcoin than they have in reserve, it can lead to a scenario resembling a bank run, where not all claims can be fulfilled. Something similar can happen if a custodian loses bitcoin due to hackers, which is not a rare occurrence as you can see from our page documenting many hacks over the years.

These concerns have led to the popularization of the phrase “not your keys, not your coins,” meant to convey the fact that if you don’t hold the keys to your bitcoin, you are incurring additional risk from the third-party custodian who does. Although holding your own keys comes with responsibility and effort when compared to using something like an ETF, it’s the only way to ensure you have permissionless access to your funds and nobody else can cause you to lose those funds.

Divided control with multisig

The task of holding keys and managing custodial risk can be customized to fit different needs. Multisig wallets allow bitcoin to be controlled by a quorum of multiple private keys. For example, someone could build a structure that requires signatures from two private keys out of a possible three in order to move bitcoin. This means that the bitcoin would still be protected and accessible if any one key is lost or stolen. It also allows people to employ key agents, who can help custody a minority of keys in a multisig quorum, such that the key agent cannot access the bitcoin on their own, nor can they prevent the rightful owner of the bitcoin from being able to access the funds with other keys.

At Unchained, we’ve utilized this concept to build a platform that enables clients to hold a majority of keys and independently control their bitcoin, but also get help from other key holders. Clients also have the option of distributing key-holding responsibilities across multiple key agents, such as professional institutions or trusted friends and family using Connections. This is the beginning of manifesting our vision—bitcoin being controlled by a network of keys, minimizing custodial risk for anyone and everyone.

How keys are created and stored

The best way to create a private key from scratch is to do so with elements of unpredictability and randomness, called entropy. Someone could flip a coin a bunch of times or roll dice to generate their own entropy. However, the most common method is to use a hardware wallet, which can use a secure algorithm to generate entropy and a bitcoin key. This provides users with a simple method that also features protections against procedural mistakes.

A hardware wallet can store the private key it generates, and also use the key to apply cryptographic signatures required for spending bitcoin. However, electronic hardware will eventually break or malfunction. This could be a serious issue if the hardware wallet was the only place where the private key was stored.

To address this concern, while generating a new key, a hardware wallet will instruct the operator to write down a seed phrase. These are words that represent the original entropy, and can therefore recreate the same private key repeatedly. The seed phrase can be thought of as a physical version of the key itself. Importing the words into a new hardware wallet can restore access to any funds controlled by that key. Seed phrases are a critical component of bitcoin self-custody, and it’s crucial to know the basics of keeping them secure, including how to avoid falling for common scams.

One key can produce many other keys

A modern bitcoin wallet involves a collection of many different addresses, to help people avoid reusing the same address and incurring negative privacy implications. Each one of these addresses are built from unique public keys, and as we covered above, each public key has a unique corresponding private key. Seems like quite a lot of keys to manage!

Luckily, a solution was created early in bitcoin’s history. By using entropy to create just one private key, that key can then be used to deterministically produce a hierarchy of other keys. This means someone can backup an entire catalog of keys by using just one seed phrase. We go into more detail on this in our intermediate-level article about the anatomy of a bitcoin wallet.

Learn more about the basics

The Unchained blog is full of resources for understanding the fundamentals of the bitcoin economy. For example, you can learn about bitcoin addresses, UTXOs, multisig wallets, nodes, and how the different methods of self-custody compare. We also have a YouTube channel with dozens of videos to help you on your journey of securing generational wealth. If you have questions about topics like these, please consider becoming an Unchained client so that you can access our expertise over 1-on-1 calls, and get assistance with setting up secure bitcoin custody and inheritance.