Understanding Public and Private Keys

[shorena]

damn, i still don't understand the meaning of having public and private key.
could someone explain it with simple sentences?

Private key of A = A can spend the coins
Public key  of A = you can get the address and send coins to A.

If you will a public key is (are many) padlock(s), they allow you to lock the coins for someone else without having the key.
The key to unlock the coins is the private key. There can be several copies of the same private key but thats not wise. Thats why its so important to take care of your wallet. It has your private keys.

[Dxuz]

damn, i still don't understand the meaning of having public and private key.
could someone explain it with simple sentences?

Private key of A = A can spend the coins
Public key  of A = you can get the address and send coins to A.

If you will a public key is (are many) padlock(s), they allow you to lock the coins for someone else without having the key.
The key to unlock the coins is the private key. There can be several copies of the same private key but thats not wise. Thats why its so important to take care of your wallet. It has your private keys.

so for example i buying pizza, and i pay them using private key?

and if i'm the seller i give them my public key?

[shorena]

damn, i still don't understand the meaning of having public and private key.
could someone explain it with simple sentences?

Private key of A = A can spend the coins
Public key  of A = you can get the address and send coins to A.

If you will a public key is (are many) padlock(s), they allow you to lock the coins for someone else without having the key.
The key to unlock the coins is the private key. There can be several copies of the same private key but thats not wise. Thats why its so important to take care of your wallet. It has your private keys.

so for example i buying pizza, and i pay them using private key?

and if i'm the seller i give them my public key?

Yes.
If you (A) buy a pizza, the person selling the pizza (B) gives you public key B. Now you make a transaction (10,000 BTC for 2 Pizza) and sign it with private key A. Now everyone else knowns (via the blockchain) that you have 10,000 BTC less and B has 10,000 BTC more. Now B can spend the 10,000 with B's private key etc.

[Dxuz]

damn, i still don't understand the meaning of having public and private key.
could someone explain it with simple sentences?

Private key of A = A can spend the coins
Public key  of A = you can get the address and send coins to A.

If you will a public key is (are many) padlock(s), they allow you to lock the coins for someone else without having the key.
The key to unlock the coins is the private key. There can be several copies of the same private key but thats not wise. Thats why its so important to take care of your wallet. It has your private keys.

so for example i buying pizza, and i pay them using private key?

and if i'm the seller i give them my public key?

Yes.
If you (A) buy a pizza, the person selling the pizza (B) gives you public key B. Now you make a transaction (10,000 BTC for 2 Pizza) and sign it with private key A. Now everyone else knowns (via the blockchain) that you have 10,000 BTC less and B has 10,000 BTC more. Now B can spend the 10,000 with B's private key etc.

haha, thanks for the explanation!.
finally understand 

[DannyHamilton]

damn, i still don't understand the meaning of having public and private key.
could someone explain it with simple sentences?

Private key of A = A can spend the coins
Public key  of A = you can get the address and send coins to A.

If you will a public key is (are many) padlock(s), they allow you to lock the coins for someone else without having the key.
The key to unlock the coins is the private key. There can be several copies of the same private key but thats not wise. Thats why its so important to take care of your wallet. It has your private keys.

so for example i buying pizza, and i pay them using private key?

and if i'm the seller i give them my public key?

Unfortunately, some people use the words "public key" to mean "bitcoin address".

A public key is NOT a bitcoin address (even though many confused people will tell you that it is).

You typically will never see and never know your public key.  The public key is used by the bitcoin protocol to verify digital signatures.

If you are buying a pizza, you will use bitcoin wallet software to create a bitcoin transaction that "sends the bitcoins to the pizza seller".

The bitcoin software will handle all the technical details for you.

If you want to know about those technical details:

The bitcoin wallet software will choose enough unspent outputs that you have received in the past so that the sum of the value is more than the amount you are "sending to the pizza seller".  These will all be listed in the transaction as "inputs".

