What does it actually mean to “hold” your Lumens in a Stellar wallet? This post is meant to shed some light on what your wallet actually does for you and how it does it, including some ways that wallets secure your Lumens.
Public Keys, Private Keys, and Signatures
But first let’s talk about some fundamental components of a Stellar account: your public key and your secret key. Your public key is the 56 character sequence of letters that starts with “G”. This is something that you share with others and it’s how other people are able to send stuff to your account. Whenever you make a transaction, your public key is broadcast as the “source” for that operation. It’s safe to share that with whomever you want to transact with.
Your secret key is also 56 characters, but it starts with the letter “S”. This is the thing that proves you own your Stellar account, enabling you to make payments and other transactions from your account. Like the name implies, you need to keep secret.
How does this work? Stellar uses Ed25519 cryptography to create a “signature” for the transaction. With a signature and a Stellar transaction, the Stellar code is able to answer the following question: “did a given public key (G) that corresponds to private key (S) create this signature?”
When a transaction is submitted to the Stellar network for validation, the signature is sent with it. No two private keys will create the same signature for a given transaction, so the Stellar validating nodes just have to look at each transaction and check whether the source account matches the signature that is sent with a transaction.
Now that you know enough about public and private keys to be dangerous, it’s time for a brief crash course on how wallets interact with the Stellar network. There are two primary systems at play here: Stellar Core and Horizon.
Stellar Core is the backbone of the Stellar network. It’s responsible for maintaining the current state of the world — how many Lumens each account has, which transactions have been processed, etc. It also is responsible for validating incoming transactions and broadcasting them to other stellar-core nodes so as to come to a consensus on what transactions should be processed next. When a transaction is submitted to a stellar-core node, it does the signature checking that we talked about earlier and will reject transactions that are not properly signed.
So does each wallet run a stellar-core node and broadcast the transactions you created to the rest of the network? Nope! There’s actually another system they interact with called Horizon. Horizon is an API layer in front of Stellar Core that makes it easier for wallets to make queries and submit transactions to the Stellar network.
The SDF runs the most popular Horizon instance, so many wallets send requests directly to theirs, but several other wallet operators also run copies of Horizon and Stellar Core — but there is no requirement to do so. So your actual Stellar wallet is just a piece of software running on your machine that is responsible for creating transactions, using your secret key to create a signature… sending them over the internet to some Horizon service… that will in turn forward it to Stellar Core… which will then broadcast it to the rest of the Stellar Cores running on there… who will then come to a consensus about what transactions will actually be processed.
Phew! That was quite a detour. Let’s get back to talking about how some various wallets work.
We’ll start with Ledger hardware devices, since this is the place where I often see a lot of confusion. Ledger devices work by generating a secret key for you and keeping it secret from everyone… including you. Instead of your device sending your secret key out to create a signature for a transaction, the software you interact with must send the transaction to the Ledger, which then signs the transaction and sends the signature back to the software.
Here’s the important part: none of your account data EXCEPT your secret key is actually stored inside the Ledger. You still have to use some piece of software that actually generates the transaction, makes queries, and sends your signed transactions up to Horizon. Many wallets support sending transactions to your Ledger.
So next time you find yourself saying “I store my XLM on my Ledger Nano”, what you’re really saying is “I keep my secret key safe using my Ledger Nano”. If you happen to lose your Ledger device, your lumens are still there on the Stellar network, waiting for that long lost secret key to appear.
That’s pretty much how all of the hardware wallets work, but how do the software wallets work? They actually work very similarly. Most of the well designed wallets will ask you for a password, and will use symmetric cryptography to encrypt your secret key and store it somewhere on your computer/phone.
When you want to log into your wallet, you enter that password again and it takes the data it stored earlier and decrypts it, getting back the original secret key that it can use to sign and submit transactions. How exactly this is implemented differs from wallet to wallet but the key takeaway is the same: a wallet is just a fancy way of storing your secret key and interacting with Horizon.
If there’s one thing I want you to remember from this article it’s this: your XLM, MOBI, SLT, whatever… are not stored IN the wallet, they’re stored in the Stellar network. Your wallet just interacts with the network. You can take that same secret key that is associated with your account and add it into any other wallet, and you’d be able to access your coins again.
How does this relate back to StellarGuard? StellarGuard works by setting up your account to require not one, but two keys in order to make a transaction valid and accepted by Stellar Core. StellarGuard holds one of the keys and you hold the other. This means that if your computer gets hacked and they are able to steal your secret key, you’re still protected since the other key is still safe!
Sign up for free at https://stellarguard.me to see it in action and add more security to your Stellar account.
 Of course it’s not quite that simple. There’s multisignature, thresholds, and signing weights that complicate things a bit.
 Again, not so simple. The Ledger actually stores a way to derive many Stellar secret keys, and using something called Hierarchical Deterministic Wallets it generates the public/secret key pair that makes up your account. It uses the recovery phrase that Ledger tells you to keep secret in case you need to restore your account on a new Ledger device… so losing this phrase is the same thing as your secret key. Keep it safe!