ShopPrivate and public keys are the cryptographic foundation that proves Bitcoin ownership and authorizes transactions.
A private key is a secret number that proves you own an amount of bitcoin. A public key is derived from the private key and can be shared publicly. Together they form a "key pair", serving as the cryptographic foundation that lets you assert ownership over bitcoin, even while it operates as a distributed public ledger.
When you send bitcoin, your private key is used to create a digital signature to authorize the transaction. When the network receives your proposed transaction, your public key serves to let everyone verify the signature's validity without exposing the private key. This arrangement of a key pair allows you to prove you hold the private key, without revealing the key itself.
What is a Private Key?
A private key is a large random number, typically generated by your Bitcoin wallet when you first set it up. It is the root of ownership in Bitcoin: it generates the public key from which your receiving addresses are derived, and it authorizes the spending of any bitcoin sent to those addresses.
Whoever holds the private key controls the bitcoin.
The number of possible private keys is astronomically large: approximately 2²⁵⁶ possible values. This number is so large that the probability of anyone generating the same key by chance, or guessing a specific one by brute force, is effectively zero.
Private Keys vs. Passwords
Private keys are not passwords. A password is a shared secret used to authenticate with a central service like an email provider, and can be reset or recovered if lost. In contrast, a private key has no such account, server, or institution associated with it. Whoever holds the private key can authorize the spending of any bitcoin locked to an address associated with it, with no additional verification step and no way to recover it if lost.
If you ever see your private key displayed anywhere, you should treat it with extreme caution. Do not photograph it, copy it, share it, type it, or read it aloud to anyone. Whoever obtains or copies your private key has full, permanent, irrevocable control of every bitcoin it controls.
In practice, most people never see or directly interact with their private key. Your Bitcoin wallet typically handles key generation, management, and signing on your behalf. What you do interact with are the bitcoin addresses that are indirectly derived from your private key and the seed phrase used to recover and generate your entire wallet. A seed phrase is a list of 12 or 24 common words representing the randomness your wallet used to generate your private key, in a form you can read and record. Seed phrases should be treated with the same care as the private key itself.
What is a private key? and What is a seed phrase? covers these topics in full.
What is a Public Key?
A public key is the other side of the key-pair and is derived from the private key using a one-way mathematical function. This means you can create a public key from a private key, but not the reverse. As its name suggests, public keys can be shared publicly without compromising the private key.
An important difference between these keys is that private keys are used for authorizing transactions, whereas public keys are used to verify that authorization.
Two properties define how public keys work and why they can be safely shared.
-
The derivation is one-way: there is no known method of computing a private key from its public key.
-
The keys are deterministic: the same private key always produces the same public key, which is what allows a seed phrase to recover an entire wallet.
Public keys are also used to generate Bitcoin addresses, which is what you share when receiving bitcoin. Every address you control traces back through a mathematical derivation to the same seed phrase. What is public key cryptography? covers the mathematics behind the key derivation.
How do Private and Public Keys Work Together?
When you send bitcoin, your wallet uses the private key and public key in combination. The private key produces a digital signature specific to the transaction, and the public key allows the network to verify it. Neither process requires revealing the private key, which means ownership can be proven publicly without being exposed.
The digital signature is tied to the exact details of the transaction, including the inputs being spent, the outputs being created, and the amounts involved. Any modification to those details invalidates the signature, which is how the network detects tampering before accepting a transaction.
When someone sends you bitcoin, that amount becomes locked to the Bitcoin address, which was derived from your public key. Later on, when you want to spend the bitcoin, your wallet signs the transaction and presents your public key so that every node can perform two checks: that your public key corresponds to the address holding the bitcoin, and that the signature was produced by the matching private key.
Every node that receives the transaction runs these checks independently. If the signature is valid and the public key matches the address, the transaction is relayed onward and propagated throughout the network. If anything has been modified since signing, the check fails and the transaction is rejected.
No central authority makes the determination to validate or reject transactions. The process is entirely mathematical, and every node does it as part of running the Bitcoin software. This process is described in greater detail in How does a Bitcoin transaction work?.
Why Must Private Keys Never be Shared?
The private key is the essence of bitcoin ownership. It authorizes the spending of every bitcoin associated with the corresponding addresses, with no additional verification required.
If someone obtains your private key, or simply copies it, they can transfer your bitcoin to any address they choose and the transaction cannot be stopped or reversed once confirmed. There is no customer support line to call, no institution to appeal to, and no way to recover what is gone.
This is what it means for bitcoin to function as a digital bearer asset. In the physical world, cash belongs to whoever holds it. Bitcoin works in a similar way, with one important distinction: what you hold is information. Your private key is the item of value, and whoever possesses it controls the bitcoin.
"Not your keys, not your coins"
"Not your keys, not your coins" is a common phrase among bitcoiners, because it accurately describes the practical realities of bitcoin ownership. For this reason, keeping your private keys offline is critical, especially for meaningful amounts of bitcoin. Internet-connected devices carry inherent risk for private key storage. Malware and remote attacks can access keys on a phone or computer, often without any action from the holder. The more a device is connected, the larger its attack surface.
Hardware wallets are designed to eliminate this exposure. They generate and store the private key in a dedicated device that is not connected to the internet. When it comes to transactions, the signing happens entirely inside the device.
Some hardware wallets pass transaction data via wired or Bluetooth connections, which introduces a potential attack path. Air-gapped hardware wallets removes that risk entirely: the private key remains in a secure element chip on the device, and only the completed signature is transferred, typically via microSD card, so the key itself never leaves.
Related articles
What is Bitcoin?
The definitive peer-to-peer electronic cash system: what it is and how it works
How does a Bitcoin transaction work?
How bitcoin moves from one address to another, and what happens between broadcast and confirmation
What is a Bitcoin wallet?
What a wallet actually is, how it manages keys, and the difference between custodial and self-custodial options
What is Bitcoin self-custody
Why holding your own keys is the only way to truly own your bitcoin