Then the bitcoin wallet software will create a new output that assigns the desired value to the pizza merchant's bitcoin address, and a second output that assigns any extra amount from the sum of the inputs to an address in the bitcoin wallet.

The protocol requires digital signatures for each of those inputs proving that you have authorization to spend them.  The wallet uses the private keys to compute ECDSA digital signatures.  This is the mechanism that prevents other people from spending, or stealing your bitcoins.  Since they don't know your private keys, they are unable to generate the proper digital signatures, and the rest of the network just ignores any transaction that anyone else tries to create that would spend your bitcoins.  Of course, if a hacker can gain access to your private keys, then they can load them into wallet software of their own, and spend your bitcoins.

There is a mathematical relaitionship between the private key and the bitcoins address, but if only works in one direction.  If you know the private key, then you can compute the bitcoin address.  If you know the bitcoin address, it is impossible to compute the private key.  This means it is safe to give your bitcoin address to people (so they can send you bitcoins), since they can't figure out your private key.

The digital signature is also mathematically computed.  The particular mathematical relationship means that a signature can be verified without the private key as long as you have the public key.  Bitcoin includes the public key with the signature.  That way the entire network can verify the signature with the public key, and then can make sure that hashing the public key results in the correct bitcoin address.

[Dxuz]

damn, i still don't understand the meaning of having public and private key.
could someone explain it with simple sentences?

Private key of A = A can spend the coins
Public key  of A = you can get the address and send coins to A.

If you will a public key is (are many) padlock(s), they allow you to lock the coins for someone else without having the key.
The key to unlock the coins is the private key. There can be several copies of the same private key but thats not wise. Thats why its so important to take care of your wallet. It has your private keys.

so for example i buying pizza, and i pay them using private key?

and if i'm the seller i give them my public key?

Unfortunately, some people use the words "public key" to mean "bitcoin address".

A public key is NOT a bitcoin address (even though many confused people will tell you that it is).

You typically will never see and never know your public key.  The public key is used by the bitcoin protocol to verify digital signatures.

If you are buying a pizza, you will use bitcoin wallet software to create a bitcoin transaction that "sends the bitcoins to the pizza seller".

The bitcoin software will handle all the technical details for you.

If you want to know about those technical details:

The bitcoin wallet software will choose enough unspent outputs that you have received in the past so that the sum of the value is more than the amount you are "sending to the pizza seller".  These will all be listed in the transaction as "inputs".

Then the bitcoin wallet software will create a new output that assigns the desired value to the pizza merchant's bitcoin address, and a second output that assigns any extra amount from the sum of the inputs to an address in the bitcoin wallet.

The protocol requires digital signatures for each of those inputs proving that you have authorization to spend them.  The wallet uses the private keys to compute ECDSA digital signatures.  This is the mechanism that prevents other people from spending, or stealing your bitcoins.  Since they don't know your private keys, they are unable to generate the proper digital signatures, and the rest of the network just ignores any transaction that anyone else tries to create that would spend your bitcoins.  Of course, if a hacker can gain access to your private keys, then they can load them into wallet software of their own, and spend your bitcoins.

There is a mathematical relaitionship between the private key and the bitcoins address, but if only works in one direction.  If you know the private key, then you can compute the bitcoin address.  If you know the bitcoin address, it is impossible to compute the private key.  This means it is safe to give your bitcoin address to people (so they can send you bitcoins), since they can't figure out your private key.

The digital signature is also mathematically computed.  The particular mathematical relationship means that a signature can be verified without the private key as long as you have the public key.  Bitcoin includes the public key with the signature.  That way the entire network can verify the signature with the public key, and then can make sure that hashing the public key results in the correct bitcoin address.

how about blockchain?
i don't see any private key?

Sorry for all the question, i'm just want to learn more about bitcoin security 

[DannyHamilton]

how about blockchain?
i don't see any private key?

