What Is a Private and Public Key and Why Do You Need Both?
Today we’re going to cover a really important topic: Cryptography!
Cryptography is one of the key technologies used to ensure cryptocurrency networks like Bitcoin and Ethereum remain secure. Not to mention our online banking, communications, and much of the internet rely heavily on cryptography.
We believe it’s important to have a basic understanding of cryptography and in this article you’ll get private and public keys explained in plain language!
Don’t worry, we’re going to make it easy to understand for beginners. No crazy mathematics involved!
In this article we will cover:
- Brief history of public key cryptography
- What is the difference between public key and private key?
- Asymmetric cryptography explained
- What are the roles of the public and private key?
- How does private and public key encryption work?
- How do I create a private and public key?
- Risks of quantum computing breaking our cryptography
A Brief History of Public Key Cryptography
Public key cryptography was invented in 1976 by Whitfield Diffie and Martin Hellman. Due to their contributions, public key cryptography is often called “Diffie-Hellman encryption.” Another common name is “asymmetric encryption” which we explain below.
Later in the 1980s, Elliptic Curve Cryptography (ECC) was invented which is an improvement over previous iterations. ECC is faster, uses less memory, and has smaller key sizes.
Roughly 20 years after ECC was invented, the United States National Security Agency (NSA) released a new set of ECC algorithms which convinced the community to stop using Diffie-Hellman and RSA cryptography and instead implement ECC.
One of those new ECC algorithms invented by the NSA was Elliptic Curve Digital Signature Algorithm (ECDSA) which Satoshi Nakamoto chose to use for Bitcoin. While more efficient signatures, such as Schnorr, were available when Satoshi released Bitcoin, ECDSA had a longer track record of success. This was a wise, albeit conservative decision for Bitcoin.
Coming full circle, some Bitcoin developers are working on a proposal to use Schnorr Signatures as a replacement for ECDSA. Schnorr can increase the efficiency of multi-party computations as well as improve privacy and fungibility for Bitcoin. So far the community is supportive of this transition and it could be implemented as early as 2020.
In 1994, Peter Shor demonstrated that quantum computing could break cryptography. While public key cryptography is extremely secure today, there is a non-zero chance that we invent quantum computing which would theoretically break all the standard cryptography used on the internet, our banking systems, and cryptocurrencies at large. We’ll explore the potential risks of quantum computing in the last section of this article.
What Is the Difference Between Public Key and Private Key?
Cryptocurrencies use what’s called asymmetric cryptography.
In asymmetric cryptography, secure messages are sent and received with a “public key” and a “private key.” Together they form what’s called a key pair. In simple terms, both “keys” are just really big numbers that are interrelated through a mathematical formula.
The main difference between public key and private key encryption is the public key is only used to encrypt messages, not decrypt them… while the private key can be used to decrypt messages.
For example, you encrypt a message with someone’s public key when you send it to that person. Then when they receive the message, they decrypt it using their corresponding private key.
What Are the Roles of the Public and Private Key?
Your public key can be made public enabling someone to send you some cryptocurrency. However in order to spend your cryptocurrency, you will need to “sign the transaction” with your private key – which like the name suggests, should be kept private.
You can think of your public key as your home address, anyone can have access but just because they know your address doesn’t mean they can unlock your doors and enter your house. Continuing with this analogy, your private key is like your house key that allows you to unlock your door.
How Does Private and Public Key Encryption Work?
Public and private keys are paired to enable secure communication. For the purposes of this article “secure communication” also includes sending Bitcoin, Ether, or another cryptocurrency. In order to move coins from person to another, the sender must “sign the transaction” by proving they have the private keys. Then the receiver can only spend them by “signing a new transaction” proving they have the private keys of the new address.
All these transactions are then stored on the blockchain which is simply a ledger displaying who controls what coins.
As a cryptocurrency user, managing private keys is a challenge.
This makes “becoming your own bank” a challenge for people who aren’t comfortable with technology. This is where easy to use custodians like Coinbase come into play. Instead of managing your own private keys, you trust Coinbase to do this for you.
While this may sound like a good idea, trusting custodians like Coinbase comes with a ton of risk. Exchanges and other custodians are honeypot for hackers and sometimes the exchange employees run away with the money. In short, if you don’t manage your own private keys, you’re trusting the custodian which introduces risk.
We’ve already seen many exchanges get hacked and steal funds from their users. Most notably, the Mt Gox exchange was hacked in 2014 losing close to $500m worth of user funds.
Continuous hacks and abuses from custodians led to a common phrase in the community: “not your keys, not your bitcoin.” This phrase further reinforces the benefits of managing your own private keys.
How Do I Create a Private and Public Key?
Generating a new key pair is done by using a cryptographic algorithm based on mathematics to produce a one-way function. Bitcoin uses a Elliptic Curve Digital Signature Algorithm which is usually shortened to ECDSA.
I know this sounds complicated, but the good news is: cryptocurrency users don’t ever have to touch the math behind the system! While you CAN generate your own private and public key pair… most people rely on their cryptocurrency wallet to do this for them.
By simply downloading a crypto wallet the software will automatically create your own “wallet” which is made up of a private-public key pair to ensure your cryptocurrency is secure!
Potential Risks of Quantum Computing Breaking our Cryptography
Quantum computing combines information theory and quantum mechanics to create an entirely new way to user computers. Conventional computers register information as either a one or a zero (on or off). With quantum computers, information can be one, zero, or anyone in between – all at the same time.
What would Quantum Computers be good at?
There is a reason why the tech giants (Google, Microsoft, IBM, etc) and many governments are investing heavily in the development of quantum computers. Clearly they believe quantum computers will enable new lucrative business models.
Quantum computers can solve certain problems that we currently believe are impossible (or impractical) to solve. One problem that would be easily solved with quantum computing is the “traveling salesman problem” which seeks to find the optimal path between two points. Currently, the only way to solve this problem is to brute force “guess and check” method. However, quantum computing allows us to guess all potential outcomes at the same time.
The security assumption of Cryptography is based on the fact that guessing the “private key” by “brute force” is practically impossible. However if we invent quantum computers that can guess all potential private keys at the same time, our cryptophy would be broken. This means secure communications, banking, and cryptocurrencies would all be at risk.
Minimizing Downside Risks of Quantum Computing
There are many benefits to quantum computing such as helping scientists develop ground-breaking new materials and predict climate change. However there are many potential concerns as well.
Fortunately, the risks of quantum computing are well known. Many computer scientists are working hard to create new cryptography schemes that are resistant to quantum computers. As scientists get closer to inventing quantum computing, we’ll see more and more people discussing “quantum-safeness” in response.
Outlook for Cryptocurrencies
We don’t have to worry about cryptocurrencies just yet. Some people believe we’ll never see quantum computers and other experts say we’re at least a decade away from any meaningful breakthroughs in quantum computing.
Thankfully an invention like this will not catch us off guard. It will be a slow winding road to development. This should give us ample time to prepare and implement quantum resistant cryptography into all our important systems.