Crypto Wallets and Addresses #1

Introduction

This article tells you what you need to know about “addresses” and “wallets”, two essential concepts in the crypto world. They are rarely explained, and as a result, important aspects are often misunderstood.

This is part 1 of the article and simply lists Key Points to know, with minimal explanation. It starts with examples of questions that people frequently have. If you are partially familiar with crypto, see if you can answer all the questions. If not, the article may be worth reading to get clarification.

Part 2, giving more background for newcomers to the crypto world, will explain why addresses and wallets work the way that they do.

In this post we go through:

  • Typical questions that people have about “addresses” and “wallets”

and then the key points:

  1. Introduction (to ledgers and addresses)
  2. Addresses and Transactions
  3. Private Keys (Passwords) / Wallets (how the passwords for addresses work)
  4. Address Formats
  5. Actions / Smart Contracts
  6. Wallets & Generating Private Keys (what is a wallet?)
  7. Wallet Passwords & Backups
  8. Paper Wallets / Seed Lists (how keys and addresses can be written down as words)
  9. Using a Wallet

Typical Questions About Addresses and Wallets

This article aims to answer questions like these:

  1. What is an “address” and why do I need it?
  2. What’s the difference between an “address” and a “wallet”?
  3. What “holds” the crypto … is it in an “address” or in a “wallet”?
  4. Why do I have many “addresses” and when are they linked?
  5. Why do the addresses look different for different cryptos, like BTC or ETH, and does every wallet support all types of crypto?
  6. Why can’t I change my password (my “private key”)?
  7. Can I have multiple wallets? If so, can they all hold the same contents?
  8. How can a wallet be on paper, or backed up for fire proofing as “letters stamped on a sheet of metal” and kept in a safe”?
  9. What is a “cold wallet”?
  10. How did I receive more crypto even though I’m using a “cold wallet” and was “offline”?

Photo by David Shares on Unsplash

Key Points

The points below provide general advice relevant for popular crypto currencies. However, the specifics differ, so after reading this it’s worth checking the details for any crypto(s) and wallet(s) that you are using.

1. Introduction

  • The information about “who owns what” is kept in a ledger (a list of records) called a blockchain.
  • Each type of crypto has its own ledger.
  • An “address” refers to an entry on this ledger. There may also be historical entries on the ledger for that address.
  • In order to receive funds, you need an address of your own.
  • An “address” is a way of controlling (owning) an amount of crypto. Each address controls an amount of crypto.
  • With the right software tools, anyone can look in the ledger, find the address, and see how much crypto the address controls.
  • New “coins” (amounts of crypto currency) are created on the ledger, often by a process called “mining”. The coins start off in an address controlled by the miner who created them, until the owner transfers them to other “addresses”.
  • Behind the scenes, an address is acting like a lock (and there is a matching key). It locks down coins (or fractions of coins) for the specified amount of crypto. The owner of the address (someone with the key for that lock) can release it and transfer funds to other addresses.

2. Addresses & Transactions

  • With some cryptos, you can use an address similarly to the way you use a bank account number. You might choose to use one address for a certain purpose. For example, I might have “one for my savings” and have all transactions related to “savings” done to and from that address.
  • With other cryptos, like Bitcoin, you are strongly encouraged to use a new address for every transaction. However, for practical reasons, some people don’t follow this advice.
  • In the case of cryptos like Bitcoin, you can consider an address as being analogous to a “one-time use gift voucher”. The voucher can hold any amount, including fractions of coins. The whole voucher must be spent in full whenever it is used (and is then no longer needed, apart from historical record keeping purposes). If you don’t need to use the full amount of the voucher, you are given back the “change” in the form of a new gift voucher for the smaller amount.
  • Hardcore Bitcoin enthusiasts would encourage you to receive this “change” at a new “address”, rather than having the change received at the same one that was used initially. Going back to the gift card example above, it’s a bit confusing if you give your “change” the same gift card id number as the original card. In this example they are related to each other (the 2nd card was created using funds from the 1st), but they are not the same “card”.
  • A single transaction may transfer funds to multiple addresses. This feature is used to pay fees to a “miner” — someone who provides you the service of recording your transaction on the ledger. In daily life we can also pay multiple parties with a single transaction, such as when leaving tips. Suppose a single large note is used to pay the restaurant bill. Some of it goes to the waiter (this is like the “miner” fee), some to the restaurant, and the remainder is transferred back to us as change (perhaps in the form of a new, smaller, note).
  • One transaction may also be used to consolidate funds from multiple sources. Think of a restaurant that brings one bill for the whole table, and everyone in the group then pays in their share, but it’s considered by the restaurant as one transaction.

