Mental Model: Public-Private Keys

11 Mar, 2026

A "private-key" is a fixed-size bytes value.

Using some cryptographic scheme, for a given private-key, we can derive a unique corresponding "public-key".

A public-private key pair is asymmetric; one cannot derive back a private-key from a public-key.

A private-key and its public-key are exclusively linked to each other under the operation of signing.

sign is an operation $\text{sign}(\text{data},\text{private-key})\to \text{signature}$ which takes any variable-length bytes data and a private-key as inputs, and produces a signature as output.

A corresponding verify operation can be used to verify whether a given signature was produced by the private-key corresponding to a given public-key.

$\text{verify}(\text{data},\text{signature},\text{public-key})\to \text{bool}$

The sign and verify operations together make a private-public key pair a fantastic "digital identity".

A user can publicly identify themselves by publishing their public-key. They can verifiably attest to data without ever revealing their private key. So long as the private key is never leaked, impersonation is impossible.