If you have started learning about crypto, you have probably seen the words "public key" and "private key" already. They look like jargon. They are not. They are two mathematically-linked numbers that together let you own crypto on a blockchain, prove that you own it, and let everyone else verify your proof without seeing the secret part. This guide walks through what each one is, what each one does, why the relationship between them is the foundation of crypto security, and how to keep them safe in practice.
What are public and private keys, in plain terms?
Public and private keys are a pair of mathematically-linked numbers your wallet generates from your seed phrase. The private key is the secret you keep. The public key is its public-facing partner that anyone can see. Together they form a key pair. The private key proves you own your crypto. The public key lets others (and the blockchain) verify your proof without ever seeing the secret.
A useful first analogy is the cheque book. Your public key is like an account number printed on a cheque: anyone can read it, anyone can write a cheque to you, sharing it costs you nothing. Your private key is like your signature: only you can produce it, and the bank uses it to confirm you really authorised the payment. Public key = the part everyone can see. Private key = the part only you can produce.
A second analogy, slightly closer to the cryptography: a padlock you carry around. The padlock is the public key. Anyone can have a copy. Anyone can lock something with it (or, in crypto terms, anyone can send funds to the address it represents). Only the matching key opens the padlock. That key is the private key. As long as you keep the key, nobody else can open the locks you have closed.
A third framing: the private key signs, the public key verifies. When you send crypto, your wallet uses the private key to sign the transaction. The network looks at the signature and your public key, runs a mathematical check, and confirms the signature genuinely came from the matching private key. You proved ownership without exposing the secret. Anyone in the world can run the same check and reach the same answer. That is what makes blockchains trustworthy without a central authority.
Private key vs public key, side by side
Dimension | Private key | Public key |
|---|---|---|
What it is | A secret 256-bit number the wallet generates from your seed phrase | The mathematical partner of the private key, derived from it |
Who can see it | Only you (and the wallet that holds it for you) | Anyone, by design |
What it does | Signs transactions | Verifies the signature came from the matching private key |
What it produces | A digital signature, one per transaction | An address you share, after hashing and encoding |
How you share it | Never share. Ever. | Share freely. Sharing it is the point. |
What happens if it leaks | Anyone with it can move every coin at every address it controls. No revocation, no fix | Nothing. The design assumes it is public. |
What happens if it is lost | Funds are inaccessible unless the seed phrase can regenerate it | Nothing. The wallet recalculates it from the private key any time. |
Where it lives | In encrypted form on your device, or inside a hardware wallet's secure chip | Recalculated on demand. Not stored separately. |
Backup unit | The seed phrase, which regenerates every private key | Not backed up directly. Derives from the private key. |
Math relationship | Generates the public key (one-way, easy this direction) | Cannot be reversed back to the private key (one-way, infeasible in reverse) |
Read across any row to see what each key does on that dimension. The pattern that shows up every time is the same: the private key is the secret that mathematically owns your crypto, and the public key is the verifiable partner that lets the network confirm ownership without seeing the secret. The next two sections walk each side of the table in depth.
What does the private key actually do?
Two things. It signs transactions. It stays secret. Both jobs are essential, and both have absolute rules attached.
When you send crypto, your wallet builds an unsigned transaction containing the destination address, the amount, and a few other fields. It then uses the private key to produce a digital signature on that data. The signed transaction goes out to the network. Every node on the network can verify the signature against your public key. If the signature is valid, the transaction is accepted. If the signature is invalid, the transaction is rejected. The signing operation is fast (milliseconds) and deterministic (the same input always produces the same signature).
The private key stays secret because the entire model assumes only the key-holder can sign. If your private key leaks, anyone with it can sign transactions as you. They can move every coin at every address derived from that key. There is no revocation step. There is no way to "change your private key" the way you would change a password. The defence is to keep the private key from being known. The wallet handles this for you by keeping the key in encrypted form on your device, decrypting only briefly during signing.
What this looks like from the user's side, when you send 1 ETH to a friend: you open the wallet, tap Send, paste your friend's address, type 1 for the amount, glance at the fee, then tap Confirm. Behind that single Confirm tap, the wallet decrypts your private key in memory, builds the transaction (your address, your friend's address, 1 ETH, the fee), produces a digital signature, then broadcasts the signed transaction to the network. You see a "pending" status for roughly a minute, then "confirmed." Your private key never appears on screen and never leaves the wallet. The entire signing flow happens in the seconds between your tap and the network's first acknowledgement.
From Blofin's operational view, every transaction we settle involves a signature from a private key. The chain validates each signature against the public key that owns the address. We never see the private key. The exchange does not need it for anything. That is the entire point of the design: prove ownership without revealing the secret. For the full mechanism of how this signing flow integrates with the rest of the wallet, see our companion piece on how crypto wallets work.
