This is part 5 in my cryptocurrency educational series.
⭐ Each part builds on the previous ones, so I suggest starting with:
Cryptocurrency 101 series (i.e., core principles and Bitcoin):
- Part 1: Why should I care? What’s in it for me? Why is crypto important (it’s about a lot more than just making money!)?
- Part 2: How crypto actually works, why Bitcoin is valuable (even if it’s just “made up!”), and what you should know about blockchains (the tech behind them and how they could influence the future of our world)
- Part 3: How the blockchain keeps running, where new Bitcoins come from (i.e., how mining works), and concerns about Bitcoin’s environmental impact
- Part 4: How crypto offers autonomy, why it can’t be stopped, and the value of decentralization
- Part 5: How to store and use cryptocurrency, some basic cryptography, how wallets work, identity management, and the future of democracy
- Part 6: Overview of the different types of wallets, which one is best for you, what to be careful of, and why a hardware wallet might be worth the investment
Cryptocurrency 102 series (i.e., intermediate principles, Ethereum, and other coins/tokens):
- Part 7: Ethereum (the #2 most popular cryptocurrency, and the one I’m most excited about), smart contracts, dapps, gas (and the high gas fee problem), Proof of Stake (PoS), and Ethereum 2.0
- Part 8: Coins vs. tokens, and some real Ethereum use cases—oracles and DEX’s
- Part 9: Intro to NFT’s (collectibles, research funding & historical significance, and music)
- Part 10: More categories of NFT’s (art, video games, virtual reality)
- Part 11: Wrapping up NFT’s (what you can actually do with them, upsides, downsides, risks)
- Part 12: DAO’s (organizations managed by algorithms, governance tokens, collective ownership, and the “network state”)
Cryptocurrency 103 series (i.e., advanced principles, investing):
- Part 13 (in progress): DeFi (decentralized finance): yield farming, liquidity staking, and more
- Part 14 (in progress): Investing (principles, leverage, indexes, risk/reward, and my favorite options for making money in crypto)
Part 5 Reading Time: 22 minutes
Updated on July 13, 2021 with a big new section on how cryptographic signing has many use cases beyond just wallets.
Want to listen to this post instead?
Ok, you’re on board with Bitcoin. Now, how do you actually store your coins and use them?
That’s where wallets come in (even if you’re already familiar with crypto, wallets probably aren’t exactly what you think they are).
It’s easy to get confused here, so I’ll explain wallets in progressively deeper steps, starting with a metaphor and then fleshing out from there.
Step 1: Money in your pocket
Think of a cryptocurrency wallet as a digital version of the physical wallet you keep in your pocket.
A wallet is a piece of software you run on your computer or an app that you run on your phone. It’s where you store all your cryptocurrency.
There are many different wallet apps to choose from with different features, but some of the most common ones are MetaMask, MEW, Ledger Nano, and Coinbase (Coinbase is both an on-ramp/exchange as well as a wallet).
You can use your wallet app to see how much of each coin you have, and you can also send coins to other people’s wallets and receive coins from them. Plus, some wallets have additional features like the ability to trade one type of coin for another.
“Wait, so my cryptocurrency is stored on my computer or phone? If I lose my phone, I lose my money?”
Step 2: Money in the cloud
A cryptocurrency wallet is like a traditional wallet in one sense: You use it when you’re spending or receiving money. But beyond that, it’s actually quite a bit different.
Your wallet is less like a box full of cash and more like the address of your bank.
Here’s the key part that might be a bit difficult to wrap your head around: Your cryptocurrency isn’t actually stored in your wallet.
Where is cryptocurrency really stored?
In the blockchain.
Remember that the blockchain is a massive ledger (basically, a list or record) containing every single cryptocurrency transaction that’s ever happened between anyone in the world.
That’s right: No one actually has cryptocurrency on their computer. All cryptocurrency lives as transaction records on the public ledger of the blockchain.
For example, imagine that the very beginning of the Bitcoin blockchain ledger looked like this:
- Everyone starts with 0 BTC (Bitcoin)
- Jamal converts $500 USD (US dollars) to 5 BTC
- Jamal pays Alice 2 BTC
Now, say Jamal and Alice both open up their wallet apps on their phones:
- When Jamal’s wallet checks the blockchain ledger, it knows that he has 3 BTC (since he started with 5 and gave 2 to Alice).
