Private Keys in Monero¶
Author is nowhere close to being a cryptographer. Be sceptical on accuracy.
In Monero, the root private key is generated randomly. Other private keys are derived deterministically from the root private key.
Private key must be kept secret.
Private key is a large integer impossible to guess, like:
Private key is 256 bits long.
Private key is a scalar, meaning it is a single value.
In equations scalars are represented by lowercase letters.
Relation to Ed25519¶
Being simply a random integer, private key is not specific to any particular asymmetric cryptography scheme.
In context of Monero EC cryptography the private key is a number the base point
G is multiplied by.
The result of the multiplication is the public key
P (another point on the curve).
Multiplication of a point by a number has a very special definition in EC cryptography.
See this this guide for details.
Before deriving the public key, private key is subject to modulo
l is the maximum scalar allowed by the edwards25519 curve.
l is on the order of 2^252, so the effective key strength is technically 252 bits, not 256 bits.
This is standard for EC cryptography and is more of a cosmetic nuance than any concern.
In user-facing contexts, the private key integer is:
- Taken modulo
lto avoid malleability
- Put as array of 32 bytes in a little-endian direction (the first byte is the least significant)
- Converted to hexadecimal form, like:
Private spend key¶
Private spend key is used to spend moneros.
More specifically, it is used to build one-time private keys which allow to spend related outputs.
Private view key¶
Private view key is used to recognize your incoming transactions on the otherwise opaque blockchain.
One-time private keys¶
One-time private key like construct is used in stealth addresses.