# Wallets

icons by TheNounProject

Photo by Vadim Sherbakov on Unsplash

Laurent Hardy

Photo from VitalCheck

# Banking today

• Have enough money to start
• Trust the bank and government to handle your private information
• Pay for maintenance
• Wait for everything

ID

money

trust the bank

account + access

# Let's do banking

Photo by Jingyi Wang on Unsplash

# Bitcoin today

• Go online
• Generate a pair of keys

# Let's do bitcoin

a private key – Available in different formats, must be kept private

an address – Used to receive payments, can be shown to anybody

example 1: 1J7mdg5rbQyUHENYdx39WVWK7fsLpEoXZy
example 2: qR code

private keysecret keysk

private key

# How is a pair of keys enough?

​(sk,pk) := generateKeys(keysize)

Prove you own a public key without revealing the private key

sig := sign(message,sk)

Let everyone verify you own a public key without revealing the private key

isValid := verify(message,sig,pk)

private key ≈ secret key ≈ sk

public key ≈ pk

sig ≈ digital signature

# Private Key

An private key is a 256-bit randomly generated number between

The total number of 256-bit numbers is equal to $$2^{256}$$

"epiclabs"

Binary:
1101111101011011011000101011111001111100111011011110100110010101001001010101000001010111110011111001010101011001100001101001100001010000101010111101011001110101010010010101010101110000100110001110010010000110111000111110100010111100100111010111000000011111


Decimal:

101027229823651685479805873605520737270124184003399402029102140131823486595103

df5b62be7cede995255057cf9559869850abd67549557098e486e3e8bc9d701f

0 and 115792089237316195423570985008687907853269984665640564039457584007913129639935

# Public Key

An public key is derived from the private key and is obtained through ECDSA (Elliptic Curve Digital Signature Algorithm).

• Start at G
• Draw a tangent
• Find the intersection (-2G)
• Take the inverse (2G)

This is one round of elliptic curve multiplication (i.e an elliptic curve multiplication of 2).

To find a public key, "multiply" G by the private key, i.e bounce around the ecliptic curve private key numbers of times.

y^2=x^3+7
$y^2=x^3+7$

# Public Key

Public Key = G * Private Key
Public Key = G * df5b62be7cede995255057cf9559869850abd67549557098e486e3e8bc9d701f


Through ECDSA we get 2 new coordinates:

x = 81591541406288143274758265124625798440200740391102527151086648448953253267255
y = 64573953342291915951744135406509773051817879333910826118626860448948679381492


Public Key (x) = b4632d08485ff1df2db55b9dafd23347d1c47a457072a1e87be26896549a8737

Public Key (y) = 8ec38ff91d43e8c2092ebda601780485263da089465619e0358a5c1be7ac91f4

Keep only the (x) coordinate and discriminate the sign of the (y) coordinate

Public Key = 02b4632d08485ff1df2db55b9dafd23347d1c47a457072a1e87be26896549a8737

source: LearMeABitcoin

An address is derived from the public key through the use of one-way cryptographic hashing (SHA256 and RIPEMD160).

Addresses are almost always presented to users in an encoding to help human readability, avoid ambiguity, and protect against errors (Base58Check).

Example: 1J7mdg5rbQyUHENYdx39WVWK7fsLpEoXZy

# Wallet

A wallet is a software application that contain your private key, can generate pair of keys and make things convenient for the user.

Wallets contain keys, not coins! Wallets are keychains.

• Nondeterministic (Random) Wallets
• Deterministic (Seeded) Wallets
• Mnemonic Code Words
• Hierarchical Deterministic Wallets

# How is a pair of keys enough?

​(sk,pk) := generateKeys(keysize)

Prove you own a public key without revealing the private key

sig := sign(message,sk)

Let everyone verify you own a public key without revealing the private key

isValid := verify(message,sig,pk)

private key ≈ secret key ≈ sk

public key ≈ pk

sig ≈ digital signature

# Digital Signature

Used to claim ownership of your bitcoin (UTXO).

A digital signature (Sig) is public information, accesible to everyone.

It is unique to the message, i.e the signature changes with the message being signed.

Ran = G * Random Number
Sig = [Ran * Private Key] + Message / Random Number

Sig = [Ran * Private Key] + H[transaction] / Random Number

You can proof you own a public key by giving Ran and Sig to someone.

source: LearMeABitcoin

# How is a pair of keys enough?

​(sk,pk) := generateKeys(keysize)

Prove you own a public key without revealing the private key

sig := sign(message,sk)

Let everyone verify you own a public key without revealing the private key

isValid := verify(message,sig,pk)

private key ≈ secret key ≈ sk

public key ≈ pk

sig ≈ digital signature

# Verify a Signature

The goal is to verify that the public key and the digital signature were made using the same private key by giving them Sig, Ran, Private Key and Message.

Point 1 = G * [Sig * Message]

Point 2 = Public Key * [Sig * Ran]

Point 3 = Point 1 + Point 2

If Point 3 is equal to Ran then the signature has been proven to be valid
Ran = G * Random Number


Photo by Karen Maes on Unsplash

# Hands on

Photo by Markus Spiske on Unsplash

# Storing crypto assets

 availability security​ convenience

be able spend your coin whenever you want

make sure nobody else can spend your coin

managing your keys in a relatively easy way

## hot storage

hot side

cold side

### hierarchical deterministic wallets

generate keys function

private key generation info

generate key

$$i$$ th address

$$i$$ th
key

$$i$$

$$i$$

### hardware wallets

Ledger Nano S [LedgerWallet]

Trezor [SatoshiLabs]

Photo by Karen Maes on Unsplash