- When Alice’s wallet checks the blockchain ledger, it knows that she has 2 BTC (since she started with 0 and received 2 from Jamal).
Since we can look all the way back to the very beginning of each blockchain, we can calculate exactly how much money everyone should have right now based on all the transactions that have happened along the way.
In other words, it’s less like Bitcoin is cash in your pocket and more like everyone has a copy of a massive spreadsheet that calculates how much money everyone has at any given time. Rather than asking how much money someone has, you can simply look it up on the spreadsheet.
You can’t just search for someone’s name, but you can look up how much money a certain wallet has. And, there are various techniques you can typically use to figure out who owns certain wallets. For example, say someone announces on Twitter that they just bought a famous piece of art for 17 BTC from a well-known business in the crypto space. That business probably lists their wallet’s address on their website or elsewhere so that people can send them money. So, you could open up the Bitcoin blockchain, search for the business’ wallet, then look for a recent transaction of 17 BTC and see which wallet it was sent from. From there, you could find other transactions made from that wallet to other businesses or people.
Don’t worry if all this sounds complicated—most wallet apps are simple to use, and you can see how much cryptocurrency you have just as easily as you check your account balance in your regular bank app.
“Wait, if everything is on the public blockchain, what’s to stop anyone from claiming other people’s money?”
Step 3: Money through cryptography
The real truth is that—in its simplest form—a wallet is just a couple of addresses made up of a long string of numbers and letters. You could theoretically just memorize them, but wallet software makes all this a whole lot easier.
Here, I need to explain just a little of how cryptography works.
Remember that cryptography is the practice of using codes to securely communicate without third parties listening in—this goes way back to before World War 2 and even to ancient Greece.
Why cryptography? Well, the basic challenge we need to solve here is this:
The blockchain has a record of all transactions (Jamal received 5 Bitcoin, Jamal sent 2 Bitcoin to Alice, etc.).
But how can Jamal prove that he’s the same Jamal from that transaction? And how can Alice prove that she’s the right Alice? What if someone else named Alice comes along and claims that the money from Jamal was meant to be sent to her?
We need two things:
- Jamal needs a way of “signing” the transaction to say that, yes, he is intentionally sending money to Alice.
- Alice needs a way of giving Jamal a specific address to send the money to so the blockchain network can ensure it goes to the right person.
A wallet app uses cryptography to solve both those problems.
It’s fascinating stuff that quickly gets super complex, but here’s the basic way it works:
- When you create a new crypto wallet, it generates a “private key” for you. Think of this as the password to your bank account. If you share it with anyone (which you shouldn’t), they can open your crypto wallet and send all your money to their wallet.
- The private key is a long series of letters and numbers. But, to make things easier, it’s often represented by a seed phrase.
- A seed phrase is a series of 24 regular dictionary words (e.g., “corn action ribbon…”). But when you plug those words into the cryptographic algorithm, it turns them into your private key (a long string of letters and numbers). You can think of the seed phrase as the private key converted into a form that’s easier for a human to keep track of.
- Your wallet also generates a “public key.” Think of this as your home address that you can give other people to send you money.
- Here’s the amazing part: Through some fancy cryptographic tricks, you can use a combination of your private key and the recipient’s public key to send them money in an extremely secure way (this is probably still confusing, so I’ll explain it again later in a different way). But here’s what happens:
- Your private key is what you use to sign the transaction to confirm that the real you is intentionally taking this action (don’t worry: your wallet handles that for you—you never have to actually sign anything; think of it more like a digital stamp being put on anything you ask your wallet to do for you).
- But, your private key isn’t simply stamped on the transaction for anyone to see—then they could just copy it. Instead, your private key is run through a special algorithm to generate a hash. Think of this as a one-way conversion: Your hash is a string of letters and numbers that can only be created by someone who has your private key; but, you can’t run it the other way. You can’t use someone’s hash to figure out their private key.
- So, someone else’s wallet can now confirm that the hash was indeed generated by your legitimate private key, but it can never actually see your private key. Amazing, huh? (And yeah, I know this sounds unbelievable, but this stuff is invented by people with Ph.D.’s in mathematics and computer science.)
If you’re curious, here’s basically what an entry in the blockchain ledger actually looks like:
“bc1qeyce9za36r6ectyuj04stug6gy2gdu70229udt sent 2.0 BTC to 34oyn5hBrNtedyvR4s9crWwt6vQnehhCEA on 2021-05-04 at 19:01″
That first string of numbers and letters would be a hashed version of Jamal’s public key (signed with his private key, which is hidden), and the second string would be a hashed version of Alice’s public key.