3. Private Keys (Passwords) / Wallets

  • An “address” is controlled by its corresponding password (called a “private key”).
  • Without this private key the funds can’t be moved / accessed. If the key is lost, the funds are typically unusable (like losing the combination code for a highly secure safe that hold some notes — those notes are effectively gone).
  • You will probably have multiple “addresses”, especially if you use a crypto like Bitcoin.
  • To make it easy to work with your crypto, you use software called a “wallet”. It handles multiple “private keys” and their corresponding addresses. It usually lets you simply work with your funds without worrying about the address details. For example, you tell the wallet to “transfer this much crypto” to a recipient address, without having to worry behind the scenes which of your addresses and passwords the wallet is working with to make it happen.

4. Address Formats

  • Addresses are usually long strings of text, where the details (like upper and lower case) are critical. They are not easy for humans to remember or use and even a small mistake completely invalidates them.
  • The formats differ according to the maths and the technology that is being used, so an address is specific to a crypto-currency. At the heart of an address there is usually a very large number, that is represented by the text.
  • They also contain extra characters for technical reasons, such as “check digits” to make it easier for software that works with the crypto to spot typing errors, and “version numbers”, since the same crypto may support multiple types of address, as the technology changes, so this indicates which version is in use.
  • To support the different types of addresses, and the different functions that each type of crypto offers to holders, wallets have to be tailored for each type of crypto. Some wallets support many cryptos.

5. Actions / Smart Contracts

  • In addition to locking down an amount of crypto, an address allows the owner to carry out actions that the crypto currency supports. One of these will be to “transfer funds to other addresses”.
  • More sophisticated commands may be supported (a bit like the functions that are built in to Excel), and programs can be written by putting these functions together (similarly to macros in Excel). These programs are sometimes referred to as “Smart Contracts”.
  • With some cryptos, an address might be owned/controlled by computer code (analogous to a cell in Excel that gets updated by a macro, rather than the update being done directly by a user typing in a value).
  • The computer code / smart contract can be found at a certain address. It was created by someone who had the Private Key for that address. They control / own it.
  • Some Smart Contracts can be updated later by the “owner”, while others can’t be changed once they have been set-up.

6. Wallets & Generating Private Keys

  • Wallets come in many forms. Sometimes the wallet software is implemented as a mobile phone app, or as an add-in installed in a browser.
  • Sometimes the wallet runs on hardware embedded in a USB stick that you can plug into a computer. These look similar to a USB drive, but instead of being a removable storage disk they contains the private key(s) and related addresses, along with software for working with them while keeping the information secret.
  • Wallets usually have additional protection, such as additional pin codes or passwords that relate to the wallet itself.
  • The maths used for cryptos is “Public Key Cryptography”. To create a new address, you start with a “private key” (a secret password), feed it as input into the relevant crypto maths functions, add in any technical extras (like check digits), and it creates an Address. The private key (i.e. the secret password) and the address (which can be shared publicly) are linked … one generated the other.
  • There are similarities between an “Address” and something called a “Public Key” (both of them get produced by a mathematical algorithm from a Private Key and have interesting cryptographic properties) so an address is sometimes called a “Public Key”, but this isn’t a correct description.
  • The Private Key must be very secure. It must also be valid as an input for the maths that is being used. It is not like other passwords where a human can make them up or change them. You can’t change your Private Key or make-up your own password.
  • The Private Key must be unique. It must be created in such a way that there is no realistic chance that 2 people will create the same one by chance.
  • Wallets know how to create a new “private key” (in a way that is more random than humans can do), and how to create an address from it. However, they can only do this for the types of crypto that are supported by that wallet.
  • A simplified way of thinking about this is that the wallet starts off by creating a randomly generated (and therefore secret) number, and then feeds this as an initial starting number (called a “seed”) into the maths formulae that it uses to generate private keys.
  • The same “seed” can be put through the maths again, to generate further private keys. Each of them seems independent, but they were generated from the same source (same “seed”).
  • Therefore a wallet can generate multiple private keys (with their related addresses) from a single starting “seed”.
  • The wallet knows how to use the seed to generate private keys for each type of crypto that it supports.

