By now you know the Bitcoin ledger is a shared, append-only history that thousands of nodes keep honest, and that miners do the work of sealing new blocks. But one question has been quietly waiting the whole time: when the ledger says coins sit at your address, what actually stops a stranger from writing a line that spends them? The answer is a single secret number you control — and a tidy chain of one-way math that turns it into something you can safely shout from a rooftop. Get this lesson straight and seed phrases, hardware wallets, “not your keys, not your coins,” and the cold dread of a lost backup all snap into focus.
One Secret Number to Rule Them All
Before you read — take a guess
Guess before reading: what is a Bitcoin private key, fundamentally?
Owning bitcoin starts with one thing: a private key — an astronomically large, randomly chosen secret number. Whoever knows that number controls the coins the ledger has filed under its corresponding address. That’s it. No username, no account, no company vouching for you. The number is you, as far as Bitcoin is concerned.
From the private key you derive a public key using elliptic-curve cryptography on a specific curve called secp256k1. This is a genuine mathematical one-way street: computing the public key from the private key is fast and easy, but running the calculation backward — recovering the private key from the public key — is, for any key of real size, computationally infeasible. The secret stays secret even though its partner is out in the open.
Then you take one more one-way step: hash and encode the public key to produce your address — the short string you hand to people who want to pay you. So the whole identity is a chain of one-way derivations:
private key → public key → address.
Each arrow is easy to walk forward and effectively impossible to walk back. That single property is what lets you publish the end of the chain (your address) to the entire planet while the start of it (your private key) stays locked in your head, your device, or your safe.
Why 'random' has to mean really random
A private key’s only protection is that nobody can guess it. The keyspace is so vast that a well-generated random key is safe — but a key made from a weak source (a short passphrase, a predictable “brain wallet”) shrinks the haystack and gets swept and drained. Let your wallet generate the randomness; never hand-roll it.
Match each link in the chain to what it is and who may see it.
Pick a term, then click its definition.
Signing: Proving It’s You
Before you read — take a guess
Guess before reading: how do you prove you own a private key without revealing it?
So you have a secret you can never reveal — how do you ever use it? With a digital signature. When you spend, your wallet builds a transaction (roughly: “move these coins from my address to Bob’s”) and runs it through your private key to produce a signature — a chunk of data unique to both that exact transaction and that exact key. Anyone on the network then uses your public key to verify the signature: the math confirms “yes, the holder of the matching private key signed this, and the message hasn’t been altered.”
Two properties fall out, and they are the entire security model:
- Authenticity — only the private-key holder could produce a valid signature, so a valid signature is the proof of authorization. Nobody can forge it without the key.
- Integrity — the signature is bound to the exact transaction. Change one character afterward and the signature stops matching; verification instantly fails.
And crucially: verifying never reveals the private key. The signature proves you hold the secret without ever showing it. Don’t take my word for it — drive it yourself. Hit sign to wrap your private key around the message and watch a signature appear, hit verify with the public key and see it pass, then tamper with the message and verify again to watch the check fail the instant they stop agreeing:
Message
Signature
Only the private key can produce the signature, but anyone can verify it with the public key. Change the message after signing and verification fails — that mismatch is how a blockchain spots a forged transaction.
That failed check is why Bitcoin needs no central authority to police spending. Every node re-runs the verification on every transaction; a forged or altered one simply can’t produce a signature that checks out, so the network rejects it without ever seeing your secret.
In the demo, you tamper with the message after signing, then verify. Why does it fail?
Addresses: Safe to Share
Before you read — take a guess
Guess before reading: is it dangerous to post your Bitcoin receiving address publicly?
Your address is your “receive here” pointer — the string you put on an invoice, a QR code, or a tip jar. Because it’s derived purely from public information (your public key, hashed and encoded), it is completely safe to share. People send coins to your address; nobody can spend from it without the private key. This is where beginners get the danger exactly backward: posting your address is the whole point, while leaking your private key or seed phrase is the catastrophe.