In fact, you can literally see all the Bitcoin transactions ever right here.
Now, let’s think even bigger: Being able to cryptographically sign things is useful for a lot more than just financial transactions.
This tech could change society.
Remember that when you cryptographically sign something, you’re using your private (secret) key to create a hash that proves it’s you. The hashing is a one-way operation, so no one could use it to figure out your private key.
In a later post, I’ll explain how NFT’s work on the Ethereum blockchain, which builds on this concept (e.g., by allowing artists to cryptographically sign their work to prove it’s an original rather than a copy).
But before we get there, I want to explain how this technology could be much bigger than that—it could actually be critical for the future of our democracy.
I’ll explain in three parts:
(1) Blockchain tech is “trustless.” Could it replace social security numbers?
When you sign something with your private key, it produces a unique hash, and that hash offers absolute proof that it was you who did the signing.
Think about how our society tries to accomplish something similar today:
Say you’re applying for a credit card or bank account, especially over the Internet. How do you prove it’s really you who’s applying?
The most common way is to give them your social security number. But that method is ridiculously insecure. If someone intercepts your social security number, all they have to do is find out a few more basic facts about you (your home address, mother’s maiden name, a street you lived on a few years ago, etc.), and then they can basically take over your identity.
Blockchain technology and cryptographic signing offer sophisticated ways of proving you are who you say you are—without actually handing over something that would allow your identity to be stolen. Here’s an article from 2018 in Fortune Magazine about how blockchain could replace social security numbers someday.
What about other areas where verifying identity is important? Imagine truly secure voting—no more chance of fraud if everything is cryptographically signed and stored on the public blockchain.
You might hear people refer to cryptocurrency or blockchain technology as “trustless.”
What that means is that two or more people can buy or sell things to each other (or even start a business together, etc.), all without needing to trust one another.
In contrast, when you talk to a bank employee over the phone and they ask you to read them your social security number, you have to trust that person not to write it down for nefarious purposes. When you use Facebook, you have to trust that its employees aren’t secretly saving all your private photos and reading all your private messages.
But with a trustless system, all you have to trust is the system itself. Of course, there’s still an element of trust required since real people wrote the code for the system, but the difference is that crypto is decentralized. It’s not a single central authority keeping the code private and making all the decisions. It’s open, so anyone can check the code or contribute to it.
When you execute a crypto-based transaction with someone through your wallets, you don’t need to stop to assess their moral character or have them sign a legal contract—you can just trust the system to treat you both fairly according to the programming.
With me so far?
This is where things get really interesting.
(2) Blockchain tech allows for even more complex identity management, which might lead to a “pseudonymous economy” and protection from oppression.
Think about some of the dangers of being a public figure online nowadays. With cancel culture and doxing, if you say something on Twitter that certain people disagree with, you could have your life destroyed. Your critics might publicly campaign until you’re fired at work, and you might even have people find out where you live and show up in person to threaten you with physical harm.
(Note: Cancel culture is highly complex, and I’ve written a lot about it in regards to anti-racism work. Bottom line: There are some situations in which public call-outs might be necessary—for example, if a marginalized group is fighting for basic rights against a group with structural power that hasn’t otherwise listened—but it’s much harder to argue that it’s ever appropriate to dox someone and show up at their door to physically threaten them.)
So, what can we do about this?
One potential option, coined by Balaji Srinivasan, is called the pseudonymous economy—a world where people choose to use pseudonyms online rather than their real identities. If you tweeted from a secure alias instead of your real name, it would be a lot harder for people to threaten your physical safety.
Certainly, people already do that, but the difference is that your real identity is still required for a lot of things—for example, if you run a for-profit YouTube channel, you’ll need your real name to get paid.
Plus, if you go by “CryptoExpert5000” on one platform, there’s nothing to stop someone else from copying that username on a different platform and claiming to be you. How could you prove you’re the real CryptoExpert5000?
Enter blockchain technology and cryptographic signing. If you sign everything you create or write with the CryptoExpert5000 private key, you can prove that it was actually you who made it or wrote it.
Now, pair that with technology to change your face and voice in real-time, and you could successfully create online videos, get on Zoom calls, and run a business without any worry of being tracked down in real life. Check out this video of real-time virtual streamer Code Miko. This kind of thing is about to get a lot more common, especially once the graphics improve.
