 I'm confused by the terms Bitcoin address, hash, digital signature, public, private key. What is the difference between these terms and how are they related to mining, transaction validation, and security? For instance, if I'm paying a merchant through Bitcoin, do I send the merchant the hash? Please explain. How is my identity as an independent node represented on the Bitcoin network? All great questions, Eric. This is indeed a very confusing topic for many people. What I'm going to do is address most of these questions in one kind of cohesive way, if I can. We'll start in terms of your control over your wallet. You may have heard me say in the past one of my slogans, which is, Not your keys, not your coins. This applies to Bitcoin. It also applies to any other cryptocurrency where you have a decentralized system. In order for you to be in control of the funds or smart contracts or any other activities on a blockchain, you have to keep control of your keys. So let's start with the private key. Of course, the private key, as the name suggests, is the part of your key pair that you must keep private. Now, what is a private key? In simple terms, it's a number. It's just a very, very, very long number. And when I say very, very long number, if you wrote it down in decibel, it could be up to 77 digits long. So imagine if I said, Pick a random number between 1 and 9999999999999 and I just kept going like that 77 nines in a row. That's how you pick a private key. Well, you don't pick it. Your wallet, either a hardware wallet, a software wallet, a smartphone wallet, or whatever, will generate a random number inside that range. And that random number will be your private key. The chances of you generating the same private key as somebody else are practically zero. As a result, your wallet can independently generate it. In fact, you can generate your private key without any contact with the Bitcoin network. It's not registered per se, it's not recorded anywhere on the blockchain. And none of your identifying information is recorded anywhere in the system. So if you run your own wallet, or you control your own keys, or you generate your own keys manually, then you can do that without any online connection. You don't have to be online to do this. You simply have your software pick, effectively, a very, very long random number. Now just explain how this works. You could also generate this very, very long random number yourself. One example that people have used is if you take a coin and you toss it 255 times, then you've got, sorry, 256 times, then you've got a very large random number that produces a key. It's in binary. You say heads is zero and tails is one, or the other way around, doesn't really matter. And then you toss that coin 256 times, you've generated a very large random private number. Then you don't tell anyone what that number is. So that's a private key. Now with asymmetric cryptography as it's called, or public private key systems, you don't just have a private key, you also then generate from that private key a corresponding public key. And as the name says, the public key is something that you could reveal. Now in Bitcoin, we don't. And there's a security reason that we'll talk about in the answer to one of the other questions. But the bottom line is the public key then becomes the basis for your address. So it all starts with a private key, which is a very long number. From that very long number, your wallet will generate a public key. Every private key generates one and only one corresponding public key. And it generates it by doing what's called a scalar multiplication on the elliptic curve field. So what that means is you multiply a specific point on the elliptic curve by your private key. And you generate another point on the elliptic curve, which is your public key. That's a bit confusing because what does it mean to generate a point? And what does it mean to multiply a point on the elliptic curve? It might be confusing at first if you think of it as multiplication. But let me give you an example. If you call your private key lowercase k and you start with the elliptic curve, generate a point called g, then your public key is simply k times g. But one way to write k times g is simply to write it as g plus g plus g plus g. And just repeat that addition k times. So if you simply add the elliptic curve generator point to itself as many times as whatever your private key number is, then you will end up on another point on the elliptic curve. And this one of the properties of the elliptic curve is that if you add a point to itself, the result is another point on the elliptic curve. So we'll say a point, what we mean essentially is an x, y coordinate on a curve that satisfies the equation of the elliptic curve. And that point becomes your public key. Those x, y coordinates are your public key. The most important thing to understand here is that this is a one-way operation because there is no such thing as division on the elliptic curve. Meaning that if you produce this public key by multiplying your private key and the generator point, there's no way to simply divide by the generator and produce your private key. That's impossible to do. The only way to do that is to try all possible private keys, also known as a brute force attack, which is impossible because there's too many of them. So this is a one-way relationship. And the basis of all cryptography lies in these one-way functions, which can be computed very efficiently and easily in one direction, but are impossible to compute in the other direction without brute forcing all possible values. So the private key is a number. You use a one-way function of multiplication on the elliptic curve to produce an x, y coordinate point on the curve called your public key. We take the x and y coordinates and we smush them together and produce simply a long string of numbers, which is how we represent the public key. And under normal circumstances, you as a user never see this public key. It's used only in the process of signing a digital signature in a transaction, and we'll talk about that in just a second. So the public and the private key have this one-way relationship. But in Bitcoin, we don't use the public key directly. Instead, we go one more step with the one-way function called a hash. So we take the public key and we feed it into two hash functions called shout to 56 and ripe md. By passing it through these two consecutive hash functions, we produce another number. And that number is then represented as your Bitcoin address. So I have a key, one-way function, public key. Public key, again, one-way function, which is the application of hashes, to produce a Bitcoin address. That means effectively that a single private key that you've generated randomly can be used at any time to produce the single public key that belongs to you. And then from that public key, you can use it to produce the single Bitcoin address. A private key will produce a single public key, and