1. What are cryptographic keys, and why should they be kept safe?

A cryptographic key is a string of data that is used to encrypt data (to the data secret), decrypt data (to perform the reverse operation), sign data (to ensure the data is authentic), or to verify a signature.

Encryption keys come in two forms: symmetric or asymmetric. In a symmetric algorithm, the key to encrypt and decrypt is the same, while in an asymmetric algorithm, the keys are different, with the encryption key being called the public key and the decryption key being called the private key.

For authenticating data, we often think of signing and verifying as an asymmetric algorithm.

If Alice wants to send a secret message to Bob using symmetric cryptography, she will generate a cipher — or key — to encrypt that data. Bob receives the encrypted message and can decrypt it once he has the key.

The problem is, how does Bob get the symmetric key to decrypt the message? Clearly this cannot just be sent out in the open, thus Bob needs a different technique to obtain the secret key. This is known as the key distribution problem.

In the mid 1970s, this problem was solved by the invention of the asymmetric form of cryptography mentioned above, which is often called public key cryptography. Using public key cryptography, Alice sends her message to Bob and encrypts it using his public key. Anyone can intercept the message, but only Bob can decrypt it using his private key.

In cryptocurrency, public keys are assigned to wallets, and a public key is valid if there is some cryptocurrency in the wallet.

For Alice to send Bitcoin (BTC) to Bob, she simply signs a transaction with the private key associated to the wallet from which she is spending it. The transaction says that the associated Bitcoin should be attributed to the wallet with Bob’s public key. The miners validating the transaction need to check that Alice’s wallet has enough Bitcoin in it, and that the signature is correct. They do not need to know who Alice or Bob actually is.

It is very important to keep private keys private.

If a malicious third party gains access to Alice’s private keys, they have full control over all of the currency in her wallet. Hackers expend much time and energy devising elaborate phishing scams designed to dupe users into revealing their private keys.