Skip to main content

Public Key | Bitcoin Glossary | Mapping Bitcoin

Public Key

Cryptography

Also known as: pubkey

A cryptographic key derived from a private key using elliptic curve multiplication. Public keys can be freely shared and are used to generate Bitcoin addresses and verify digital signatures, without compromising the secrecy of the associated private key.

Overview

A public key in Bitcoin is a point on the secp256k1 elliptic curve, derived from a private key through elliptic curve point multiplication. This mathematical operation is a one-way function: given a private key, anyone can compute the corresponding public key, but deriving the private key from a public key is computationally infeasible. Public keys serve as the foundation for Bitcoin addresses and digital signatures.

How Public Keys Are Derived

Key Derivation:

  Private Key (256-bit number)
        │
        ▼
  Elliptic Curve Multiplication
  (point multiplication on secp256k1)
        │
        ▼
  Public Key (point on the curve)
        │
        ├──> Compressed:   33 bytes (02 or 03 prefix + x-coordinate)
        │    Example: 02b4632d08485ff1...
        │
        └──> Uncompressed: 65 bytes (04 prefix + x + y coordinates)
             Example: 04b4632d08485ff1...
        │
        ▼
  Hash (HASH160 = RIPEMD160(SHA256(pubkey)))
        │
        ▼
  Bitcoin Address

Compressed vs. Uncompressed

Modern Bitcoin software exclusively uses compressed public keys (33 bytes) rather than uncompressed keys (65 bytes). Since the y-coordinate of a point on the elliptic curve can be calculated from the x-coordinate (with a parity bit), the compressed format stores only the x-coordinate with a prefix byte indicating whether y is even (02) or odd (03). This saves space in transactions and reduces fees.

Role in Transaction Verification

When someone spends bitcoin, they provide a signature and their public key. Every node on the network uses the public key to verify that the signature is valid and that the public key hashes to the address the funds were locked to. This verification process ensures that only the holder of the corresponding private key could have authorized the spend.

Public Key Exposure

In P2PKH and P2WPKH transactions, the public key is hashed to create the address. The actual public key is only revealed when the output is spent. This provides a theoretical layer of quantum resistance for unspent outputs, since an attacker with a quantum computer would need to derive the private key from the public key, which is only exposed at spend time.

Common Misconception

A public key is not the same as a Bitcoin address. The address is derived from the public key through one or more hashing steps. While a public key can be safely shared, Bitcoin best practice is to share addresses instead, as addresses are shorter, include error-detection checksums, and keep the public key hidden until spending time.

Related Terms

Key PairCryptography

A mathematically linked pair of cryptographic keys: a private key (kept secret) used to sign transactions and a public key (shared openly) used to verify signatures and derive addresses. The private key can generate the public key but not vice versa.

AddressProtocol

A string of characters derived from a public key that serves as a destination for Bitcoin payments. Addresses come in several formats including legacy (starting with 1), P2SH (starting with 3), and native SegWit/Bech32 (starting with bc1).

Elliptic Curve Cryptography (ECC)Cryptography

A public-key cryptography system based on the algebraic structure of elliptic curves over finite fields. Bitcoin uses the secp256k1 curve to generate key pairs and create digital signatures that prove ownership of funds.

Digital SignatureCryptography

A cryptographic proof that the holder of a private key has authorized a transaction without revealing the key itself. Bitcoin uses ECDSA and Schnorr signature schemes to verify that transaction inputs are being spent by their rightful owner.