Myth: 'Sharing my address is risky'
The opposite — your address is designed to be public. Rule of thumb: if it’s what people send money to, share it freely; if it’s what authorizes spending (the private key or the seed phrase behind it), guard it with your life. Refusing to share an address out of fear just means you can’t get paid.
Bitcoin has more than one address format, and you’ll see them in the wild:
- Legacy addresses start with
1...— the original style, fine but a bit costlier to spend. - SegWit addresses start with
bc1...— a newer bech32 encoding that generally means lower transaction fees and better error detection.
You don’t need to memorize the internals; just know multiple formats exist, your wallet
handles the difference, and the newer bc1... style is the cheaper, modern default.
Sort each item by whether it's safe to post publicly or must stay secret.
Place each item in the right group.
- Your bc1... receiving address
- Your private key
- Your 12-word seed phrase
- A QR code of your address on an invoice
- Your public key
- A screenshot of your seed phrase
What a Wallet Actually Stores
Before you read — take a guess
Guess before reading: when you have '0.5 BTC in your wallet,' where do those coins live?
Here’s the sentence that should bother you more than it does: a Bitcoin wallet holds no coins. Recall from crypto-basics that your bitcoin isn’t a token sitting in an app — it’s a set of UTXOs (unspent transaction outputs) recorded on the blockchain. What a wallet actually does is:
- Store or derive your keys (private and public).
- Track which UTXOs your addresses control by reading the public ledger.
- Build and sign transactions when you want to spend.
So “money in your wallet” is just shorthand for “UTXOs on the chain that your keys can unlock.” This distinction has a wonderful payoff: if your phone dies, your laptop is stolen, or the wallet app vanishes from the store, your coins are untouched — they were never in the app. As long as you can recreate the keys, any compatible wallet can find your UTXOs again and spend them.
The keys, not a balance. A backup that saves your keys (in practice, the seed phrase — next section) saves your ability to sign, which is the only thing that controls your on-chain UTXOs. Back up a screenshot of your balance and you’ve backed up nothing useful; back up the keys and you can rebuild the whole wallet from scratch.
Fill in each blank about what a wallet does.
Pick the right option for each blank, then check.
A wallet does not store coins; your coins are recorded on the blockchain. The wallet stores your and uses them to build and transactions. So 'money in your wallet' really means UTXOs your control.
The Seed Phrase: Your Master Backup
Before you read — take a guess
Guess before reading: what is a 12- or 24-word seed phrase?
Raw private keys are unwieldy gibberish no human can copy by hand without errors. So modern wallets are HD (hierarchical deterministic) wallets: instead of juggling many keys, you get a single random seed phrase — a list of, typically, 12 or 24 ordinary words (the BIP39 standard), like ribbon, oxygen, glide, marble…
Those words aren’t a password sitting beside your keys. They are the seed from which every private key in the wallet is deterministically generated (the BIP32 standard). Same words, same order, every time, reproduce the exact same keys and addresses. That’s why you can restore an entire wallet onto a brand-new device just by typing the phrase — it recomputes all your keys on the spot. Back up the seed phrase and you’ve backed up every key you’ll ever use in that wallet.
Which makes the seed phrase the single most powerful and most dangerous object you own:
- Anyone who has it controls all your coins. Full stop — the words are your keys.
- Lose it with no backup and the coins are gone forever. There is no reset, no “forgot password,” no support line, no recovery. Nobody on Earth can get them back.
The seed phrase is the whole ballgame — back it up offline
Write the words on paper or stamp them into metal and store them somewhere safe. Never type them into a website, photograph them, paste them into a chat, or store them in the cloud — that’s how wallets get drained. And there is genuinely no password reset: the seed phrase is the access. Treat those words like the deed, the cash, and the keys to a house fused into one slip of paper.
Fill in each blank about HD wallets and recovery.
