The foundation of Bitcoin's self-sovereignty is control over your private keys. Without it, in one way or another, you are giving up control of your money to someone else. “Not your keys, not your coins” as the saying goes. A counterintuitive aspect of Bitcoin for people unfamiliar with its technical underpinnings is “where” your Bitcoin actually is. When people think of a wallet, they think of “where I keep my money.” Your Bitcoin wallet doesn't actually “keep” your Bitcoin, it just stores your private keys. Your Bitcoin is just data entries on the blockchain hosted by everyone participating in the network. When you spend your bitcoin, you are actually providing an update to the data stored on the blockchain. A private key allows the protocol to ensure that you, and only you, can authorize an update to the blockchain that spends your Bitcoin.
So what are your private keys? Just really big numbers. Extremely wide. This is a binary private key:
1110001011011001011110111100000101000100000010001001111010111011010101110111001111111111110101011101001011101001110100111001 01001101111010001100001111101011110011010010111100110111010000011011011011110001101000110001111010001001001111011010101011001 1 01101010
256 random 1s and 0s. This random number is what ultimately secures your Bitcoin. It may not seem like much, but it's its randomness that keeps your wallet safe. There are almost as many possible Bitcoin private keys as there are atoms in the visible universe. This is the number of numbers a computer would need to count to generate and catalog all potentially possible private keys. As long as the process used to generate keys is truly random, your keys are safe.
This is what a private key looks like in hexadecimal (binary uses two digits to encode a number, 1 and 0, hexadecimal uses 16 digits, 0-9 and AF):
E2D97BC144089EBB5773FFABA5D3A729BD187D79A5E6E836DC68C7A24F6AB36A
This is what a private key looks like in uncompressed Wallet Import Format (WIF):
5KYC9aMMSDWGJciYRtwY3mNpeTn91BLagdjzJ4k4RQmdhQvE98G
The WIF format is how everyone interacted with their private keys in the early days of Bitcoin. At that time you could generate one private key at a time and then generate the public key from that. The process of generating a public key is essentially just the multiplication of very large numbers, but there's a little more to it than that. All public keys are an x and y point on a graph showing a very, very large curve that loops on itself.
On the graphic curve, in the case of Bitcoin Secp256k1, there is a point called a “generator point”. This generating point can be considered as the “base point” on the Secp256k1 curve. This is an integral part of the process of generating keys and signing with them. Here is what the generating point of the Bitcoin curve corresponds to:
G=02 79BE667E F9DCBBAC 55A06295 CE870B07 029BFCDB 2DCE28D9 59F2815B 16F81798
To generate the public key from your private key, you take the private key you generated and multiply it by the generator point. That's it. This now establishes a point on the graph with a mathematical relationship to the private key that you generated and that only you know.
This is an uncompressed public key showing points x and y:
04C0E410A572C880D1A2106AFE1C6EA2F67830ABCC8BBDF24729F7BF3AFEA06158F0C04D7335D051A92442330A50B8C37CE0EC5AFC4FFEAB41732DA5108261FFED
It's very common to “pack” public keys in the rare cases where you interact with them to simply store the x coordinate with a byte to tell you whether the y coordinate is negative or positive. This shortens it considerably:
04C0E410A572C880D1A2106AFE1C6EA2F67830ABCC8BBDF24729F7BF3AFEA06158F0C04D7335D051A92442330A50B8C37CE0EC5AFC4FFEAB41732DA5108261FFED
When you sign a transaction with your private key, it again comes down to simple multiplication. By generating a random number (the nonce) and using it and your private key to essentially multiply the hash of the transaction you are signing, you produce the signature (which is made up of two values, r and S). This allows someone to run an algorithm to verify that the message was signed by the appropriate private key without revealing that key. What ensures that only you can authorize your Bitcoin to be spent is essentially the multiplication of very, very large numbers.
If you're not very familiar with these concepts before reading this, it probably all seems somewhat intimidating. Binary? Hexadecimal? Points on the graph? How to save a WIF?
Since the development of more intuitive methods of processing this data, most users are unfamiliar with these complicated formats. Most likely, you have more experience with word seeds, also called seed phrases.
BIP 39 Mnemonic seeds
Mnemonic seeds, or seed phrases, were created to solve the problem of the experience of interacting with your private keys.