What does the public key actually do?
Two things. It verifies signatures made by the matching private key. It gets transformed into an address you share publicly.
The verification job is the cryptographic mirror of signing. Anyone in the world can take your public key, a signature, and the data that was signed, run a fixed mathematical check, and learn one of two things: either the signature genuinely came from the matching private key (transaction accepted), or it did not (transaction rejected). The check requires no secret information. It can be done on a phone, on a public blockchain node, on a research laptop. Cloudflare's primer on how public-key encryption works walks through the verification step in detail.
The address job is where the public key becomes the thing you share. Wallets put the public key through a hash function and then encode the result into a short readable string. That string is the address. Different chains use different transformations: Bitcoin runs the public key through SHA-256 and RIPEMD-160 before Base58 encoding; Ethereum runs it through Keccak-256 and takes the last 20 bytes with a 0x prefix; Solana skips the hashing step and encodes the public key directly. The result is always shorter and more readable than the raw public key. For the full picture on how addresses derive from public keys and why they look so different across chains, see our companion piece on what is a blockchain address.
Why can't someone work out the private key from the public key?
Because the math runs one way only. Going from a private key to a public key takes microseconds. Going the other direction would take more computing power than humanity could realistically assemble. The technical name for this property is a one-way function.
The math behind modern crypto wallets is called elliptic curve cryptography. The exact curve most wallets use is well-studied and considered safe at standard key sizes. The National Institute of Standards and Technology codified the digital signature standard for these schemes (source: NIST FIPS 186-5 — Digital Signature Standard). The short version: the multiplication that turns a private key into a public key is one-way enough that reversing it has not been done, and is not realistically expected to be done with current or near-future computing.
What that means in practice: your public key (and your address, which is derived from your public key) can be shared anywhere without compromising your private key. Block explorers, friends, exchanges, and anyone watching the network all see your public key or address. None of that exposes the private key. The asymmetry is the entire reason public blockchains can exist without putting everyone's secrets on display.
This asymmetry is also why "the public key is dangerous to share" is a common misconception. It is meant to be public. The word means what it says.
How does the seed phrase relate to your keys?
Your seed phrase is the master input that generates every key pair your wallet uses. Twelve or 24 dictionary words go in. The wallet runs them through a key-derivation function and produces a master private key. From the master, the wallet derives every per-account private key. From each private key, it derives the matching public key and address. All of it traces back to those 12 or 24 words.
The relationship is hierarchical. The seed phrase is at the top. The master private key is one step down. Per-account keys branch out from there. Each branch can extend further to produce per-address keys. To picture it concretely: your seed phrase looks like slow tide army bird forest banana ... (12 or 24 ordinary words, randomly generated). From those words the wallet derives a private key, which is essentially a 256-bit number that displays as a long string like 5KJvsngHeMpm... or as 64 hex characters like 0xa3b8c1.... From the private key the wallet derives a public key (another long number). From the public key it produces your address: bc1qxy2k... on Bitcoin, 0x742d35Cc... on Ethereum. The seed phrase is the only piece you ever back up. Everything below it the wallet recalculates on demand. This structure is defined by Bitcoin Improvement Proposals 32 and 39 (source: BIP-39 — Mnemonic code for generating deterministic keys), and most modern wallets follow them. The practical implication is that one seed phrase can back up an unlimited number of addresses across multiple chains, because they all derive from the same starting point.
If the device dies and the wallet app vanishes, the seed phrase rebuilds every key pair on a new device. The keys regenerate. The addresses are the same. The funds reappear because they were never on the device; they were always on the chain, controlled by keys that the seed phrase has always been able to produce. For the procedure to back up the seed phrase safely (so this regeneration is actually possible), the full how-to is in our companion piece on how to back up a seed phrase.
What are the most common confusions about keys?
Four show up repeatedly. Each one is easy to fix once you know to watch for it.
Confusion 1: The address is the public key. The address is derived from the public key, but the two are different strings. On most chains, the address is shorter and easier to handle (a hashed-and-encoded version of the public key). On Solana the address happens to be the public key encoded directly. In either case, the address is what you share for receiving funds. The public key is the cryptographic input that produced it.
Confusion 2: The public key is dangerous to share. It is not. The whole point of the design is that the public key can be public without compromising the private key. Block explorers display public keys and addresses for every transaction on the chain. That is by design, and it does not weaken security.
Confusion 3: A long password is the same as a private key. It is not. A private key has far more entropy than any password. A typical Bitcoin private key is 256 bits of randomness, which is more combinations than there are atoms in a large mountain. The longest passwords humans realistically use are nowhere close to that. The two are different categories. A password protects an account; a private key mathematically owns a slice of a blockchain.
