Private Keys

Bitcoin Private Keys are created by Bitcoin wallets and they represent the identity of fund ownership. To spend funds on the Bitcoin Blockchain, a transaction signed with a private key must be presented by a Bitcoin wallet. Private keys are not created through any cooperative network process, instead they are simply chosen at random from within an impossibly large number, two to the two hundred and fifty-sixth power. These keys must be kept secret to prevent fund loss, so typically they are hidden by wallets to avoid accidental exposure.

Every time coins are received, users create a new private key, from which a one-way derived public address to give out is generated. Private keys should not be copied between wallets except as whole wallet backups, however in some instances it may be necessary for their direct use. In this case, the best practice is to direct a wallet to use the private key in a new transaction that consumes all funds controlled by the private key, a method known as sweeping. The alternative method, adding the private key to an existing wallet, known as importing, is not recommended and can lead to the loss of funds.

Private keys are simply large numbers, which computers store in a binary form that is not convenient for direct use. The common convention for direct use of private keys is through the WIF encoding standard, which uses an encoding that helps discourage typos and an algorithmic checksum which helps determine validity, as well as a small type hinting signal to indicate the private key type. Bitcoin private keys in this format look like strings of letters and numbers, either starting with an L in a compressed format or a 5 in an uncompressed version.

Security of Private Keys

It may be hard to grasp that a large random number may be secure, why can't it simply be guessed and the funds stolen? The answer lies in the extremely large size of the random number: so large that guessing is impractical. It can be thought of as someone trying to guess a number picked out of a million by shouting guesses. It would take a long time, because a million is large. The same principle works for Bitcoin, the number is so impossibly large that the time required is impossibly long, even for the fastest possible guessing system.

The number of possibilities to brute force a private key are massive: two to the one hundred and sixtieth power for a standard spending collision, a number inconceivably high even assuming exponential growth of computing power. And even the mining process itself acts to shield against key collisions: since mining itself presents a reliable reward for collision finding, it's a more profitable alternative to brute forcing private keys.

Still, there are potential flaws and weaknesses in the scheme that reduce the security of a private key. One of the most common weaknesses is simply to deliberately or accidentally choose a lower random range for a private key. This sounds unlikely, but some Bitcoin enthusiasts have experimented with lowering their private key entropy to allow them to directly remember their private keys. This has led to coin loss, humans are ill-equipped to judge entropy and as a result people have chosen guessable keys.

Another issue may simply be that software has been incorrectly coded through malice or accident to use a more guessable number. This has also led to coin loss: correctly choosing a random number is a lynch pin of the Bitcoin security model and there is no safety failsafe to protect against a weak number, other than some benevolent individuals who constantly scan for these mistakes to help restore funds that are left out in the open.

Going into the theoretical, another weakness exists in the fund security system: public key attacks. Unfortunately there is a weakness in the public and private key cryptography used where knowledge of the public key counterpart to a private key drastically reduces its resistance to brute force guessing, to two to the power of one hundred and twenty eight. Even though this number is billions of times smaller than a private key, it's still considered almost impossibly large. To protect against this, early on in Bitcoin's development the transaction system was altered to hide public keys up until the ten minute period where they enter the Blockchain. This prevents a brute force attack on a public key by only offering a short time window for attack, however reusing an address means funds sent to that address are vulnerable to a brute force attack. This is one of the multiple reasons that address reuse is strongly discouraged. Large amounts of Bitcoin funds are nevertheless secured behind old or reused address transactions that are exposed to public key attack.

Quantum Attacks

It's considered very unlikely that signature brute forcing would present a real threat to private key security, and were it to happen, the longstanding plan would be to adjust the cryptography in a preemptive move before any attack might become feasible. But much more worrying than an attack on the public keys by standard brute forcing, is the potential for a quantum computing brute force attack.

The possibility of quantum computing attack makes it quite important to hide public keys by avoiding address reuse as an attack within a lifetime starts to become feasible when considering quantum computing advances. For a threat to become apparent, quantum computing would require improvements to make them hundreds or thousand times more powerful, but for technical improvement over many years this is quite possible.

In addition to avoiding address reuse, efforts towards which have been underway for many years, there is a possibility of adjusting the signature cryptography to be quantum resistant. As a final prevention method the network might eventually consider the funds stored by a vulnerable signing method to be invalid and lost, and prevent their movement with any signature.