Public & Private Keys Explained

Public & Private Keys Explained (Wallet Addresses, Seed Phrases, Signatures)

Beginner → Intermediate
Wallets
• ~12 min read
• Updated: 08/08/2025

1) Private key → Public key → Address

On Ethereum and many other chains, accounts are built on elliptic-curve cryptography (ECC). A
private key is a 256-bit random number. From it, we compute a public key with a one-way math
operation (elliptic-curve multiplication). Finally, we derive a human-shareable address by hashing/encoding
the public key.

Private key (keep secret!)
    ↓  elliptic-curve multiplication (e.g., secp256k1)
Public key (can share)
    ↓  hashing/encoding (e.g., keccak-256 → last 20 bytes)
Address (share widely, receives funds)

Anyone can send funds to your address. Only the matching private key can produce a valid signature to move those funds.
The security comes from the fact that deriving the private key from the public key/address is computationally infeasible.

2) Entropy & secure key generation

Keys are only as strong as their randomness (entropy). Good wallets use secure sources (OS RNGs, hardware TRNGs).
Manually made “brain wallets” (phrases you invent) are dangerous. humans are bad at randomness and attackers pre-compute guesses.

  • Do use reputable wallets and, ideally, hardware devices that generate keys internally.
  • Don’t reuse keys across chains unless you understand the risks (different derivation paths, replay concerns).
  • Optional: some setups add a passphrase on top of the mnemonic for extra protection (see below).

3) Seed phrases & HD wallets (BIP39/BIP32/BIP44)

Modern wallets are HD (hierarchical deterministic). Instead of backing up many private keys, you back up one
seed phrase: a 12 or 24-word mnemonic (BIP39). That mnemonic deterministically generates a master seed, from which
trees of keys are derived (BIP32). BIP44 standardizes path structure, so the same seed works across multiple
accounts and coins in compatible wallets.

  • BIP39: mnemonic wordlists + algorithm for turning words → seed.
  • BIP32: hierarchical key derivation (parent/child keys via paths).
  • BIP44: standard path like m / 44' / coin_type' / account' / change / index
    (Ethereum’s coin type is 60').
Example: First Ethereum account is often m/44'/60'/0'/0/0.
Increasing the last index (.../1, .../2, …) gives you fresh addresses from the same seed.

Two advanced options you’ll see:
(1) BIP39 passphrase (sometimes called the “25th word”): an extra secret that changes all derived keys.
Lose the passphrase and your mnemonic alone won’t recover funds.
(2) Shamir backups (SLIP-39): split a mnemonic into shares (e.g., 2-of-3) for safer storage/disaster recovery.

4) What a signature really is (EIP-155, EIP-712, EIP-1271)

When you “confirm” a transaction, your wallet hashes the transaction fields and uses your private key to create a
digital signature (on Ethereum, ECDSA over secp256k1). Nodes verify the signature with your public key; if valid,
the state update is allowed by protocol rules.

(tx data) --hash--> digest
digest + private key --sign--> (v, r, s)
public key verifies signature → authorized
  • EIP-155 (chainId in signatures): prevents replay of a signed tx from one chain onto another compatible chain.
  • EIP-712 (typed structured data): lets wallets display human-readable messages before you sign (safer than opaque bytes).
  • EIP-1271 (contract wallet signatures): smart/organization wallets don’t have private keys; they validate signatures via contract logic (e.g., multi-sig threshold).

You’ll also sign approvals (allowing a token spender), permits (EIP-2612 signature approvals that save a transaction),
and off-chain messages (logins, orders). Always read the prompt, malicious sites may try to trick you into approving more than intended.

5) Address formats & checksums (Ethereum vs other chains)

Ethereum: addresses are the last 20 bytes of the Keccak-256 hash of the uncompressed public key (no prefix byte),
shown as hex with 0x. Mixed-case “EIP-55” checksums help catch typos (some apps always lowercase).

Other chains differ: Bitcoin uses Base58 or Bech32 with different script types; Solana uses Ed25519 keys and Base58 encoding.
Same principle (public key → address), different curves/encodings. Never assume one chain’s address is valid on another.

6) Hot vs Cold, Custodial vs Self-custody

  • Hot wallet: software on a connected device (browser/mobile). Great UX, higher phishing/malware exposure.
  • Cold wallet: keys offline (hardware wallet, air-gapped device). Fewer attack surfaces; ideal for significant value.
  • Custodial: a platform holds keys for you (like an exchange). Simpler UX; you assume their security and counterparty risk.
  • Self-custody: you hold the keys. Maximum control and responsibility.

Smart wallets (account abstraction) blur lines: they can require multiple approvals, spending limits, or social recovery,
while still letting you sign from familiar devices.

7) Key management best practices

  • Back up your seed phrase offline (paper or metal) in at least two locations. Never save in cloud/email/photos.
  • Prefer hardware wallets for meaningful funds; verify addresses and amounts on the device screen.
  • Use multiple accounts: keep a small “hot” wallet for daily activity and a separate “vault” for holdings.
  • Limit approvals: grant minimal allowances; periodically review/revoke spenders you don’t use.
  • Avoid blind signing: prefer EIP-712 prompts that are human-readable; if the wallet can’t explain it, pause.
  • Label & monitor: name addresses in your wallet/explorer; consider watch-only mode on a separate device.
Phishing is the #1 threat: No legitimate support agent will ever ask for your seed phrase or private key.

8) Recovery, rotation & backups

  • Lost device, backed-up seed: restore on a new wallet using the same mnemonic (and passphrase if used).
  • Compromised key: move assets to fresh addresses from a new seed; revoke old approvals; rotate API keys/webhooks tied to that address.
  • Passphrase users: test recovery periodically. Without the passphrase, the same words recreate different wallets.
  • Organization setup: prefer multi-sig/smart wallets with role separation and documented recovery procedures.

9) Common myths & mistakes

  • Myth: “My exchange login is my wallet.”
    Reality: That’s custodial access. If they’re down or compromised, you may lose access.
  • Mistake: Emailing yourself your seed phrase.
    Fix: Keep it offline; consider metal backups.
  • Myth: “If I know my address, I can recover my funds.”
    Reality: You need the private key/seed to move funds.
  • Mistake: Vanity address generators from random websites.
    Fix: Don’t use untrusted keygen tools; many are backdoored.
  • Myth: “A bigger gas tip makes a bad transaction succeed.”
    Reality: Gas can’t fix logical failures; simulate before sending.

Recap

  • Private key controls funds; public key/address is safe to share for receiving.
  • HD wallets let one seed phrase generate many accounts (BIP39/BIP32/BIP44).
  • Signatures authorize actions; EIP-155/712/1271 improve safety and flexibility.
  • Prefer hardware wallets, minimal approvals, and offline backups.

Quick check

  1. How does a seed phrase differ from a private key?
  2. What problem does EIP-712 solve for end users?
  3. Why is a BIP39 passphrase risky if you’re forgetful?
  4. Name two reasons to use a hardware wallet.
Show answers
  • The seed phrase can deterministically generate many private keys; a private key controls one account.
  • It makes messages human-readable and unambiguous, reducing phishing/blind-signing risks.
  • Without the passphrase, the same words recreate a different wallet, you can’t recover funds.
  • Keys stay offline; device screen confirms details (resists malware/phishing).

Go deeper (free resources)

Next up, make your keys safe in the real world: phishing, drainers, approvals, hardware wallets, and recovery.


Next: Wallet Safety 101 →