1) Private key → Public key → Address

A private key is just a very large random number (on Ethereum, 256-bit).
From it, math (elliptic-curve cryptography, e.g., secp256k1) derives a public key,
and from the public key we derive a user-friendly address (e.g., Ethereum’s 0x...).

Private key (keep secret!)
    ↓  (elliptic-curve multiplication)
Public key (can share)
    ↓  (hashing/encoding: keccak, base58/bech32, etc.)
Address (share widely)

Anyone can send funds to your address. Only someone with the corresponding private key can create a valid
signature to move those funds.

2) Seed phrases & HD wallets (BIP39/44)

Most modern wallets are HD (hierarchical deterministic) wallets.
Instead of backing up many keys, you back up one seed phrase (typically 12 or 24 words).
That seed can deterministically generate many accounts and addresses using standard “derivation paths”.

• BIP39: defines the word list & how a mnemonic (seed phrase) maps to a seed.
• BIP32: hierarchical key derivation (parent → child paths).
• BIP44: common path format like m / purpose' / coin_type' / account' / change / address_index.

3) What a signature really is

When you “confirm” a transaction in your wallet, you’re using your private key to generate a
digital signature over the transaction data.
Nodes verify that signature using your public key. If it’s valid, the network accepts the state change.

(tx data) --hash--> digest
digest + private key --sign--> signature
(public key verifies signature == controls address) → valid

On Ethereum you’ll also sign approvals (allowing a contract to move your tokens) and sometimes
messages (off-chain). Always read what you’re signing malicious sites use confusing prompts.

4) Hot vs Cold, Custodial vs Self-custody

• Hot wallet: connected to the internet (browser/mobile). Convenient, higher risk.
• Cold wallet: private key kept offline (hardware wallet, paper, air-gapped). Less convenient, much safer.
• Custodial: someone else (exchange) holds the keys easy UX, but you rely on their security.
• Self-custody: you hold the keys maximum control, maximum responsibility.

5) Key management best practices

• Back up your seed phrase offline in at least two safe places. Never type it on websites.
• Prefer hardware wallets for meaningful funds. Confirm addresses on-device.
• Use multiple accounts: one daily wallet, one “vault” wallet.
• Revoke approvals you no longer need (use a token approval manager).
• Beware blind signing. If the wallet can’t show you human-readable details, pause.
• Phishing is the #1 threat. No support rep will ever ask for your seed.

Recap

• Private key controls funds; public key/address is safe to share.
• Seed phrase can regenerate many accounts (HD wallets via BIP39/44).
• Signatures authorize state changes; nodes verify with your public key.
• Prefer hardware (cold) storage for serious value; never share your seed.

Quick check

1. What’s the difference between a seed phrase and a private key?
2. Why is it safe to share your address but not your private key?
3. What does a signature prove to the network?

Go deeper (free resources)

• Cyfrin Updraft excellent path into Solidity, key management, and security-minded development.
• Ethereum.org Wallets Overview
• BIP39,
  BIP44 standards behind seed phrases & paths.
• How Ethereum keys & addresses are derived
• Elliptic Curve (secp256k1) primer
• Revoke.cash manage ERC-20/721 approvals.

Next up, make your keys safe in the real world: phishing, drainers, approvals, hardware wallets, and recovery.

Next: Wallet Safety 101 →