What is public-key cryptography?

Public-key cryptography is the branch of math that makes wallets possible. It gives each user two related keys: a private key they keep secret, and a public key they can share freely. Anyone with the public key can verify that a message was signed by the holder of the private key — but nobody, including the verifier, can forge the signature. This asymmetry is what lets a blockchain replace a trusted intermediary with a piece of code.

The asymmetric trick

In symmetric cryptography, the same key encrypts and decrypts. If Alice and Bob want to send each other private messages, they need to share a secret key ahead of time, which is awkward in a world of strangers. Public-key cryptography solves this by splitting the key into two pieces related by a mathematical trapdoor: easy to go one way, hard to go the other.

On Bitcoin and Ethereum, the scheme used is ECDSA — Elliptic Curve Digital Signature Algorithm — built on the secp256k1 curve. The private key is a random 256-bit number. The public key is a point on the curve derived by multiplying a fixed generator point by the private key. Given the private key, computing the public key is trivial. Given the public key, recovering the private key requires solving the elliptic-curve discrete logarithm problem, which no known algorithm can do in reasonable time.

Newer systems use schemes like Schnorr signatures (adopted by Bitcoin in the 2021 Taproot upgrade) or BLS signatures (used by Ethereum consensus). The details differ but the asymmetric structure is the same.

Signing and verifying

To sign a message, the signer hashes it (see the hash-function explainer), then uses the private key to produce a signature that is a pair of numbers. The verifier takes the message, the signature, and the signer's public key, and runs an algorithm that returns true or false. A valid signature proves two things: that the message was created by someone who knows the private key corresponding to the public key, and that the message has not been altered since it was signed.

Crucially, the verifier does not need to know the private key to check. They only need the public key, which is public. This is the property that makes the entire blockchain work: any node can verify that a transaction was authorized by the right wallet, without anyone needing to trust anyone else.

Signatures are not reusable. A signature is bound to a specific message (actually, to the hash of the message). Trying to reuse the signature on a different message — or even the same message with one byte changed — fails verification.

Addresses are derived from keys

On Ethereum, the address is the last 20 bytes of the keccak-256 hash of the public key. On Bitcoin, it is a hash of the public key wrapped in an encoding scheme that includes a checksum. The hashing layer adds a safety margin: even if someone found a way to reverse elliptic-curve cryptography, they would still have to reverse the hash function to recover the private key from just an address.

This is also why receiving funds does not require revealing a public key until you spend from the address. On Bitcoin in particular, the public key only hits the chain when the address first sends a transaction. Until then, the address is, effectively, a hash of a secret, guarded by two layers of cryptographic difficulty.

Attack surface

Public-key cryptography is not magic. Its security depends on three things being true: the math is sound, the private key stays secret, and the random number generator that created the key was actually random. All three have been the source of real-world failures.

The math itself has held up for decades. ECDSA has not been structurally broken. But sloppy implementations — reusing the same "random" nonce across two signatures — have leaked private keys in the wild. The 2010 PlayStation 3 firmware signing key was extracted because Sony reused a nonce. Several Bitcoin wallets have lost funds to similar errors.

Future attacks from large-scale quantum computers are a separate concern. Shor's algorithm, if run on a sufficiently large quantum computer, could solve the elliptic-curve problem and break existing signatures. This is not an immediate threat — no such computer exists — but post-quantum cryptography (lattice-based schemes, hash-based signatures) is already being developed. Migrating blockchains will be a multi-year effort when the time comes.

Why it matters

Public-key cryptography is the load-bearing primitive under every wallet, exchange, smart-contract interaction, and cross-chain transfer. It is the mechanism by which control is asserted without a central arbiter: whoever has the key speaks for the account, full stop. Understanding this is what makes the rest of crypto stop looking like a black box. The private key is the asset; the public key is the handle; the signature is the proof. Everything else is packaging.