7. Wallet Passwords & Backups

  • Modern wallets typically follow a repeatable set of steps every time they are set-up and used to create private keys and addresses.
  • If you set-up a new wallet, but give it an existing seed, rather than have the wallet create its own (random) one, the wallet will start from that seed and create the same private keys and addresses that the original wallet generated.
  • Wallets therefore support this feature when they are set-up for the first time … you can either have them create a new seed, or they will let you enter an existing one.
  • The seed acts as a “source” from which everything else can be re-created.
  • If you set-up another wallet using the same seed, you will have multiple wallets (in this case they are identical to each other). Each are keeping the same private keys and addresses (i.e. they control the same addresses as each other). It’s a bit like having a second copy of a key.
  • Wallets use cryptography of their own, similar to that used by cryptocurrencies, to keep their local data secure.
  • A cryptographic password (for the wallet itself) might be automatically created, and then used by the wallet to safely store its contents.

8. Paper Wallets / Seed Lists

  • Techniques have been developed to convert private keys (or other “seed” numbers, or addresses, that are hard to reliably note down or share) into sets of words that can be written down safely by humans (or spoken over the phone without losing any accuracy). For example, a wallet password consisting of a massive number, might be converted to a phrase of 12 English words like the following:
hill pulp cat galaxy tourist truck movie chair tuna run hat diet
  • The order of these words is critical! It may be called a Recovery or Backup Phrase.
  • The same technique can be used to record a private key as a list of words. From a private key, your addresses can be recreated if you have the right software to do so (such as a wallet).
  • Writing down a seed or a private key in words this way is sometimes called a “Paper Wallet”. Software is available to help you to do this and to create new private keys.
  • There are different ways available to safely do this conversion. For example, some conversion approaches use word lists that are not in English. Others have different length (e.g. 24 words instead of 12). The important characteristic is that the list of words gets reliably converted into the private key, and vice versa. The words used in these lists are chosen to reduce likely confusion.
  • Many popular wallets use the same conversion mechanisms and in this case the seed phrase from one wallet can be used in another if it has the same length of seed (e.g. two wallets that both use a 24 word English seed phrase are likely to be compatible).
  • “Paper wallet” software usually helps you to create private keys, and their corresponding addresses (if you don’t have a full wallet to do this for you or you don’t want to use one), sometimes generated from a random number that was created with your help. For example, you might be prompted to move the mouse around wildly for a number of seconds and every precise movement is taken as input into creating a unique number. The software then gives you the private key and address to write-down and use, and it may give you a seed or you can enter a list of words created by the same method, and it gives you the private key that the words represent.
  • Most wallets have the functionality to show the seed or any private keys as a “word list”. This list can be easily and safely backed-up somewhere else (electronically, or written on paper in a safe, and so forth).
  • For added security, people sometimes write their seed word list onto fireproof metal (to increase the chances that it survives a fire) and put this in a safe.
  • This seed list of words needs to be kept secret, or your wallet is completely compromised!

