is received at the other end (the email recipient or the web server), only the private key can unlock it; the public key is useless at this point. And it must be the magically associated (okay, mathematically associated) key, and no other.
Encryption is a handy tool. It means I can give you a public key, and you can write me a message and encrypt it using the public key, and once encrypted nobody in the world can read it unless they have the private key. So, if I’m carefully protecting my keys, I’m the only person in the world who can read it.
The names of these keys aren’t arbitrary. The private key should be truly private — only you, and nobody else in the world, should have access to it. The public key can be truly public. You can give it away. For example, if you want to have people email their messages to you, you can publish your public key — on your website, in the footer of your emails, on your business card, or whatever — so that anybody who wants to send a message to you can encrypt it with your public key knowing that you are the only person in the world who can read it (because you keep the private key secret).
This process is essentially what your web browser uses when you send your credit card information online; the browser uses the web server’s public key to scramble the data so that only the web browser, with the associated private key, can decrypt and read the credit card information. (Okay, that’s a simplification. Browser-to-server communication is more complicated than this description, involving temporary session keys, and so on; but the basic principle still applies.)
Messages to the blockchain
You use public-key encryption when you send transactions to the blockchain. When you want to send, say, Bitcoin, to someone else, you send an encrypted message to the blockchain saying “send x.xx of my Bitcoin to this address.”
But wait. I just told you the blockchain isn’t encrypted, and now I’m telling you the messages to the blockchain are encrypted! So why do you care if the message going to the blockchain is encrypted if you’re just going to decrypt it anyway?
Well, remember I told you this lock/unlock thing works both ways. You can lock with the public key and unlock with the private key or lock with the private key and unlock with the public key. Either way, the data is scrambled. The difference is who has the ability to unscramble it. If you scramble something with the public key, the only person in the world who can unscramble it is the person with the private key. But if you scramble it with the private key, the only person in the world who can open it is … everybody! Anybody and everybody can get to the public key. It’s public, remember!
So, what’s the purpose of encrypting a message with the private key? Not to secure it, obviously, because anybody can decrypt it. No, the purpose is to sign the message (transaction) and prove ownership of the associated public key.
Signing messages with the private key
Say that I publish my public key on my website, in my emails, and on my business cards. Now, one day you get a message that seems to come from me. But how can you be sure it’s from me? Well, I encrypted the message using my private key. So, you take my public key (which is publicly available) and use it to decrypt the message. If the message really is from me, my public key will decrypt it, and you’ll be able to read it. If it isn’t, the decryption won’t work, because it came from someone else.
So, by encrypting the message with the private key, I have in effect signed the message, proving that it came from me. The recipient knows that the message was created by the person holding the private key that is associated with the public key that opened the message up and made it readable.
The blockchain address — your money’s home
All the cryptocurrency in the blockchain is associated with addresses. Here’s one I just grabbed from the Bitcoin blockchain using the blockchain explorer at blockchain.com, for example:
1L7hHWfJL1dd7ZhQFgRv8ke1PTKAHoc9Tq
Trillions of different address combinations are possible, so this address is fundamentally unique. Now, where did this address come from? It came from a wallet that generated it from the private key. That wallet contains a public key and a private key.
Sending a transaction message
So, here’s how cryptography is used when you want to send a transaction to the blockchain, to transfer a cryptocurrency balance to another person. Say there’s an address in the blockchain with Bitcoin associated with it. When I checked, 1L7hHWfJL1dd7ZhQFgRv8ke1PTKAHoc9Tq had a balance of 0.10701382 Bitcoin. Now, say this is your Bitcoin, and you want to send, perhaps, 0.05 Bitcoin to a friend, an exchange, or a merchant from whom you are buying a good or service.
https://blockstream.info/address/1L7hHWfJL1dd7ZhQFgRv8ke1PTKAHoc9Tq.) At the time of writing, it had 0.10701382 Bitcoin. By the time you see it, the number may be different, of course.
You send a message to the blockchain saying, essentially, “I own address 1L7hHWfJL1dd7ZhQFgRv8ke1PTKAHoc9Tq, and I want to send 0.05 Bitcoin to address 1NdaT7URGyG67L9nkP2TuBZjYV6yL7XepS.”
If I just sent a plaintext (unencrypted) message to the blockchain, there would be a huge problem of verification and validity. How would the Bitcoin node receiving this message know that I do indeed own this address and the money associated with it? I could just be spoofing this information and making this up, right?
What we do is use the wallet to sign the message using the private key associated with the address. In other words, we use the private key to encrypt the message. Then we take the public key, add it to the encrypted message, and send it all out across the cryptocurrency network.
MESSAGE TO THE BLOCKCHAIN
How do you send a message to the blockchain? That’s what your wallet software does. In fact, wallet software is less like a wallet — your wallet contains no cryptocurrency — and more like an email program. Your email program sends messages across the email network. Your wallet sends messages (about transactions) across the cryptocurrency network.
Unraveling the message
So, the node — a computer containing a copy of the cryptocurrency blockchain
