How does a crypto wallet generate private and public keys?

Key Generation Process

1. A crypto wallet initiates key generation by producing a cryptographically secure random number within a specific finite field—typically a 256-bit integer for Bitcoin and Ethereum.

2. This integer becomes the private key, represented as a 64-character hexadecimal string or a 12- or 24-word mnemonic phrase encoded via BIP-39 standards.

3. The private key is then fed into an elliptic curve multiplication function—specifically secp256k1 for Bitcoin and Ethereum—to derive the corresponding public key.

4. The public key undergoes SHA-256 hashing followed by RIPEMD-160 hashing to produce a 160-bit output, which forms the basis of the wallet address.

5. A version byte and checksum are appended before Base58Check encoding transforms the result into the final human-readable address format.

Elliptic Curve Cryptography Foundation

1. The secp256k1 curve defines the mathematical structure used across major blockchains: y² = x³ + 7 over a prime field modulo p = 2²⁵⁶ − 2³² − 977.

2. Private keys are scalar multipliers applied to a fixed generator point G on this curve.

3. Public keys emerge as the resulting point (x, y) coordinates after scalar multiplication—this operation is computationally efficient but irreversible without brute-force methods.

4. The discrete logarithm problem ensures that deriving the private key from the public key remains infeasible with current computational capabilities.

5. Every valid private key maps to exactly one public key, yet multiple private keys cannot yield identical public keys under standard derivation paths.

Wallet Address Derivation

1. After obtaining the uncompressed public key (65 bytes), wallets apply SHA-256 to compress it into a 32-byte digest.

2. That digest passes through RIPEMD-160 to generate a 20-byte hash—the core identifier used in on-chain transactions.

3. A network-specific prefix (e.g., 0x00 for Bitcoin mainnet, 0x01 for testnet) prepends the RIPEMD-160 output.

4. A double-SHA256 checksum computes the first four bytes, appended to the prefixed hash.

5. The full binary payload undergoes Base58Check encoding to produce legacy P2PKH addresses like 1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa.

Mnemonic Phrase Integration

1. BIP-39 introduces deterministic key derivation using a 12- or 24-word seed phrase generated from 128–256 bits of entropy.

2. Words are selected from a fixed 2048-word dictionary; each word encodes 11 bits, enabling precise reconstruction of original entropy.

3. A checksum extends the entropy before word mapping—ensuring typo resistance during manual entry.

4. PBKDF2-HMAC-SHA512 with 2048 iterations derives a 512-bit seed from the mnemonic and optional passphrase.

5. That seed serves as input to BIP-32 hierarchical deterministic (HD) wallet algorithms, allowing derivation of countless keypairs from a single root.

Security Implications of Key Generation

1. Weak entropy sources—such as predictable system clocks or low-entropy OS RNGs—can produce statistically biased private keys vulnerable to reconstruction.

2. Reusing the same private key across multiple chains or contexts increases exposure surface area without cryptographic benefit.

3. Hardware wallets isolate key generation inside secure elements, preventing leakage during creation or signing operations.

4. Software wallets relying solely on browser-based Web Crypto APIs may expose entropy generation to timing side-channel attacks if improperly implemented.

5. The absence of true randomness invalidates the entire cryptographic guarantee, rendering even mathematically sound curves ineffective against targeted recovery.

Frequently Asked Questions

Q: Can two different wallets generate the same private key?Statistically possible but practically impossible—there are 2²⁵⁶ unique values, making collision probability less than 1 in 10⁷⁷.

Q: Why do some wallets show both compressed and uncompressed public keys?Compressed keys halve storage requirements by encoding only the x-coordinate plus parity bit; both forms yield identical addresses when hashed.

Q: Is it safe to generate keys offline using open-source tools?Yes—if the environment is air-gapped, entropy sources are verified, and no network stack is active during generation.

Q: Does changing the passphrase in a BIP-39 wallet alter the derived private keys?Yes—passphrase acts as salt in PBKDF2, producing entirely distinct seeds and thus divergent key hierarchies.