Bitcoin Cryptography - How It Actually Works

💡

The Core Concept: A Transparent Safe

A transparent safe with coins inside and a combination lock

A Bitcoin wallet works like a transparent safe with a combination lock. This single image captures the essential properties of public-key cryptography:

👁️ Public Blockchain

The safe is transparent — anyone can see how many coins are inside. On Bitcoin, all balances are publicly visible.

📥 Public Address

The slot on top lets anyone deposit coins. Your Bitcoin address works the same way — share it freely to receive funds.

🔐 Private Key

The combination is known only to you. Your private key is the only way to unlock and spend the funds inside.

👤 Pseudonymity

There's no name on the box. Bitcoin addresses aren't linked to real-world identities — ownership is proven by knowledge of the key.

The rest of this page explains how this works mathematically — the mechanisms that make the combination unguessable and the deposits irreversible.

01

Hash Functions: Digital Fingerprints

A hash function takes any input and produces a fixed-size output. Bitcoin uses SHA-256, which always outputs 256 bits (64 hex characters) regardless of whether you input a single letter or an entire movie file.

The critical property is the avalanche effect: changing even a single bit of input flips approximately 50% of the output bits. This isn't random — it's mathematically designed chaos.

🔬 Think: Digital Fingerprint

Just like how your fingerprint uniquely identifies you, a hash uniquely identifies data. Two people might look similar, but their fingerprints are completely different. Similarly, "hello" and "Hello" produce entirely unrelated hashes — there's no way to tell they were similar inputs just by looking at the outputs.

🎮 Think: Deterministic Chaos

Imagine a pinball machine where dropping the ball from position X always lands in slot Y. Move the starting position by 0.001mm, and the ball bounces completely differently, landing in a totally different slot. The path is deterministic (same start = same end) but chaotic (tiny changes = massive differences). That's a hash function.

Interactive: Watch the Avalanche

Input A

-

Input B

-

Matching bits

Flipped bits

-

Bits flipped (of 256)

-

Percentage changed

-

Input difference

Key insight: Hash functions are designed to destroy patterns. This property is the foundation of Bitcoin's security model.

Where else is this used?

Password storage: Websites store hashes of your password, not the password itself. Even if hackers steal the database, they can't reverse the hashes.
File integrity: Download sites show SHA-256 checksums so you can verify files weren't tampered with.
Git commits: Every commit ID is a hash of the content — change one character and the commit ID changes entirely.

02

Private Key → Public Key → Address

Bitcoin uses asymmetric cryptography: a private key (secret) mathematically derives a public key (shareable), which then derives an address (what you give people to receive funds).

The mathematical relationship is a trapdoor function — easy to compute in one direction, computationally infeasible to reverse.

🔐 Think: Padlock vs Key

Imagine you can distribute open padlocks to anyone (your public key). People can use them to lock boxes and send them to you. But only you have the key (private key) to open those padlocks. Even though everyone has your padlock, they can't create a key that opens it — the manufacturing process is one-way.

📱 Think: Username vs Password

Your Bitcoin address is like a public username — share it freely. Your private key is like a password that proves ownership. But unlike regular passwords, your "username" is mathematically derived from your "password" in a way that can't be reversed. Someone can't look at your username and figure out your password.

The Three Layers

1. Private Key (256 bits)
A random number between 1 and 2²⁵⁶. That's more possible keys than atoms in the observable universe. Generated using cryptographically secure randomness.

2. Public Key (Elliptic Curve Point)
Derived via PublicKey = PrivateKey × G where G is a generator point on the secp256k1 elliptic curve. This multiplication is easy; reversing it (finding the private key from the public key) requires solving the discrete logarithm problem — currently computationally infeasible.

🕐 Think: The Clock Face Problem

Imagine a clock, but instead of 12 positions, it has trillions of positions around its face. The "generator point" G is like starting at 12 o'clock.

Your private key is the number of "jumps" you make around the clock (e.g., 7 jumps clockwise).

Your public key is where the hand ends up after those jumps.

Here's the problem: if I show you where the hand ended up, can you tell me how many jumps it took to get there? On a clock with trillions of positions, where the hand might have wrapped around millions of times, it's essentially impossible. You see the final position, but you can't deduce the journey.