Pick the right option for each blank, then check.
A modern wallet is , meaning one of 12–24 words regenerates every private key it holds. Anyone who learns it can , and if you lose it with no backup the coins are .
Not Your Keys, Not Your Coins
Before you read — take a guess
Guess before reading: what does 'not your keys, not your coins' warn about?
Everything above leads to the question that decides how safe you actually are: who holds the private keys? Crypto has a slogan for it — “not your keys, not your coins.”
| Non-custodial (self-custody) | Custodial | |
|---|---|---|
| Who holds the keys | You do (your seed phrase) | An exchange / company does |
| What you get | Full control, no middleman | Convenience, a login, a reset button |
| What you risk | Lose the seed and it’s on you | The custodian can be hacked, freeze you, or go bust |
| What you really hold | Coins (UTXOs you can sign for) | An IOU — a claim against the company |
With non-custodial custody, you hold the seed phrase and the keys it generates. You answer to no one — and no one bails you out. With a custodial setup (most beginner-friendly exchanges), the company holds the keys; you just have an account. It’s convenient and it gives you a reset button, but it quietly reintroduces the exact middleman Bitcoin was built to remove: counterparty risk — the chance the party holding your money is breached, freezes withdrawals, or fails. If the exchange controls the keys, “your” balance is their promise to pay, not coins you control.
An exchange balance is not self-custody
A number on an exchange dashboard is an IOU, not on-chain coins under your control. You’re trusting that the company stays solvent, honest, and unhacked. To actually own your bitcoin, withdraw to a wallet whose seed phrase only you hold — then “not your keys, not your coins” finally works in your favor.
Spaced recall — link it back: which statements are TRUE? (Select all that apply.)
The Big Picture
Five moving parts, one idea: ownership is control of a secret key. Chunk it into one picture:
Big picture
Keys, addresses & wallets
- Keys, addresses & wallets
- The chain of derivation
- Private key — secret random number, signs
- Public key — from secp256k1, safe to share
- Address — hashed public key, where people pay
- One-way: easy forward, infeasible to reverse
- Using & receiving
- Signature proves ownership without revealing the key
- Tampering breaks verification
- Address safe to share; legacy 1... vs SegWit bc1... (cheaper)
- Backup & custody
- Wallet holds keys; coins are UTXOs on-chain
- Seed phrase (12–24 words) regenerates every key
- No reset; lost with no backup = gone forever
- Not your keys, not your coins (custodial = IOU)
- The chain of derivation
A mixed recap — it pulls from everything above:
What is the correct chain of derivation in Bitcoin?
Check your answer to continue.
Key Takeaways
What to remember
- A private key is a huge secret random number, and it is ownership. From it you derive a public key (via secp256k1) and then an address — a chain of one-way steps: easy forward, infeasible to reverse.
- A signature proves authorization without revealing the secret. The private key signs; anyone verifies with the public key; tampering with the transaction breaks verification — which is how the network rejects forgeries.
- Your address is the safe-to-share ‘receive here’ pointer. People send coins to it; only the private key spends from it. Legacy
1...and SegWitbc1...formats both work;bc1...is the cheaper, modern default. - A wallet holds keys, not coins. Your bitcoin is UTXOs on the blockchain; the wallet stores keys and builds/signs transactions. “Money in your wallet” = UTXOs your keys control.
- A seed phrase (12–24 words) regenerates your whole HD wallet. Back it up offline; there is no password reset. Anyone with it controls all your coins; lose it with no backup and they’re gone forever.
- Custody is who holds the keys. Not your keys, not your coins: non-custodial = full control + full responsibility; custodial = convenience + counterparty risk, where “your” balance is really an IOU.
You now know who can move a bitcoin and how they prove it. But a signed transaction is only the starting gun — it still has to travel the network, outbid others for limited block space, and earn its place on-chain. Next up: sending a transaction and the fee that buys it a seat.