This isn’t just about cancel culture, either—think about how useful all this would be for resisting an oppressive government.
Imagine being a citizen of China, North Korea, or Russia who publicly criticizes the government. Today, you might be poisoned or tracked down and sent to a forced labor camp. But in this “pseudonymous” future of blockchain-based identities we’re imagining, you could create an online identity from which you could speak your mind, gather donations, make business deals, and so on, all while staying safe from censorship and physical harm.
(Note: There are all sorts of sociological implications here that I’m glossing over, and I’m not even claiming that all of this is the right approach to solving these huge issues. In this post, I’m just offering an exploration of what might be possible from a technical perspective.)
(3) Blockchain tech could also be crucial in fighting disinformation.
Are you familiar with deepfakes? Through the magic of machine learning, deepfakes are fake videos that are often indistinguishable from the real thing. Most commonly, a deepfake creator will put a famous person’s face on someone else’s body, or they’ll make it look and sound like a famous person is saying something they didn’t actually say.
If you haven’t seen any before, take a few minutes to watch some. The tech here is amazing and terrifying. If you thought the “fake news” phenomenon was a problem now, just wait a few years for this technology to become even more advanced. It will be almost impossible to tell if a politician or famous figure actually said something once a deepfake of it is being passed around online.
This is an immense problem for society.
It’s one thing to read a surprising quote in print—it’s still easy to imagine that it might have been taken out of context or misrepresented. But once you’ve actually seen a video of someone saying something, it sticks with you. Even if you know it was fake, it might still change how you think about that person in the future.
Conspiracy theories are already bad, but they’ll get a lot worse once people create high-quality deepfakes of politicians or experts seeming to confirm that those conspiracies are true.
Imagine instead a future where there’s a blockchain-based YouTube competitor. Let’s say someone releases a deepfake video of a politician saying something surprising, and it even has a CNN logo in the corner that looks pretty official.
In this future world, the crypto wallet built into your browser might automatically check the video to see if it was cryptographically signed by CNN. Maybe CNN’s cameras even have their own unique cryptographic signatures logged on the blockchain, so you can trace the footage back to how, where, and when it was filmed.
If those unforgeable signatures aren’t in place, you know the video is probably fake.
This part of blockchain tech isn’t talked about as often; but, to me, it feels like one of the most critical use cases for the future of our democracy.
Before I wrap up this post, let’s get back to wallets & keys and recap how they work at the fundamental level:
- Imagine that everyone with a Bitcoin wallet is given a secured physical vault. The vault has two different locked doors.
- The first locked door on the top of your vault opens to a piggy bank slot where coins can be deposited; but, it’s too small to reach in and pull coins back out. You want anyone to be able to deposit coins into your vault, so you make a million copies of the key to that slot and hand them out to all the other Bitcoin users. That key is your public key.
- The second locked door is the big vault door on the front. When you open this door, you can take out all your coins. So, it’s important to keep this key safe. It’s called your private key.
- Both the public key and the private key are really just long strings of numbers and letters that are extremely hard to crack.
- When a public key is publicly shared, it’s hashed by your wallet so that other computers can recognize it (and they know for sure it was signed by your private key), but your actual keys aren’t shared.
- Since it’s so important to never lose your private key, your wallet also gives you a seed phrase of 24 words that can recreate your private key if you lose it (which is why you should never share your seed phrase with anyone else).
- Cryptographic keys aren’t just useful for financial transactions. If an app runs on the blockchain, you can use your wallet (and the keys stored within) to sign messages, documents, images, etc. to publicly confirm that they came from you.
One more thing to emphasize here: Notice that all of the above is happening without a bank, lawyer, notary, or traditional financial institution being involved. You’re able to store money in a digital wallet and send it to other digital wallets without any middle-man. Everything is highly secure, but you’re not paying a team of security experts and administrators to manage the infrastructure as with a traditional bank.
You don’t pay the blockchain to store your money for you. The only time you pay a small fee is when you initiate a transaction like buying or selling—and that fee goes directly to whichever person lent their computer resources (i.e., their node) to validate your transaction.
Cool. Now how do I actually get a wallet? What do they look like? Which one is best? Find out in Part 6: Overview of the different types of wallets, which one is best for you, what to be careful of, and why a hardware wallet might be worth the investment.