Going forward: Easy — just count your jumps.
Going backward: Impossible — infinite possible journeys lead to the same spot.

3. Address (HASH160 + Base58)
Address = Base58Check(0x00 + RIPEMD160(SHA256(PublicKey)))
Double-hashing adds security (even if one algorithm is weakened, the other protects you). Base58 encoding makes it human-readable and includes a checksum.

Interactive: Generate a Key Pair

Secret Private Key

256 bits of entropy — keep this secret, it controls your funds

Click generate to create a key pair

↓ secp256k1 point multiplication

Shareable Public Key (Compressed)

A point on the elliptic curve — proves ownership without revealing the private key

-

↓ SHA256 → RIPEMD160 → Base58Check

Public Bitcoin Address (P2PKH)

Share this to receive Bitcoin — it's derived from the public key

-

Security note: These keys are generated in your browser for demonstration. Never use web-generated keys for real funds — use hardware wallets or audited software.

The maths that makes it work

Elliptic curve multiplication works by repeatedly adding a point to itself on a curve defined by y² = x³ + 7 (mod p). The (mod p) is what creates the "wrapping" — like how our clock hand wraps around after reaching the end. Going forward (multiplying) requires simple addition operations. Going backward (finding how many times G was added to itself to get the public key) has no known efficient algorithm — the best known approach would take billions of years with current computing power.

The clock analogy captures the essence: the mod operation creates a finite, cyclic group where you can easily move forward but can't efficiently trace back. In Bitcoin's secp256k1 curve, p is a 256-bit prime, giving us approximately 2²⁵⁶ positions on our "clock" — far too many to search through.

03

HD Wallets: Deterministic Key Trees

Hierarchical Deterministic (HD) wallets (defined in BIP-32) let you derive an unlimited number of key pairs from a single master seed. Each derived key is cryptographically independent — knowing one reveals nothing about the others.

🔑 Think: Password Manager Derivation

Imagine a password manager that generates unique passwords for every site using a master password + the site name. Same master + "google.com" always gives the same password, but "google.com" and "github.com" passwords look completely unrelated. Even if someone gets one password, they can't derive the others or guess your master password.

🧬 Think: DNA → Different Cells

Your DNA (seed) contains the blueprint for every cell in your body. A skin cell and a neuron are completely different, yet both came from the same DNA. Knowing everything about a skin cell doesn't tell you anything about your neurons — and finding a skin cell doesn't let someone reconstruct your DNA.

How Derivation Works

Each child key is derived using: ChildKey = HMAC-SHA512(ParentKey + ChainCode, Index)

The chain code adds additional entropy, and the index lets you create billions of unique keys. Thanks to the avalanche effect, index 0 and index 1 produce completely unrelated keys.

Interactive: Derive Keys from Seed

Seed phrase (any text for demo)

Each key below came from the same seed + a different index.
Notice they look completely unrelated.

Enter a seed above

Why This Matters

Benefit	Explanation
Privacy	Use a new address for every transaction. Blockchain analysts can't link your addresses by inspection.
Simple Backup	Back up 12-24 words once, recover unlimited keys forever. No need to backup each key separately.
Compartmentalised Security	If one private key is compromised, your other keys remain secure.
Account Structure	Derivation paths (e.g., m/44'/0'/0'/0/0) let wallets organise keys hierarchically — different accounts, purposes, etc.

04

How It All Connects

These three concepts share the same mathematical foundation: one-way functions with deterministic chaos.

Property	Hash Functions	Key Derivation	HD Wallets
Deterministic	Same input → same output	Same private key → same public key	Same seed + path → same key
Avalanche Effect	1 bit change → ~50% output change	Adjacent private keys → unrelated public keys	Adjacent indices → unrelated child keys
One-Way	Can't find input from output	Can't find private from public	Can't find seed from child key
Collision Resistant	Infeasible to find two inputs with same hash	Infeasible for two private keys to share public key	Infeasible for different seeds to produce same keys

The Core Principle

Bitcoin's security rests on mathematical asymmetry: operations that are trivially easy to perform in one direction but computationally impossible to reverse. Hash functions destroy patterns, elliptic curves hide private keys, and HD derivation isolates keys — all using the same fundamental property of deterministic, irreversible transformation.