November 19, 2025

4. Blockchain and Bitcoin - Wallets, Keys, and Seed Phrases

Blockchain and Bitcoin - Wallets, Keys, and Seed Phrases

Most people first meet Bitcoin through a wallet app. The app shows a balance, lets you press “Send” and “Receive,” and maybe displays a QR code. It is very tempting to think the coins live inside the wallet. ---- They do not.

All coins live on the blockchain. The wallet holds information that proves which coins you are allowed to spend. That information is organized around private keys, public keys, addresses, and often a single seed phrase that can recreate everything.

This article gives a gentle overview of those ideas, then goes deeper into the important parts: how keys and addresses relate, how seed phrases and hierarchical wallets work, and how backup and recovery really function in practice.

1. The basic problem a wallet solves

The Bitcoin network needs to answer one question for every transaction: “Is the person who created this transaction really allowed to spend these coins?”

Nodes do not know names or passports. They only see digital signatures and scripts attached to transaction inputs and outputs. To create those signatures, someone must hold the right private keys.

A wallet solves several tasks at once:
    Store the private keys or a seed phrase that can generate them.
    Derive public keys and addresses so you can receive payments.
    Watch the blockchain and mempool for any UTXOs that belong to you.
    Construct and sign transactions when you want to spend.
    Present all of this as a simple user interface with balances and history.

The rest of the article explains the ingredients that make this possible.

2. Core concepts in brief

Before going deeper, it is helpful to have short working definitions.

Private key: A private key is a 256 bit number chosen from the allowed range of the elliptic curve used by Bitcoin. Wallet software generates this number using a cryptographically secure process and must keep it secret. Anyone who knows the private key can create valid signatures that spend the coins controlled by that key.

Public key: A public key is derived from the private key using elliptic curve multiplication. It can be shared freely. Other nodes use it to verify signatures. Given a public key, it is computationally infeasible to recover the private key.

Address: An address is a human friendly encoding that is usually based on a hash of a public key, sometimes with additional metadata. When someone pays you, they do not send coins to the raw public key. They send coins to a script that contains one or more hashes or conditions. The address is a compact way for the wallet to present those conditions.

Wallet: A wallet is a piece of software or hardware that manages keys and interacts with the network on your behalf. A self custodial wallet holds your own keys or seed. A custodial “wallet” is really an account with a service that holds the keys for you.

Seed phrase: A seed phrase is a list of words, usually twelve or twenty four, that encodes a root seed. From that seed, a hierarchical deterministic wallet can derive many private keys and addresses in a predictable pattern. This makes backup and recovery much easier.

These concepts are closely related. Next we zoom in on those relationships.

3. From private keys to addresses

3.1 Private keys and public keys

The cryptography used for Bitcoin keys is based on elliptic curve mathematics. You do not need to understand the algebra to use it, but one important property matters:

  • You can easily compute
    public_key = EC_multiply(private_key, generator_point)

  • Given public_key, it is computationally infeasible to recover private_key.

This asymmetry allows a wallet to prove control without revealing its secret.

In practice, the steps look like this:

  1. Wallet chooses a 256 bit number in the valid range for the curve.

  2. It computes the corresponding public key using elliptic curve multiplication.

  3. It stores the private key internally and may store the public key as well.

A private key never needs to leave the wallet in normal operation. Signing happens locally. Only the public key and the signature are shared with the network.

3.2 Why addresses are hashes instead of raw public keys

Bitcoin transactions rarely contain raw public keys in the outputs where coins are first received. Instead they usually contain a hash of a public key inside a script.

A typical “pay to public key hash” output conceptually says: “These coins can be spent by anyone who later reveals a public key whose hash equals this value and presents a valid signature created with the corresponding private key.”

The wallet:

  1. Takes your public key.

  2. Applies one or more hash functions to it.

  3. Wraps that hash into a standard locking script.

  4. Encodes the result into an address string for convenience.

Using hashes instead of raw public keys has some advantages, including shorter data and a small extra layer of protection if weaknesses were ever found in the elliptic curve itself.

3.3 Where public keys actually appear

The public key is usually revealed when you spend coins, not when you first receive them.

  1. When you receive coins, the output in the transaction contains only a hash of your public key inside its locking script.

  2. When you later spend those coins, your wallet creates a new transaction whose input:

    • Points to that output by its transaction id and output index.

    • Includes your full public key and a digital signature in the unlocking script.

