## How does cryptography work? This article covers what public and private keys are, and how to use them

Ethereum has two different kinds of accounts: externally owned accounts (EOAs) and contracts. Ownership of ether is established through private keys, Ethereum addresses, and digital signatures. The private keys are at the center of all user interaction with Ethereum. In fact, account addresses are derived directly from private keys: which uniquely determines a single Ethereum address, also known as an account.

A private key is simply a number, picked randomly. Ownership and control of the private key is the root of user control over all funds linked with the Ethereum address, in addition to access to contracts that authorize that address. The private key is used to create signatures required to spend ether by proving funds ownership used in a transaction.

The private key must be kept securely because revealing it to third parties is equivalent to giving them control over the ether and contracts. Also, it must also be backed up and protected from accidental loss. If it’s lost, it can not be recovered and therefore funds secured by it are lost forever too.

## Generating a private key from a random number

The first and most vital step in generating keys is to search out a secure source of entropy, or randomness. Creating an Ethereum private key involves picking a number between 1 and 2²⁵⁶. Ethereum software uses the underlying operating system’s random number generator to generate 256 random bits.

A private key can be any nonzero number up to a very large number slightly less than 2²⁵⁶ — a huge 78-digit number, roughly 1.158 * 1077.

“2²⁵⁶ — the size of Ethereum’s private key space — is a very large number which is approximately 1077 in decimal.” — Andreas Antonopoulo, author of “Mastering Ethereum: Building Smart Contracts and DApps”

Note that the private key generation process is an offline one; it doesn’t require any communication with the Ethereum network, or any communication.

*Do not write your own code to create a random number or use a “simple” random number generator offered by your programming language.*

An Ethereum public key is a point on an elliptic curve, a set of x and y coordinates that satisfy the elliptic curve equation.

It is formed from two numbers, joined together. These numbers are generated from the private key that can only go one way which means, to calculate a public key if you have the private key, but you can’t calculate the private key from the public key.

The public key is obtained from the private key using elliptic curve multiplication, which is irreversible: `K = k * G`

where `k`

is the private key, `G`

is the constant point (generator point), and `K`

is the public key.

Elliptic curve multiplication

isn’t like normal multiplication. It’s is a one-way function: it is easy to do in one direction (multiplication) and impossible to do in the reverse direction (division).

Elliptic curve cryptography could be a form of asymmetric or public-key cryptography based on the discrete algorithm problem as expressed by addition and multiplication on the points of an elliptic curve.

elliptic curve `secp256k1`

Ethereum uses a particular elliptic curve and set of mathematical constants, as defined in a standard called `secp256k1`

. The

y²= ( x³+ 7 ) over ( 𝔽 p )or:y ² |p| = ( x³ + 7 ) |p|

curve is defined by the subsequent function, which produces an elliptic curve: `mod p`

The `p`

(prime number) indicates that this curve is over a finite field of prime order `p = 2²⁵⁶–2³²–2⁹–2⁸–2⁷–2⁶–2⁴–1`

where

## which is a very large prime number.

Ethereum address formats

The Ethereum address is a hexadecimal number, denoted by the last 20 bytes of the Keccak-256 hash of the public number.

`npm install -g helpeth`

We can use the helpeth command-line tool to create ICAP addresses. You can install it using npm:

`helpeth keyGenerate`

If you don’t have npm, you may have to install by following the instructions at https://nodejs.org.

Address: 0xe16c1623c1aa7d919cd2241d8b36d9e79c1be2a2Address (checksum): 0xe16C1623c1AA7D919cd2241d8b36d9E79C1Be2A2ICAP: XE56 QBY1 TCEL SB4U 7BTR QQRC IOUY 8UNS DK2Public key: 0xaa931f5ee58735270821b3722866d8882d1948909532cf8ac2b3ef144ae8043363d1d3728b49f10c7cd78c38289c8012477473879f3b53169f2a677b7fbed0c7Private key: 0x227dbb8586117d55284e26620bc76534dfbd2394be34cf4a09cb775d593b6f2b

Output:

`helpeth keyDetails `

-p 0x227dbb8586117d55284e26620bc76534dfbd2394be34cf4a09cb775d593b6f2b

Now we will use the given private key to retrieve a public key, as shown below:

Address: 0xe16c1623c1aa7d919cd2241d8b36d9e79c1be2a2Address (checksum): 0xe16C1623c1AA7D919cd2241d8b36d9E79C1Be2A2ICAP: XE56 QBY1 TCEL SB4U 7BTR QQRC IOUY 8UNS DK2Public key: 0xaa931f5ee58735270821b3722866d8882d1948909532cf8ac2b3ef144ae8043363d1d3728b49f10c7cd78c38289c8012477473879f3b53169f2a677b7fbed0c7

Output:

“The Inter exchange Client Address Protocol (ICAP) is an Ethereum address encoding that’s partly compatible with the International Bank Account Number (IBAN) encoding, offering a flexible, checksummed, and interoperable encoding for Ethereum addresses. ICAP addresses can encode Ethereum addresses or common names registered with an Ethereum name registry.” —Andreas

Antonopoulo, author of “Mastering Ethereum: Building Smart Contracts and DApps”