Public and Private Keys Explained

Public & Private Keys Explained (Wallet Addresses, Seed Phrases, Signatures)

Beginner → Intermediate Wallets & Security • ~14–16 min read • Updated: 2025-11-07

1) Private key → Public key → Address (mental model)

Most modern chains use public-key cryptography. On Ethereum-style chains, a private key is a 256-bit random number. Using elliptic-curve multiplication (secp256k1 on Ethereum/Bitcoin), you derive a public key. From that, the wallet computes a short, shareable address (e.g., on Ethereum: Keccak-256 of the uncompressed public key, last 20 bytes, prefixed with 0x). Anyone can send value to your address. Only someone who knows the private key can produce a valid digital signature to move funds.

Diagram — From private key to public key to address

Private key

256-bit secret (keep offline)
Example: 0xA1...F3 (never share)

Public key

Elliptic-curve multiplication
secp256k1 (ETH/BTC)

Address

Hash/encoding of public key
Shareable: 0xAbC...123
One-way math: knowing the public key/address does not reveal the private key (computationally infeasible).
ELI5: The private key is your super-secret pen. The public key is the matching handwriting the world recognizes. Your address is the short mailing label. Anyone can mail you a package, but only your pen can sign for moving it. 
// Ethereum mental model (high-level)
privateKey = random256()
publicKey  = secp256k1_multiply(privateKey)
address    = keccak256(publicKey_uncompressed)[12:]  // last 20 bytes
assert(!feasible(publicKey → privateKey))            // one-way

Sources: Ethereum.org — Accounts, Elliptic Curve (secp256k1) primer.

2) Entropy & secure key generation

A private key is only as strong as its randomness (entropy). Good wallets use secure OS random number generators (RNGs) or hardware true RNGs. “Brain wallets” (phrases you invent) are risky because humans are predictable and attackers precompute dictionaries.

  • Do: Use reputable wallets (hardware wallets preferred). Let the device generate keys internally.
  • Don’t: Hand-craft keys or mnemonics. Avoid shady vanity address generators.
  • Consider: Extra passphrase over BIP-39 seed (advanced; see below).
Brain-wallet trap: If your “random” phrase appears in song lyrics, quotes, or patterns, assume bots will try it. Use hardware generation.

References: BIP-32, BIP-39, Ethereum.org — Wallets.

3) Seed phrases & HD wallets (BIP-39 / BIP-32 / BIP-44)

Modern wallets are hierarchical deterministic (HD). You back up one mnemonic — a 12 or 24-word seed phrase (BIP-39). That mnemonic deterministically derives a master seed from which a tree of keys is generated (BIP-32). BIP-44 then standardizes the path structure so wallets can interoperate across coins and accounts.

Diagram — One seed → many accounts (HD wallet tree)

BIP-39 mnemonic

12/24 words → master seed
Write offline (paper/metal)

BIP-32 tree

Parent → child keys via paths
Hardened/non-hardened

BIP-44 paths

m/44'/coin'/acct'/change/index
ETH coin type = 60'
Example: First Ethereum account path is often m/44'/60'/0'/0/0. Increment the last index for fresh addresses.
Advanced option — BIP-39 passphrase (“25th word”)

Adds an extra secret combined with the mnemonic to derive a different wallet. Lose the passphrase and your words won’t recover funds. For high-value setups, it’s powerful. For forgetful users, dangerous. Test recovery regularly.

Advanced option — Shamir backups (SLIP-39)

Split your mnemonic into shares (e.g., 2-of-3). Any threshold combination recreates the seed. Useful for disaster recovery and reducing single-point failure risk. Ensure each share is stored securely and geographically separated. 

// Typical ETH account derivation examples
m/44'/60'/0'/0/0     // First account
m/44'/60'/0'/0/1     // Second account
m/44'/60'/1'/0/0     // Second "account" (different branch)

Sources: BIP-39, BIP-32, BIP-44.

4) Derivation paths & multi-account hygiene

Because one seed can generate endlessly many accounts, you should plan naming and hygiene. Keep a “hot” account for daily activity, separate from your long-term “vault”. If you migrate wallets, ensure they agree on derivation paths; otherwise you may think funds are “missing” when the new wallet simply looks at a different branch.

