Say Lumens again! I dare you!

What does it actually mean to “hold” your Lumens in a Stellar wallet? This post is meant to shed some light on what your wallet actually does for you and how it does it, including some ways that wallets secure your Lumens.

Public Keys, Private Keys, and Signatures

But first let’s talk about some fundamental components of a Stellar account: your public key and your secret key. Your public key is the 56 character sequence of letters that starts with “G”. This is something that you share with others and it’s how other people are able to send stuff to your account. Whenever you make a transaction, your public key is broadcast as the “source” for that operation. It’s safe to share that with whomever you want to transact with.

Your secret key is also 56 characters, but it starts with the letter “S”. This is the thing that proves you own your Stellar account, enabling you to make payments and other transactions from your account. Like the name implies, you need to keep secret.

How does this work? Stellar uses Ed25519 cryptography to create a “signature” for the transaction. With a signature and a Stellar transaction, the Stellar code is able to answer the following question: “did a given public key (G) that corresponds to private key (S) create this signature?”

When a transaction is submitted to the Stellar network for validation, the signature is sent with it. No two private keys will create the same signature for a given transaction, so the Stellar validating nodes just have to look at each transaction and check whether the source account matches the signature that is sent with a transaction[1].

It’s just that simple!

Stellar Systems

Now that you know enough about public and private keys to be dangerous, it’s time for a brief crash course on how wallets interact with the Stellar network. There are two primary systems at play here: Stellar Core and Horizon.

Stellar Core is the backbone of the Stellar network. It’s responsible for maintaining the current state of the world — how many Lumens each account has, which transactions have been processed, etc. It also is responsible for validating incoming transactions and broadcasting them to other stellar-core nodes so as to come to a consensus on what transactions should be processed next. When a transaction is submitted to a stellar-core node, it does the signature checking that we talked about earlier and will reject transactions that are not properly signed.

So does each wallet run a stellar-core node and broadcast the transactions you created to the rest of the network? Nope! There’s actually another system they interact with called Horizon. Horizon is an API layer in front of Stellar Core that makes it easier for wallets to make queries and submit transactions to the Stellar network.

The SDF runs the most popular Horizon instance, so many wallets send requests directly to theirs, but several other wallet operators also run copies of Horizon and Stellar Core — but there is no requirement to do so. So your actual Stellar wallet is just a piece of software running on your machine that is responsible for creating transactions, using your secret key to create a signature… sending them over the internet to some Horizon service… that will in turn forward it to Stellar Core… which will then broadcast it to the rest of the Stellar Cores running on there… who will then come to a consensus about what transactions will actually be processed.