Bitcoin Cryptography Explainer

⚡ Mental Model: The Transparent Safe

A transparent safe with coins inside and a combination lock

Before diving into the cryptographic details, this visual metaphor captures the essential properties of a Bitcoin wallet:

Transparent = Public Ledger

All balances are visible on the blockchain. Anyone can query an address's UTXO set.

Deposit Slot = Public Address

The address (derived from public key) allows anyone to send funds — a one-way operation.

Combination = Private Key

Only the holder of the 256-bit private key can sign transactions to spend the funds.

No Name = Pseudonymity

Addresses are not inherently linked to identities. Ownership is proven cryptographically, not administratively.

Key difference from the analogy: A physical combination lock has perhaps 10,000 combinations. A Bitcoin private key has 2²⁵⁶ possibilities — more than atoms in the observable universe. Brute-forcing is not just hard, it's thermodynamically impossible.

1 Hash Functions: The Avalanche Effect

In Bitcoin, SHA-256 is the core hash function. It takes any input and produces a fixed 256-bit output that appears completely random, yet is entirely deterministic.

Analogy: The Industrial Blender

Imagine putting fruit into a sealed industrial blender and pressing blend for exactly 10 seconds. You get a smoothie. Now add one grain of salt and blend again for the same time. You don't get a "slightly different" smoothie — you get something completely unrecognisable from the first. Hash functions are designed to behave exactly like this.

Analogy: Paint Splatter Wall

Throw a bucket of paint at a wall. Now move your hand just 1mm to the left and throw again. The final splatter pattern is totally different, even though your starting motion barely changed. This is the avalanche effect — tiny input changes cause massive output changes.

Try It: Hash Avalanche Demo

Input 1: SHA-256 Hash:

-

Input 2: SHA-256 Hash:

-

Bit-by-bit comparison (256 bits):

Green = same bit, Red = different bit

-

Bits Changed

-

Percentage Changed

-

Input Difference

Key Teaching Point: A cryptographic hash is not trying to preserve similarity — it is explicitly designed to destroy it. Even a single bit change in the input flips roughly 50% of the output bits.

2 Private Key → Public Key → Address

In Bitcoin, your funds are controlled by a private key. From this single secret number, we can mathematically derive a public key, and from that, a Bitcoin address.

Private Key

256-bit secret

→

ECDSA (secp256k1)

Public Key

Point on curve

→

HASH160

Address

Base58Check

Analogy: The One-Way Lock

Think of your private key as a unique key that fits a special lock. Anyone can look at the lock (public key) and verify it's yours, but only you can open it. The mathematical relationship is like a lock that's trivially easy to close but practically impossible to pick.

Analogy: The Signature Stamp

Your private key is like a unique rubber stamp with an intricate pattern. You can stamp documents (sign transactions) and everyone can verify the stamp matches your registered pattern (public key), but no one can recreate your stamp just by looking at the impressions it leaves.

The Three Steps Explained

Step 1: Private Key (The Secret)

A random 256-bit number (between 1 and ~10⁷⁷)
Must be kept absolutely secret
Usually displayed as 64 hexadecimal characters
Anyone with this key controls the funds

Step 2: Public Key (Elliptic Curve Magic)

Derived by multiplying the private key by a special "generator point" on the secp256k1 curve
Public Key = Private Key × G
This is a one-way function: easy to compute forward, impossible to reverse
The result is a point (x, y) on the elliptic curve

Why can't we reverse it? The "multiplication" here isn't normal multiplication — it's elliptic curve point multiplication. Going forward involves adding a point to itself many times. Going backward would require solving the discrete logarithm problem, which would take longer than the age of the universe with current computers.

Step 3: Address (Hash of Public Key)

Address = Base58Check(version + RIPEMD160(SHA256(publicKey)))
The double hash (SHA256 then RIPEMD160) is called HASH160
This adds another layer of security and shortens the output
Base58Check encoding makes it human-readable and includes a checksum

Try It: Generate Keys

1

Private Key

256 bits of entropy (keep secret!)

Click "Generate" to create a key pair

↓

Elliptic Curve Multiplication (secp256k1)

2

Public Key

Compressed format (33 bytes)

-

↓

HASH160 + Base58Check Encoding

3

Bitcoin Address

P2PKH (Legacy) format

-

Security Note: These keys are generated in your browser for demonstration only. Never use keys generated on a web page for real funds!

3 HD Wallets: Many Keys, One Seed

A Hierarchical Deterministic (HD) wallet starts with one master seed and can derive thousands of private keys. Each key is cryptographically isolated — knowing one reveals nothing about the others.

Analogy: The Magical Book of Numbers

Imagine a magic book where:

Page 1 contains a secret number (the seed)
Each page tells you how to compute the next page
If you tear out page 500, it reveals nothing about page 501 or page 1

You can regenerate every page from page 1, but from any single page you cannot infer the others. That's an HD wallet.

Analogy: A Cryptographic Family Tree

The seed is the root. Each child key is derived using the parent key, an index number, and a hash function. Because hashing has the avalanche effect:

Sibling keys look completely unrelated
Parent/child relationships are invisible
Addresses cannot be linked by inspection

Why HD Wallets Matter

Benefit	Explanation
Privacy	Observers cannot tell that two addresses belong to the same wallet
Backup Simplicity	One seed phrase (12-24 words) backs up ALL your keys forever
Security	Leaking one private key does not compromise the others
Organisation	Keys can be organised hierarchically (accounts, purposes, etc.)

Try It: HD Key Derivation

Seed (any text for demo):

Derived Keys (indices 0-5):

Notice how each key looks completely unrelated to the others, despite coming from the same seed.

Enter a seed and click "Derive Keys"

The Connection: HD wallets work precisely because hash functions destroy patterns. The same avalanche effect that makes "hello" and "Hello" produce unrelated hashes makes seed+index=0 and seed+index=1 produce unrelated keys.

4 How These Ideas Connect

Property	Hash Functions	Key Derivation	HD Wallets
Deterministic	Yes - same input = same output	Yes - same private key = same public key	Yes - same seed = same keys
Avalanche Effect	~50% bits flip with tiny change	Different private key = unrelated public key	index 1 vs index 2 = unrelated keys
Appears Random	Output indistinguishable from random	Public keys appear random	Derived keys appear unrelated
One-Way (Irreversible)	Cannot find input from output	Cannot find private from public	Cannot find seed from single key

The Key Insight:

Hash functions deliberately destroy similarity, and this property is the foundation of Bitcoin's security. HD wallets use this so that thousands of keys can come from one seed while remaining unlinkable and independent. Your private key controls your funds because reversing these one-way functions is computationally impossible.