Public & Private Keys
--
How to keep your account safe without loosing access to it
We’ve already talked about how independent agents can reach a consensus on whether a set of transaction is valid, now let’s take a more in-depth look on how individual participants can prove between themselves that transactions are valid and belong to them or other agents.
Cryptography lies at the heart of web3. Blockchains use consensus mechanisms based on a hash function encryption, while individual accounts us public & private key pairs. Each account has its own key pair. Both keys are basically unique combinations, but the essential difference is that a public key is know to others and is used to encrypt data intended for the individual by others, while a private key is known only to the owner of a specific account.
The latter is far more significant than the former. Don’t get confused by the word “pair”, it only indicates a connection. In reality, any number of public keys could be generated with a private key, while an opposite is impossible. If anyone gains access to your public key, it’s not big deal, while if your private key falls into the wrong hands — your account is compromised.
A private key is intended to be used by a computer, so it is not very convenient to read or store it in its original form, thus the mnemonic phrase was created. A mnemonic phrase is a set of words that is much easier to write down, remember, and use by a human.
When you enter a mnemonic phrase to setup your wallet it takes a set of cryptographic operations to recover your private key and then an account associated with it.
Security Tip: Never let anyone access your mnemonic phrase. The best way is to have a password manager app with secured notes and use T2FA (two-factor-authentication) in order to protect your account. Even if you think that it does not have the funds to be of an interest to hackers, using proper security protocols helps to train a habit for the time, when it would be essential. Also, hackers can use your account for any malicious actions that are not aimed at you directly, but could get you in trouble in the future. Better safe than sorry!
Now when we’ve got the right terms (hopefully, you’ve switched to your account tab to setup proper security and came back), let’s dive into how public and private keys facilitate trustless exchange.
When somebody sends you cryptocurrency, tokens, or NFTs they use your public key, which is by no coincidence your wallet address! So as the owner you can use your private key to access it. When you’re sending a transfer you’re also using a private key to prove that you’re the owner and have the right to transfer these items.
This system allows to create a trustless network of addresses (public keys) that can exchange tokes without a third party authority that has to issue those keys, or would have control over how and when you can access your funds, where you send them, and who can transfer funds to your account. All you need is a couple of keys and a protocol.
Of course, manipulating private keys requires some execution environment that could be compromised thus allowing a hacker to gain access to private keys and associated accounts.
That’s why we’re building the next level of security for web3. Super Protocol will enable confidential computations that utilise Trusted Execution Environment technology, allowing to protect any sensitive data while it’s being processed.
If your app is working with such data, join our testnet waitlist and see, how you can protect your clients and users!