Confusion 4: If I lose my private key, the platform can recover it. No platform has a copy of your private key. Not Blofin, not your wallet provider, not the chain itself. The design ensures only the key-holder can sign, and the chain has no concept of who is "supposed to" own which address. The most common security mistake we see around keys is users sharing the private key (or the seed phrase that produces it) with someone they believed was "support." No legitimate platform, wallet, or service ever needs your private key. The verification model is built specifically so that signatures prove ownership while the private key stays in your hands.
For the full catalogue of beginner mistakes around keys and wallets, see our companion piece on common crypto mistakes beginners make.
How do you keep your private key safe?
In practice, you almost never handle the raw private key directly. The wallet handles it. What you need to keep safe is the seed phrase, which can regenerate every private key whenever the wallet needs to.
The four practical rules:
Back up the seed phrase on paper, not digitally. Two copies in geographically separated locations. Never photograph, never type into any device, never email. The detailed procedure lives in our how to back up a seed phrase guide.
Never share the seed phrase with anyone. Not friends, not family "for safekeeping," not support agents who DMed you. No legitimate party ever needs it. Any request for it is a scam by default.
Let the wallet hold the keys. Do not export the raw private key into a notes app, a password manager, or a backup file. The wallet manages the key in encrypted form. The seed phrase regenerates it if anything goes wrong. Manually handling the raw private key introduces more risk than it removes.
Move to hardware as your balance grows. Software wallets are fine for small balances and active DApp use. Hardware wallets keep the private key inside a chip that does not export it, even when plugged in. For the full picture, see hardware wallet guide and software wallets guide.
For the broader picture of what holding the keys yourself actually requires across your whole crypto setup, see what is self-custody. For the wallet-level context that ties keys to the rest of the setup, see what is a cryptocurrency wallet.
Frequently asked questions about keys
Is the address the same as the public key?
No. Most chains derive the address from the public key by hashing it and encoding the result. Bitcoin and Ethereum both work this way. Solana is an exception where the address is the public key encoded directly in Base58. In all cases, the address is what you share for receiving funds; the public key is the cryptographic input that produced it.
Can I derive the private key from the public key?
No. The mathematical operation that turns a private key into a public key is one-way. Reversing it would take more computing power than currently exists, and there is no known shortcut. This asymmetry is what makes the entire system secure. Anyone can have your public key safely. Only you should have the private key.
What's the difference between a private key and a password?
A password is something you choose or remember; a private key is a randomly generated number with far more entropy than any password. Passwords protect a service account, which is usually recoverable if you forget the password. Private keys mathematically prove ownership of crypto on a public blockchain, which is not recoverable if lost. The two are different categories of secret.
Where is my private key stored?
On the device your wallet runs on, in encrypted form. Software wallets store it on your phone or laptop, decrypting briefly during signing. Hardware wallets store it inside a secure chip that never exports it. Either way, your wallet generates the private key from your seed phrase whenever it needs to sign, and you should never need to handle the raw private key yourself.
Can I have more than one private key?
Yes. Modern wallets generate many private keys from a single seed phrase, organised in a tree structure. Each private key controls one address. When you click "create new address" in your wallet, the wallet derives the next key in the sequence. All of them trace back to the same seed phrase, which is why one backup covers them all.
Should I write down my private key?
Usually not. Most wallets do not show you the raw private key. They show you the seed phrase, which is the human-readable input that regenerates every private key. Back up the seed phrase. The private keys regenerate automatically whenever you restore the wallet on a new device. The seed phrase is the actual thing to back up.
What happens if someone gets my private key?
They can sign transactions as you. They can move your crypto wherever they want. There is no way to revoke a compromised private key. Once it is out, it is out. The defence is to keep the seed phrase (which produces the private key) entirely offline and never share it. Once a private key is known to be compromised, the only recovery is moving funds to a new wallet with a freshly generated seed phrase, before the attacker drains the original.
Researched and written by the Blofin Academy editorial team with AI-assisted drafting. Primary sources include the Cloudflare Learning Center on public-key encryption, BIP-39 (mnemonic specification), and NIST FIPS 186-5 (Digital Signature Standard). All facts independently verified against cited documentation current as of May 2026.
This article is for informational purposes only and does not constitute financial, legal, or investment advice. Cryptocurrency key management carries permanent consequences for mistakes; you should conduct your own research and consult qualified professionals before relying on any setup for funds you cannot afford to lose. Blofin Academy content reflects the state of public information at time of publication; security best practices and the threat landscape change frequently.