Sorry for all the question, i'm just want to learn more about bitcoin security 

The blockchain.info website creates an indexed database of all transactions that have ever been seen on the bitcoin network.  That allows them to create a website where you can search for and see transactions, addresses, and blocks.

The blockchain.info wallet service stores your private keys for you in encrypted form in their database.  When you want to create a transaction, they send these encrypted private keys to your web browser where their are decrypted with your password.  Then javascript software running in your web browser handles the creation of the bitcoin transaction and generating all the proper signatures.

[PilotofBTC]

damn, i still don't understand the meaning of having public and private key.
could someone explain it with simple sentences?

Private key of A = A can spend the coins
Public key  of A = you can get the address and send coins to A.

If you will a public key is (are many) padlock(s), they allow you to lock the coins for someone else without having the key.
The key to unlock the coins is the private key. There can be several copies of the same private key but thats not wise. Thats why its so important to take care of your wallet. It has your private keys.

so for example i buying pizza, and i pay them using private key?

and if i'm the seller i give them my public key?

Unfortunately, some people use the words "public key" to mean "bitcoin address".

A public key is NOT a bitcoin address (even though many confused people will tell you that it is).

You typically will never see and never know your public key.  The public key is used by the bitcoin protocol to verify digital signatures.

If you are buying a pizza, you will use bitcoin wallet software to create a bitcoin transaction that "sends the bitcoins to the pizza seller".

The bitcoin software will handle all the technical details for you.

If you want to know about those technical details:

The bitcoin wallet software will choose enough unspent outputs that you have received in the past so that the sum of the value is more than the amount you are "sending to the pizza seller".  These will all be listed in the transaction as "inputs".

Then the bitcoin wallet software will create a new output that assigns the desired value to the pizza merchant's bitcoin address, and a second output that assigns any extra amount from the sum of the inputs to an address in the bitcoin wallet.

The protocol requires digital signatures for each of those inputs proving that you have authorization to spend them.  The wallet uses the private keys to compute ECDSA digital signatures.  This is the mechanism that prevents other people from spending, or stealing your bitcoins.  Since they don't know your private keys, they are unable to generate the proper digital signatures, and the rest of the network just ignores any transaction that anyone else tries to create that would spend your bitcoins.  Of course, if a hacker can gain access to your private keys, then they can load them into wallet software of their own, and spend your bitcoins.

There is a mathematical relaitionship between the private key and the bitcoins address, but if only works in one direction.  If you know the private key, then you can compute the bitcoin address.  If you know the bitcoin address, it is impossible to compute the private key.  This means it is safe to give your bitcoin address to people (so they can send you bitcoins), since they can't figure out your private key.

The digital signature is also mathematically computed.  The particular mathematical relationship means that a signature can be verified without the private key as long as you have the public key.  Bitcoin includes the public key with the signature.  That way the entire network can verify the signature with the public key, and then can make sure that hashing the public key results in the correct bitcoin address.

how about blockchain?
i don't see any private key?

Sorry for all the question, i'm just want to learn more about bitcoin security 

That's the whole point of "private".

I'm pretty sure there are no keys on the blockchain at all. Just transactions that are signed.

[Dxuz]

how about blockchain?
i don't see any private key?

Sorry for all the question, i'm just want to learn more about bitcoin security 

The blockchain.info website creates an indexed database of all transactions that have ever been seen on the bitcoin network.  That allows them to create a website where you can search for and see transactions, addresses, and blocks.

The blockchain.info wallet service stores your private keys for you in encrypted form in their database.  When you want to create a transaction, they send these encrypted private keys to your web browser where their are decrypted with your password.  Then javascript software running in your web browser handles the creation of the bitcoin transaction and generating all the proper signatures.

so do you mean my private address well kept and secured from them with only my password, etc?

[PilotofBTC]

how about blockchain?
i don't see any private key?

Sorry for all the question, i'm just want to learn more about bitcoin security 

The blockchain.info website creates an indexed database of all transactions that have ever been seen on the bitcoin network.  That allows them to create a website where you can search for and see transactions, addresses, and blocks.

