Nov 4, 2019 · 5 min read

How Your Private Key Is Both Unbreakable And Hackable. And What To Do About It.

Note: Intended for reader level: beginner — intermediate.

## 1. The Core Of A Blockchain Wallet

In a previous blog post, we wrote that:

“Every crypto wallet consists of two things: a private key and a public key. You can consider the public key as your “address” or “account” on the blockchain. When you request a payment to someone, they will send the funds to your public key. The private key on the other hand, is the secret cryptographic password that grants the party who knows the value of the key, complete ownership of any funds on the associated public key. So if you have crypto on one or more public keys, it is imperative that you protect the associated private keys as much as possible.”

But so why is that private key so important? And can we quantify it?

## 2. The Private Key Paradox

Let’s have a look at the numbers.

## 3. Quantifying The Difficulty Of Guessing Your Private Key

The first thing you see on this graph is that winning the Lottery suddenly doesn’t seem such a big feat. Obviously you know better. And it gives a great perspective on how difficult it actually is to guess my private key and get access to all 0.01BTC on my account. Whereas winning the Euro Millions is an odd of about 1: 1.39 x 10⁸(or 1 in a hundred and thirty nine million), it’s nothing compared to guessing one of the richest men one Earth’s bank account number, PIN code, and two factor authentication code, which stands at 1: 1.18 x 10^21, or over a trillion times more implausible than winning the Lottery. Next, I dare you to guess just ANY private key out there that has a balance greater than zero. The latter is of a difficulty of 1: 1.96 x 10⁶⁹, which is billions of billions of times harder to achieve. That finally brings us to you guessing the private key of my Bitcoin address, which is of an order of magnitude of 256 bits, basically equal to you trying to guess which atom I am thinking about right now, of all the atoms in the universe.

## 4. Implications

So…THAT’s why if you don’t know my private key, you cannot brute force it. The computational requirements simply don’t exist today. Now imagine that you generate your private key offline, and never need to expose it when signing transactions (or any other kind of wallet management for that matter). How can a remote attacker then possibly break into your account?

Now, here is where it becomes tricky. OK, your private key needs to be generated offline. But this generation process itself has to adhere to some crucial conditions. It has to be able to generate the whole range of 2^256 possible keys. For example, if it were to generate only one of two values all the time, you still would have a private key but it would be easy to guess it. So the generation process itself must ensure that it can generate a key that is statistically unique and unbreakable (the process needs to be able to generate a gigantic range of keys), it needs to be unpredictable (i.e. random, so that nobody could ever just implement the same process and calculate your key from it anyway), and of course it needs to be offline.

## 5. The Solution

And that’s exactly where NGRAVE comes in. We have developed a product suite that not only generates strong private keys 100% offline, but also keeps them unexposed at all times.

Find out more about NGRAVE’s most advanced key generation process available in the market, in this post!

#StayCold

Ruben (CEO of NGRAVE)

PS: Don’t forget to clap and follow!

Written by

Written by