A node that validates your transaction then:
    Hashes the public key you provided.
    Checks that this hash matches the one stored in the original output.
    Uses the public key to verify that the signature is valid for this transaction.

If everything checks out, the node can be confident that whoever created the signature must know the corresponding private key, without ever having to see that private key.

4. What a wallet actually stores

At a minimum, a non custodial wallet must store one of the following:

  • One or more private keys directly.

  • A seed from which it can derive many private keys.

Modern wallets almost always use a seed, because it simplifies backup and gives a clean structure. Alongside the secret material they also store:

  • The derivation paths they use.

  • Metadata such as labels, transaction notes, and settings.

  • Possibly an extended public key that can be shared with watch only tools.

The secret part of a wallet is surprisingly small. A twelve word seed phrase encodes enough entropy to derive a vast tree of keys. All the transactions and UTXOs live on the blockchain. The wallet only needs the seed and some metadata in order to reconstruct its view when you restore it.

5. Seed phrases and hierarchical deterministic wallets

5.1 From random bits to a list of words

A seed phrase starts as a sequence of random bits produced by the wallet. These bits are then mapped to words using a fixed dictionary. This has two goals:

  • Give the user something that can be written down or spoken without copying long hex strings.

  • Keep enough entropy so that the seed remains unguessable.

Twelve word phrases already offer security far beyond what any attacker can brute force. Longer phrases give even more margin.

The important detail is that the words are not chosen by the user like a normal password. The wallet generates them from strong randomness and presents them to the user once. If you invent your own phrase, you may greatly reduce security. ---- [In theory, if B independently generates exactly the same Bitcoin wallet seed as A, B gets the same private keys and can spend all of A’s coins. For a 12 word BIP39 seed the chance of this happening by accident is about one in 2^128, which is so small it is treated as impossible in practice.]

5.2 Hierarchical deterministic structure

A hierarchical deterministic wallet takes a seed and uses defined rules to derive a tree of keys. The typical pattern has several levels:

  • A master key pair that sits at the root.

  • Child keys derived from the master.

  • Grandchild keys derived from each child, and so on.

Each position in the tree is described by a path. A simplified example looks like:

m / purpose / coin_type / account / change / index

Different levels can be used for different purposes:

  • coin_type can separate Bitcoin from other currencies that use similar schemes.

  • account can separate independent sets of addresses, for example for “savings” and “spending”.

  • change can distinguish external receiving addresses from internal change addresses.

  • index counts upwards as the wallet needs more addresses.

Because the rules are deterministic, the same seed always gives the same sequence of keys and addresses for the same path. This is what makes restoration possible.

5.3 Extended keys and watch only use

From a master private key you can derive:

  • Extended private keys that can generate many child private keys.

  • Extended public keys that can generate the corresponding child public keys and addresses, but not the private keys.

An extended public key allows a watch only tool to see all incoming and outgoing payments for a branch of the tree without any power to spend. This is useful for accounting, monitoring, or building separate viewer and signer devices.

Sharing an extended private key would expose many private keys at once, so it must be treated with the same care as the seed.

6. Backup and recovery in practice

Seed phrases are primarily about backup. To see why they work, imagine a simple life cycle.

6.1 Initial setup

  1. You install a new wallet.

  2. The wallet generates a random seed and shows you the words.

  3. You write the words on paper and store that paper securely offline.

  4. The wallet derives a set of addresses and starts watching for UTXOs that pay to those addresses.

At this point, if you lose your phone but still have the paper, you have not lost any coins.

6.2 Spending and receiving over time

As you use the wallet:

  • It receives funds to fresh addresses derived from the seed.

  • It constructs transactions that spend your UTXOs and send change back to new internal addresses.

  • It keeps an internal record of which derivation indices it has used.

All of this dynamic state can be reconstructed later from the blockchain and the seed. The seed is the only essential secret.

6.3 Device loss and recovery

Suppose the device is lost or breaks.

  1. You install the same type of wallet software or another compatible implementation.

  2. Instead of choosing “create new wallet” you choose “restore from seed phrase”.

  3. You type in your twelve or twenty four words, in the correct order and spelling.

  4. The wallet internally regenerates the master key and the full tree of keys for the standard derivation paths.

  5. It connects to the network and starts scanning the blockchain or querying servers for any transactions that involve those addresses.

  6. As it discovers UTXOs that belong to you, it rebuilds your balance and history.

If you had also saved additional configuration such as custom derivation paths, you may need to re enter that information. The essential point remains that the seed phrase alone is enough to reconstruct the keys and find the coins.