The blockchain.info wallet service stores your private keys for you in encrypted form in their database.  When you want to create a transaction, they send these encrypted private keys to your web browser where their are decrypted with your password.  Then javascript software running in your web browser handles the creation of the bitcoin transaction and generating all the proper signatures.

so do you mean my private address well kept and secured from them with only my password, etc?

Yes, the blockchain.info mywallet "server" never knows your PK's, the wallet in encrypted in your browser locally and then uploaded to their server. You can also use a secondary password which means the password your wallet in encrypted with is different than the password that you login with to d/l your wallet.

[Dxuz]

how about blockchain?
i don't see any private key?

Sorry for all the question, i'm just want to learn more about bitcoin security 

The blockchain.info website creates an indexed database of all transactions that have ever been seen on the bitcoin network.  That allows them to create a website where you can search for and see transactions, addresses, and blocks.

The blockchain.info wallet service stores your private keys for you in encrypted form in their database.  When you want to create a transaction, they send these encrypted private keys to your web browser where their are decrypted with your password.  Then javascript software running in your web browser handles the creation of the bitcoin transaction and generating all the proper signatures.

so do you mean my private address well kept and secured from them with only my password, etc?

Yes, the blockchain.info mywallet "server" never knows your PK's, the wallet in encrypted in your browser locally and then uploaded to their server. You can also use a secondary password which means the password your wallet in encrypted with is different than the password that you login with to d/l your wallet.

locally? are you pointing at cookies?

[PilotofBTC]

how about blockchain?
i don't see any private key?

Sorry for all the question, i'm just want to learn more about bitcoin security  

The blockchain.info website creates an indexed database of all transactions that have ever been seen on the bitcoin network.  That allows them to create a website where you can search for and see transactions, addresses, and blocks.

The blockchain.info wallet service stores your private keys for you in encrypted form in their database.  When you want to create a transaction, they send these encrypted private keys to your web browser where their are decrypted with your password.  Then javascript software running in your web browser handles the creation of the bitcoin transaction and generating all the proper signatures.

so do you mean my private address well kept and secured from them with only my password, etc?

Yes, the blockchain.info mywallet "server" never knows your PK's, the wallet in encrypted in your browser locally and then uploaded to their server. You can also use a secondary password which means the password your wallet in encrypted with is different than the password that you login with to d/l your wallet.

locally? are you pointing at cookies?

Yes locally. You can inspect the cookies. There is a cookie that remembers your wallet id. that has nothing to do with the encryption.

But, other than that, the blockchain.info wallet is all javascript that runs locally. It uses the blockchain.info API to get your balances and to send money. You can view the blockchain wallet source code on github.

[shorena]

-snip-
locally? are you pointing at cookies?

No, think about a file that you encrypt and send to their server. It can only be decrypted with a password only you know. So they take care of the file, but if you forget the password, they cant help you. That way they private keys are stored online but only encrypted. When you want to do something on blockchain.info you login, the browser downloads the encrypted file and decrypts it on your computer. That way your private keys are not decrypted online.

[Dxuz]

-snip-
locally? are you pointing at cookies?

No, think about a file that you encrypt and send to their server. It can only be decrypted with a password only you know. So they take care of the file, but if you forget the password, they cant help you. That way they private keys are stored online but only encrypted. When you want to do something on blockchain.info you login, the browser downloads the encrypted file and decrypts it on your computer. That way your private keys are not decrypted online.

ah!, got it!. thanks! 

[BigOrangeBee]

I'd like to bring this topic into the light again, and ask about quantum computers as a threat to the security of cryptocurrency.
Isn't it more than likely that quantum computers, when developed sufficiently would have no problem at all discovering or cracking bitcoin private keys?
The computing power of quantum computers is awesome and will only get more awesome with development.

Couldn't they also dominate mining as well?

[kuverty]

In short, the chances of two people generating the same private keys are so low that it is not worth worrying about. Do you worry about being hit by a meteor?