if encoded in the same way, will produce a single Bitcoin address, and that way you have a chain. Meaning that you can go from the private key and reproduce the public key and the Bitcoin address any time you want because you have the private key, it's in your wallet. That's the thing you own and control, which gives you control over funds that are stored in Bitcoin and other cryptocurrencies and blockchains, and that is the basis by which you prove your control. Now, once you have your Bitcoin address, you can then give that to a merchant. The Bitcoin address that you give to a merchant is effectively the double hash of your public key. They can't see your public key because, as I mentioned before, hash is a one-way function. They can't go from the Bitcoin address back to the public key. But if you later present with a public key, they could confirm that that corresponds to the hash that you sent them. They will then construct a transaction. So let's say if you want to pay a merchant, they show you their Bitcoin address. If someone is paying you, you show them your Bitcoin address. So the Bitcoin address is used to receive payments. And the way it's used is that when someone sends to a Bitcoin address or address, what happens behind the scenes is that a certain amount of funds are locked using a locking script. And they're locked in such a way that only the owner of the private key can unlock them and produce a signature proving that they own the private key. How can you create an offline address, and then how does the Bitcoin network know about this address if you've never been online? How will the Bitcoin network find out about this address? And this is really interesting because it speaks to a fundamental aspect of the system, meaning that addresses are just numbers. You pick one out of randomness. You generate a key, of course, not an address directly. You generate a key out of randomness, just picking a number at random from a huge range of numbers. And that produces a unique Bitcoin address, unique not because you check that nobody else has it, unique because the chance of someone else has it is about the same as winning a million lotteries in a row. So the bottom line is that's how you create these keys and addresses. Now, you've created the address the network doesn't know. The beauty is the network doesn't need to know that address doesn't exist until someone tries to send money to it. And when someone tries to send money to it, then it becomes part of the Bitcoin network. So let's say you generated an address offline, and in fact, you don't even need a computer to do that. You could use dice, playing cards, a coin, flip a coin 256 times, write down the zero, one, tails, and heads numbers, produce a 256-bit private key. Then go through the laborious manual exercise of converting that private key into a public key with elliptic curve multiplication. It's very difficult to do, but you can do it with pen and paper. And then go through the even more laborious process of doing SHA-256 on paper and write MD on paper, and you could produce a Bitcoin address. Not only one that hasn't been online, one that has never seen a computer, it's just a number. You just did a series of calculations, and now you have a Bitcoin address. Great. Well, you could then give that Bitcoin address to someone and say, send money to it, and they could type it into their wallet. Or if you're really adventurous, you sit down and you draw a QR code by hand, that is also possible, and they scan it. But let's say you're not that adventurous, you just give them the Bitcoin address, they type it into their wallet, they construct a transaction. That transaction will consist of sending or spending an amount from their own Bitcoin funds to your Bitcoin address that has never been seen before. Specifically, what it's doing is it's constructing a locking script that says upon presentation of a public key that when double-hashed is equal to this Bitcoin address and a digital signature that matches this public key against this specific transaction message, you may release these funds. And so that transaction is recorded on the Bitcoin blockchain and it just sits there. If nobody claims it, maybe that Bitcoin address was generated in a weird way and doesn't even have a corresponding key, that's called a burn address. It doesn't need to be a real Bitcoin address. Of course, if you lock funds to an incorrect or fake Bitcoin address, then those funds effectively become locked forever because there is no unlocking script that can release them. However, in the scenario we just discussed, you actually wrote down in binary a private key that you constructed by flipping coins or whatever. And that private key was the basis of the Bitcoin address you gave your friend. So you actually have the ability to construct an unlocking script. So then you could either import that private key into a wallet and spend the money that your friend sent you, or you could even construct a transaction by hand that says, here's an unlocking script, here's the public key, here's the digital signature. Please spend this money. And if you transmit that transaction to the Bitcoin network, it will match the unlocking script to the Bitcoin address you produced earlier. It will say that means you are the correct owner. It will be a valid transaction and you will spend the money. The Bitcoin network doesn't need to know about addresses because addresses effectively are just locking scripts. And if you decide to lock something or an amount to a locking script that is invalid or doesn't correspond to an address anybody's seen, or even corresponds to an address for which there is no key, what you've effectively done is you've buried treasure without a map, you've locked a lock without a key, and that money is gone forever. It can never be retrieved because there is no valid transaction that can unlock it. But if you do have a valid key behind that, then Bitcoin network doesn't care. It will sit there with a locking script, that amount will sit there locked up until you present the unlocking script that allows you to spend it. And until then, the Bitcoin network doesn't care. It just sits there, which also has another interesting implication. How many Bitcoin are sitting there with locking scripts that cannot be unlocked or for which the keys have been lost or for which there are no keys? The answer is, in many cases, we don't know. Some are obvious. There are some addresses and locking scripts on the Bitcoin network today that have locked funds that we know mathematically can never be unlocked. Those Bitcoin are lost forever. There are some that are locked to addresses where the keys have been lost and we don't know that they've been lost because it's impossible to tell. There will never be an unlocking script because there is no private key or until at least a quantum computer can produce a private key by reverse engineering that address. And even that is very tenable for the next several decades.