  • Label accounts in your wallet and explorer (e.g., “Daily”, “DeFi-LP”, “Vault”).
  • Document derivation paths for future recovery or audit.
  • Rotate addresses for privacy where appropriate (Bitcoin best-practice; less common on ETH due to UX).
Common migration mistake: Importing a seed into a new wallet that defaults to a different path, so you don’t see the same addresses. Fix: manually set the derivation path or use a wallet that supports multiple presets.

5) What a signature really is (EIP-155, EIP-712, EIP-1271)

When you press Confirm in a wallet, it builds a canonical message from the transaction fields (or typed structured data) and signs the digest with your private key (ECDSA over secp256k1 on Ethereum). Nodes verify the signature using your public key. If valid, protocol rules allow the state update. 

// High-level signing flow
digest     = keccak256(rlpEncode(txFields with chainId))
signature  = sign(digest, privateKey)  // yields (v, r, s)
valid      = verify(signature, digest, publicKey)
if (valid) include tx in block → state changes
EIP-155 — chainId in signatures

Prevents replay attacks across EVM chains. A tx signed for chain A won’t auto-work on chain B.

Spec

EIP-712 — typed structured data

Makes off-chain messages human-readable before you sign. Reduces blind-signing risks.

Spec

EIP-1271 — contract wallet “signatures”

Smart wallets validate signatures via contract logic (e.g., multi-sig thresholds) instead of a single private key.

Spec

Blind signing ≠ safe: If your wallet displays “hex gibberish”, you can’t tell what you’re granting. Prefer EIP-712 prompts and simulate transactions with a reputable tool before signing.

6) Address formats & checksums (ETH vs Bitcoin vs Solana)

Ethereum: addresses are the last 20 bytes of Keccak-256 hash of the uncompressed public key (no prefix byte), displayed in hex with 0x. EIP-55 suggests a mixed-case checksum that catches typos; some apps always lowercase. ENS names (alice.eth) resolve to addresses on chain.

Bitcoin: uses Base58Check (legacy), bech32 (bc1...) and bech32m for segwit/taproot with built-in checksums; addresses depend on script types (P2PKH, P2SH, P2WPKH, P2TR). Bitcoin whitepaper, BIPs.

Solana: uses Ed25519 keys; addresses are Base58 encodings of public keys. Different curve, different encoding — and not interchangeable with ETH/BTC.

Never paste cross-chain: An ETH address on Solana is just a random Base58 string, not your account. Always verify chain context in your wallet.

7) Wallet types: hot, cold, custodial, smart wallets

Hot wallets (browser/mobile)
  • Convenient for daily use; highest phishing/malware exposure.
  • Use for small balances; avoid long-lived unlimited approvals.
Cold wallets (hardware/air-gapped)
  • Keys generated and stored offline; confirm details on device screen.
  • Ideal for holdings, treasury, and creator payouts.
Custodial wallets (exchanges, fintech apps)
  • They hold keys for you; simpler UX but adds counterparty risk.
  • Use for on-ramps/off-ramps; withdraw to self-custody as default.
Smart wallets (account abstraction)
  • Programmable policies: daily limits, multi-approvals, session keys, social recovery.
  • Signatures validated by contract logic (EIP-1271).

See: Ethereum.org — Wallets, vendor docs: Ledger, Trezor.

8) Key management best practices (2025 edition)

Backups
  • Write seed on paper or steel; store in 2+ locations.
  • Test recovery on a spare device offline.
  • Don’t photograph or upload the seed.
Separation of duties
  • Daily hot wallet for small spends.
  • Vault on hardware for holdings.
  • Organizational multi-sig for teams/DAOs.
Safer signing
  • Prefer EIP-712 prompts; avoid blind signing.
  • Simulate txs with reputable tools before sending.
  • Review and revoke old token approvals.
Rule of thumb: Anything you wouldn’t leave on a café table shouldn’t live in a hot wallet without a plan to recover if lost.

9) Recovery, rotation & disaster planning

Incidents happen. Good setups fail gracefully. Prepare for theft, device loss, or house fire before they occur.

Scenario: Lost device, seed backed up
  1. Buy a new device (hardware wallet recommended).
  2. Restore using mnemonic (and passphrase if used).
  3. Verify addresses against your records before moving funds.
Scenario: Seed compromised
  1. Generate a new seed on a clean hardware wallet.
  2. Move assets to fresh addresses; rotate API keys/webhooks.
  3. Revoke approvals from old addresses; update ENS records.
Passphrase users: Test recovery periodically. The same 24 words produce a different wallet if the passphrase is wrong or missing.