Ok, but that doesn't really satisfy. Because as more people used bitcoin, and more an more addresses are generated, and the longer its been around, there would be more and more of a chance of duplicate addresses.

Question: after an addresses is loaded with funds and added to the blockchain, then, does that information get sent to these automatic addresses generators in all the web, desk, and mobile wallets, and the bitaddress.org generator too? I don't think so. So how do they know they are not creating an address which was already created?

The numbers are so huge that none of the things you mention, even multiplied by a billion, make the slightest difference.

The number of possible addresses is 2¹⁶⁰. If 10 billion people have generated 1 billion addresses each, then the chances of a new address colliding with any of those is 1 in 2¹⁴¹. That's a 1 in 2,787,593,149,816,327,892,691,964,784,081,045,188,247,552 chance.

Let's pretend that Bitcoin is as big as Visa, which can process 24,000 transactions per second. In a million years, bitcoin will have processed up to 800,000,000,000,000,000 transactions. If a new key were generated for each of those, then there is still only a 1 in 2,000,000,000,000,000,000,000,000,000,000 chance that it will be a duplicate.

Well, the chance of some two people having generated the same key is bigger, and that is needed for collision. The chance is still low enough to be neglected. But to answer OP, yes it is possible that the next time you generate an address with your client, you get the key to Satoshi's main wallet and can use his coins. But the chance is really small. Not like winning the lottery, more like the event that you win the lottery this week and your brother wins it the next week and then the both of you get shot while shopping for groceries in two seemingly unrelated killing sprees and then the killers share the next week's lottery jackpot and Macarena regains its popularity and becomes the numbers one hit on major radio stations, and before that a bitcoin whale reading this message thinks it was the best and most inspiring thing he ever read and contacts me and sends me 500 bitcoins because he was so impressed, you know, that sort of thing.

[BigOrangeBee]

Macarena's coming back, I'm sure of that.  


um...what if someone in the future got a quantum computer to continually generate new private keys and check their balance in the blockchain.

[kuverty]

Macarena's coming back, I'm sure of that.  


um...what if someone in the future got a quantum computer to continually generate new private keys and check their balance in the blockchain.

Well, quantum computers are not a high-speed ordinary computers but completely different. Powerful quantum computers would be a threat to Bitcoin, but the main threat would be to the public key cryptography used in bitcoin. The elliptic curve discrete logarithm problem can be quite efficiently solved with a quantum computer using an algorithm similar to Shor's algorithm for prime factorization, and would allow private keys to be recovered from public keys.

But at the current state of quantum computing the risk is only theoretical, Shor's algorithm has been run on quantum computers to factor numbers like 15, which is a nice proof of concept but hardly a threat to any cryptosystems.

In the future, the algorithms in Bitcoin will probably have to be changed into quantum-resistant ones, but there will be a lot of time to think about that. For sure we will see wonderful things in cryptography in the future, maybe it is possible to find some kind of provably very strong cryptography; maybe it is even possible to prove the nonexistence of a really efficient (whatever that means) algorithm at some point. Of course these are hard things, just look at the P=NP problem, but I believe this will be one area of science to see unbelievable progress in the near future. Anyway we will almost surely not see a sudden collapse of present-day crypto, but a gradual weakening and replacement.

[odolvlobo]

But to answer OP, yes it is possible that the next time you generate an address with your client, you get the key to Satoshi's main wallet and can use his coins.

What you wrote made no sense. I recommend that you learn the difference between an "address" and a "wallet".

[kuverty]

But to answer OP, yes it is possible that the next time you generate an address with your client, you get the key to Satoshi's main wallet and can use his coins.

What you wrote made no sense. I recommend that you learn the difference between an "address" and a "wallet".

Sorry, that was surely really badly put. But the next time he generates a new address, he might just generate the private key that corresponds to the address where Satoshi has the most bitcoins.

I would not want to create any more confusion with these things of course...