9. Using a Wallet

  • In order to use your “Addresses” (for example to transfer crypto to somewhere else), you need to connect your wallet to the network that the crypto currency is using. This is typically done by connecting over the internet to one of the servers that runs that crypto currency.
  • Your wallet then uses the Private Key (behind the scenes, in a secret way, without giving it away) to prove to the server that it owns the Address(es), and can unlock them and tell the server to carry out any actions that you want to do.
  • When the server makes the updates or runs the actions that you want done with your Addresses, its own copy of the ledger gets updated. The changes are then automatically shared with other servers running that crypto, and they also need to update their local copies, until all of them are synchronised.
  • When several servers have accepted your action, you can usually consider it complete. It is possible that the first server(s) accepts the update, but then others reject it, and then they sort out technically with each other whether the change goes through for everyone or not, so it may take a little while for you to be sure that the action went through OK. If necessary, you may need to do the transaction again.
  • When a wallet is connected like this (to the internet and to the crypto servers) it is called a “hot wallet”, because the Private Key (password) can be used by you at that moment to control the address.
  • This is a time of danger! You are unlocking the address(es), so any bad software (malware), or a hacker in control of your machine, or a hijacker physically threatening you can jump in at that moment and try to execute their own action, such as moving funds to an address that they control. You therefore need to be particularly careful while online working with your addresses … you should only do this if your wallet is secure and you have a safe connection to the crypto network.
  • If your Private Key is not being used, and you keep it away from the internet (for example, it is written down in a secure place, or is protected on a hardware wallet that is in your drawer so not connected to a computer) then the situation is “cold”. Your wallet is then a “cold wallet”, and your crypto is safe, because no-one knows the Private Key and the maths behind it makes it much too hard for someone to guess.
  • However, notice that your wallet does not “contain” the crypto currency. It safely holds the password(s), and it therefore controls the addresses that have locked down your coins. It doesn’t hold the coins. They are on the crypto currency network, locked down with your Private Key.
  • With most cryptos, you don’t need to give permission to receive currency (think of someone transferring money into your bank account … in most countries they don’t need to ask your permission before sending you funds).
  • Therefore, even if your wallet is “cold”, someone might send you more currency. Your Private Key isn’t needed for more crypto to arrive at your address.
  • You can have multiple wallets. If they control the same address, then they are equivalent to each other. This is similar to having multiple copies of a key.
  • If someone else knows the private key you should change it. Move your currency to a new address that is controlled by a different private key, and do this before the copy can be used. Imagine having possessions in a security deposit box whose key has been copied — you should move them out into a new one that you own, with a different key, as soon as possible.

Feedback gratefully received, including: questions that you’d like answered; suggestions for changes; and links to good articles on the above topic that would fit with this post.

To be continued!

A subsequent post(s) will give the background explanation for this, aimed at readers who are new to the crypto world. There are also additional questions to be answered regarding addresses, such as:

  1. How to safely share an address (so someone can make a payment to you)
  2. Multiple signature wallets (where control of a wallet or of an address needs more than one person to approve it)
  3. What happens with addresses when a crypto “forks”
  4. Addresses that store other things, like the “Security Tokens” that we are using for raising funds to expand TradeCloud (ERC20 tokens for what is called an STO … see sto.tradecloud.sg )
  5. “Test networks” that also have addresses (there may be more than one network for a crypto currency)
  6. Exchanges or other companies that hold crypto for you, and their hot and cold wallets
  7. Most common hacks that have happened, and how these relate to addresses and wallets
  8. “Custody” where the wallet is handled for you
  9. How does the crypto network support transactions to brand new addresses that weren’t previously in existence
  10. What if you transfer to a address that no-one controls
  11. Specifics of the above for common cryptos

About TradeCloud

I’m the CIO of TradeCloud, a communications platform designed specifically for the physical commodities industry. We provide a secure and compliant environment, open to all market participants. TradeCloud members find the commodities they need at competitive prices.

We are building a network of post trade services such as logistics, finance, and e-documents, connected on the TradeCloud Commodities Web, centred around blockchain technology.

If you would like to learn more about this, please feel to contact us via info@tradecloud.sg .