6.4 Limits and pitfalls

There are a few practical details that can cause confusion:

  • Wallets often assume a “gap limit,” meaning they only look ahead a certain number of unused addresses. If you derive many addresses without using them and then receive payments far along the sequence, a naive scan may miss them.

  • Different wallets may use slightly different derivation paths. Restoring a seed in a wallet that uses a different pattern can make the balance appear empty until you configure the paths to match.

  • If you ever reused the same seed for multiple coins or networks in a nonstandard way, restoration can become messy.

Despite these caveats, seed based backup is far more robust than trying to back up each private key individually.

7. Types of wallets and trust trade offs

The way a wallet stores keys and interacts with the blockchain affects both security and privacy. Several axes matter.

7.1 Custodial vs self custodial

  • In a custodial setup you log in with a username and password or an app. The service holds the private keys and performs transactions on your behalf. This feels simple but introduces counterparty risk. If the service disappears, is hacked, or refuses withdrawals, you have little recourse.

  • In a self custodial setup your device holds the seed or keys. You or your backups are the only party that can authorize spending. The famous phrase “not your keys, not your coins” points at this distinction.

7.2 Hot wallets vs cold storage

  • A hot wallet runs on a device that is regularly connected to the internet. It is convenient for day to day use but more exposed to malware and remote attacks.

  • Cold storage keeps the keys on a device that is mostly offline and that signs transactions in a more isolated environment. Hardware wallets often operate this way.

Many users combine both. They keep a small amount in a hot wallet for spending and store larger amounts in some form of cold storage.

7.3 Full node wallets vs lightweight wallets

  • A full node wallet downloads and verifies the entire blockchain. It maintains its own UTXO set and can independently confirm that every transaction it sees follows the consensus rules.

  • A lightweight wallet relies on servers or filters to learn about relevant transactions. It saves bandwidth and storage but requires some trust that the data it receives is honest and complete.

In all these designs the keys and seed remain the fundamental secret. The rest is about who you trust to provide data and what attack surface you accept.

8. Threats and good practices

Because a seed phrase can recreate all your keys, it becomes the single most valuable secret in your setup. The main threats concentrate around it.

8.1 Typical dangers

  • Someone physically finds or photographs your written seed.

  • Malware steals your seed from an unencrypted file or screenshot.

  • A fake wallet or phishing site tricks you into typing your seed into a malicious form.

  • A device with the keys is lost without any backup of the seed.

  • Weak self chosen phrases are used instead of proper randomly generated seeds.

Against all of these, the most effective habits are simple:

  1. Let the wallet generate the seed and words for you. Do not “invent” seed phrases.

  2. Write the words on a medium that does not depend on a single device, such as paper or a durable plate.

  3. Store the backup in a place that is physically safe from both theft and damage.

  4. Never type the seed into a website form. Only enter it into wallet software you have verified and installed yourself.

  5. Consider using hardware wallets for larger holdings, so that the seed never exists on a general purpose computer.

For very large amounts users can also explore multi signature arrangements, where several keys must cooperate to spend. That topic connects naturally to advanced script features and can be part of a later article.

9. How this connects to the rest of the Bitcoin story

Wallets and seed phrases are the bridge between human users and the abstract ledger of UTXOs and scripts.

  • Without understanding keys and seeds, it is hard to reason clearly about who controls coins and what it means to “lose access”.

  • Once you do understand them, many other topics become easier.

A good mental model of wallets, keys and seed phrases gives you a stable foundation. Future articles can then zoom in on the economics of fees, the flexibility of the scripting system, and the challenges of keeping your activity private on a public ledger.


Other links

1. Blockchain and Bitcoin - Overview and Big Picture
https://shiluqi.blogspot.com/2025/11/blockchain-and-bitcoin-main-article.html

2. Blockchain and Bitcoin - How Bitcoin Records Which Coins You Spend

3. Blockchain and Bitcoin - Transactions Prove Ownership and Deliver Funds
https://shiluqi.blogspot.com/2025/11/blockchain-and-bitcoin-transactions.html

4. Blockchain and Bitcoin - Wallets, Keys, and Seed Phrases
this article

5. Blockchain and Bitcoin - Fees, Mempools, and the Bitcoin Fee Market
TODO

6. Blockchain and Bitcoin - Bitcoin Scripts and Advanced Spending Conditions
TODO

7. Blockchain and Bitcoin - Privacy and a First Look at On-chain Analysis
TODO

at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)