Private Keys — Beginners

BEGINNER_DOC_006 // BEGINNERS / PRIVATE-KEYS

PRIVATE
KEYS

A private key is a 256-bit secret number that gives you complete, irrevocable control over your bitcoin. It is the only thing you need to spend funds — and the only thing an attacker needs to steal them. There are no passwords, no account recovery, no customer support. The key is the money.

WHAT_A_PRIVATE_KEY_IS

A PRIVATE KEY — JUST A NUMBER

In hexadecimal (256 bits = 32 bytes = 64 hex chars): E9873D79C6D87DC0FB6A5778633389F4453213303DA61F20BD67FC233AA33262 Range: 1 to 115792089237316195423570985008687907852837564279074904382605163141518161494336 (the order of the secp256k1 curve, written as 'n')

GENERATES

EVERYTHING ELSE DERIVES FROM IT

Private Key (256-bit secret number) └─→ Public Key (via elliptic curve multiplication) └─→ Bitcoin Address (via hashing the public key)

HOW_PRIVATE_KEYS_ARE_GENERATED

Cryptographic Random Number

GENERATION

A private key is simply a random 256-bit number within the valid range of the secp256k1 curve. The randomness must be cryptographically secure — predictable randomness is the most common cause of private key compromise.

Requirements for a valid private key: 1. Must be a positive integer 2. Must be less than n (the curve order): n = FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 3. Must be generated using a CSPRNG (Cryptographically Secure Pseudo-Random Number Generator) The probability of randomly guessing a specific key: 1 in 2^256 ≈ 1 in 10^77 (more than atoms in the observable universe)

Never generate private keys using weak randomness: timestamps, user input, or non-cryptographic random functions. A poorly seeded key can be reconstructed by an attacker.

WIF_ENCODING — HOW_KEYS_ARE_STORED

WIF — Wallet Import Format

ENCODING

Raw private keys are usually encoded in WIF (Wallet Import Format) for export and import between wallets. WIF adds a version-byte-base58check/">version byte and checksum, then encodes in Base58Check.

Steps to create WIF from raw private key: 1. Start with raw 32-byte key 2. Prepend 0x80 (mainnet version byte) 3. Append 0x01 (if compressed public key will be used) 4. Hash twice with SHA-256, take first 4 bytes as checksum 5. Append checksum 6. Encode result in Base58 Example: Raw: E9873D79C6D87DC0FB6A5778633389F4453213303DA61F20BD67FC233AA33262 WIF: L5oLkpV3aqBjhki6LmvChTCV6odsp4SXM6FfU2Jvxy5sopo5K9WS

WIF keys starting with "5" use uncompressed public keys (older). Keys starting with "K" or "L" use compressed public keys (modern standard).

THE_MATH — ONE-WAY_FUNCTION

Elliptic Curve Multiplication

CRYPTOGRAPHY

The private key is multiplied by the generator point G on the secp256k1 curve to produce the public key. This operation is easy to perform in one direction and computationally infeasible to reverse.

Public Key = Private Key × G Where G is the generator point (a fixed point on the secp256k1 curve). Easy: private_key × G → public_key (milliseconds) Hard: public_key ÷ G → private_key (computationally infeasible) This asymmetry is what makes the entire system secure. It is known as the Elliptic Curve Discrete Logarithm Problem (ECDLP).

⚠ CRITICAL SECURITY RULES

Never share your private key. Anyone with your private key can spend your bitcoin instantly and irreversibly. Never enter it into websites, paste it in messages, or store it in cloud services. Never take a photo or screenshot of a private key. The only safe storage is offline: written on paper or stored on a hardware wallet.

KEY_PROPERTIES

NO RECOVERY

Bitcoin has no central authority. If you lose your private key, your bitcoin is permanently inaccessible. No one can help you recover it — not exchanges, not developers, not anyone.

TOTAL CONTROL

Whoever holds the private key controls the funds — no identity, no KYC, no permission needed. This is self-sovereignty: the key is the account.

TERMINOLOGY_INDEX

Private Key

A 256-bit random number that controls a Bitcoin address. Must be kept secret.

WIF

Wallet Import Format. Base58Check encoding of a private key for portability between wallets.

secp256k1

The elliptic curve used by Bitcoin. Defines the mathematical relationship between private and public keys.

CSPRNG

Cryptographically Secure Pseudo-Random Number Generator. Required for safe key generation.

ECDLP

Elliptic Curve Discrete Logarithm Problem. The hard math problem that makes reversing key derivation infeasible.

Base58Check

An encoding scheme that uses 58 characters (no 0, O, I, l) and includes a checksum to prevent typos.