10) Top threats: phishing, drainers, approvals, malware

Most losses are social-engineering, not cryptography. Attackers trick you into signing malicious approvals or revealing seeds.

Threat What it looks like Defenses
Phishing sites / DMs “Urgent airdrop claim”, fake support asking seed Never share seed; verify domains; use bookmarks & hardware wallet confirmation
Drainers One click “Connect & Sign” empties tokens via allowances Prefer EIP-712; simulate txs; minimal allowances; regular revokes
Malware / keyloggers Clipboard swap, fake wallet pop-ups Hardware wallets; OS hygiene; verify on device screen
Blind signing Hex blobs where you can’t see what you approve Use wallets that parse ABI; reject unclear prompts

Read: Ethereum.org — Security, vendor guidance: Ledger, Trezor.

11) Playbooks: personal, creator, and team setups

Solo user (beginner → intermediate)
  • Hot wallet for small DeFi/NFT spends.
  • Hardware wallet for holdings.
  • Seed on metal backup; ENS for main address.
Creator/business
  • Revenue multisig (2-of-3) with hardware signers.
  • Operational hot wallet with low limits.
  • Periodic payouts to a vault; bookkeeping via CSV exports.
Team/DAO
  • Role-based smart wallet (treasury, ops, grants).
  • Threshold policies; 2-factor signing.
  • Incident runbook and signer rotation schedule.

12) Reading explorers & verifying what you sign

Explorers like Etherscan let you audit what happened on-chain and what you’re about to sign off-chain.

  • Address page: balances, tokens, approvals, ENS names.
  • Transaction page: status, gas, method, event logs, decoded inputs.
  • Contract page: verified source, ABI, read/write tabs (simulate before write).
Tip: Before approving a new dApp, paste the contract address into the explorer. Check verification, creation history, and community notes.

See: Ethereum.org — Transactions.

13) Gentle cryptography: why one-way works

Elliptic-curve cryptography relies on the hardness of the discrete logarithm problem: given a point G and a public point P = kG, finding k is computationally infeasible with present knowledge. Ethereum/Bitcoin use the secp256k1 curve. Signatures (ECDSA) are constructed so that anyone with the public key can verify that the signer knew the private key at signing time. 

// ECDSA verification sketch
Given (msgHash, signature(v,r,s), publicKey)
1) Compute a candidate point from (r, s, msgHash)
2) Check curve equations and recovery id v
3) Accept if derived publicKey matches and equations hold

References: secp256k1 primer, Bitcoin Whitepaper.

14) Common myths & mistakes

  • Myth: “My exchange login is my wallet.”
    Reality: That’s custodial access. If they lock you out, you’re out.
  • Mistake: Emailing or photographing the seed phrase.
    Fix: Keep offline; use metal backup for longevity.
  • Myth: “I know my address, so I can recover.”
    Reality: You must have the private key/seed.
  • Mistake: Unlimited token approvals to unknown contracts.
    Fix: Minimal allowances; schedule revokes.
  • Myth: “Higher gas makes a failing tx succeed.”
    Reality: Gas can’t fix logical reverts; simulate first.

15) References & further learning

16) Mini-FAQ

Is a seed phrase the same as a private key?

No. A seed phrase (BIP-39) can deterministically generate many private keys. A private key controls exactly one account.

Can someone guess my private key from my address?

Not with current computing. The derivation is designed to be one-way and computationally infeasible to reverse.

What’s the simplest safe setup?

Hot wallet (small balance) + hardware wallet (holdings), with seed backed up on metal in two places, and periodic approval revokes.

Will account abstraction replace seed phrases?

Smart wallets may hide seeds from users and offer social recovery, but keys still exist under the hood. UX is improving, not removing cryptography.

Quick check

  1. How do a private key, public key, and address relate?
  2. What problem does EIP-712 solve? Why does it matter for phishing?
  3. Why can importing the same seed into two wallets show different addresses?
  4. Name two reasons to keep a hot wallet separate from a vault wallet.
Show answers
  • Private → public via elliptic-curve multiplication; address is a short representation (hash/encoding) of public key.
  • It makes messages human-readable (typed structured data), reducing blind-signing and phishing risks.
  • Different default derivation paths; the wallet might read another branch.
  • Limit blast radius of phishing/drainers; isolate large holdings on hardware-secured keys.

Next up: turn this knowledge into safety. Learn how to configure hardware wallets, revoke risky approvals, and simulate transactions.

Next: Wallet Safety 101 →