As we saw earlier, private keys are ultimately just a long series of randomly generated 1s and 0s. Imagine trying to create copies of this and make sure you haven't made any mistakes transcribing it:
1110001011011001011110111100000101000100000010001001111010111011010101110111001111111111110101011101001011101001110100111001 01001101111010001100001111101011110011010010111100110111010000011011011011110001101000110001111010001001001111011010101011001 1 01101010
It would only take one mistake when copying a digit to make a backup of your keys unnecessary. This is where mnemonic seeds come in handy. 256 Consecutive 1s and 0s in a row is not a friendly way to interact with sensitive information. Entering this number incorrectly results in loss of access to your account.
a truck renews the fury of the donkey recalls the details of the reform of the laptop divides the sorrow because the fat
It's much easier to manage, isn't it? Just 12 words. So how does it work, going from a bunch of random 1s and 0s to a string of words that actually mean something to you? A coding scheme, just like binary or hexadecimal!
Each of these 12 words in this mnemonic seed above is a binary number in a coding scheme map specific strings of 1s and 0s to words. If we return to the WIF private key example earlier, it was simply a number encoded in a specific encoding scheme, in this case base 58, which uses all the numbers and letters of the alphabet except 0 and 1, and O and l (case sensitive). The exclusion of these characters was done specifically to make transcription errors by confusing a 1 for an l, or a 0 for an O unlikely. bech32 and bech32m used by Segwit and Taproot take this to the next level by using only this character set (qpzry9x8gf2tvdw0s3jn54khce6mua7l).
Bitcoin Improvement Proposal 39 (BIP 39) introduced a standardized encoding scheme in which each word in a specially designed dictionary is mapped alphabetically to a binary number between 00000000001 and 11111111111. The demo seed above corresponds to this:
truck: 11101001001
renew: 10110110001
fury: 01011110011
donkey: 01000001001
call back: 10110101110
laptop: 01111101000
reform: 10110100010
detail: 00111100010
split: 11010010001
mourning: 01100110100
because: 00010011110
grease: 01010011011
In binary it looks like this:
11101001001 10110110001 01011110011 01000001001 10110101110 01111101000 10110100010 00111100010 11010010001 01100110100 000 10011110 0101001 1011
There are 2048 words, each mapped to a specific string of 11 digits of 1s and 0s, specifically to make it easier for users to interact with their private keys. When you generate a random number for your private key, your wallet slices that number into chunks of 11-digit binary numbers and maps them to the BIP 39 mnemonic dictionary. It's still the same big number, but now you can read it as of English words. Since your brain is much more accustomed to this format than to long strings of 1s and 0s, it radically reduces the chances of you writing something wrong and losing your Bitcoin in the process.
You may have noticed that in the raw binary encoding of the word seed above, there are four digits (1011) isolated, and the last “word” is actually only 8 digits long. This is a checksum to ensure that a seed phrase is valid. When you generate your random number, there aren't enough digits to map it exactly to 12 (or 24) words. The wallet hashes the existing digits you generated and takes the first digits of the hash and adds them to the end of your random number. This gives you enough numbers to match the last word.
This last word allows you to perform a security check on copies of your seed. If you enter your mnemonic seed incorrectly into a wallet, the checksum will not match. Each 12 or 24 word seed has several potentially valid checkwords, but if the last word does not match the checksum of a correct seed, your wallet will warn you that it is invalid. This gives users an intuitive yet mathematical way to ensure their backups are correct, unlike the complicated process of transcribing and saving raw binary numbers.
The selection of specific words from the list even went so far as to ensure that none of the 2048 words had the same first four letters. This was done to reduce the risk of people making transcription errors by confusing similar words and ending up with an incorrect backup of their private keys.
Translate these words into one together of several private/public keys is quite simple. Your mnemonic seed is taken and hashed using SHA512, which generates a hash of 512 individual 1s and 0s. Half of this output is used as the actual private key and the other half is used as input to SHA512 with an index number and the existing private or public key to generate a new key pair. You can do this as many times as you want to generate new private/public keys that can all be retrieved from your single mnemonic phrase.
This ensures that you can manage your private keys as easily, and without issue, as much as possible with the lowest chance of making a mistake that will cause you to lose your money. And all this was done using mathematics! I hope you now have a good understanding of why people say that Bitcoin is “math-secured” money.