The Physics of Wallets: Curves, Keys & Entropy

Why your money is a large integer. The physics of Elliptic Curve Cryptography ($d \times G = Q$), Hierarchical Deterministic (HD) Derivation, and Entropy Math.

Intermediate • 45 min read • Expert Version →

🎯 What You'll Learn

Deconstruct Elliptic Curve Cryptography (secp256k1)
Analyze HD Wallet Derivation Paths (BIP32/BIP44)
Trace the Signing Process ($r, s$ values)
Calculate the brute-force time for a 256-bit key
Audit a Seed Phrase for insufficient entropy

Introduction

There is no “Wallet”. There are no “Coins” inside your phone. There is only a Private Key: A 256-bit integer $k$ such that $(0 < k < n)$ .

Everything else (the app, the seed phrase, the “balance”) is just user interface. This lesson explores the mathematics that turns a random number into a bank vault.

The Physics: Trapdoor Functions ( $d \times G = Q$ )

Cryptographic ownership relies on the Discrete Logarithm Problem. Bitcoin uses the curve secp256k1: $y^2 = x^3 + 7$ .

The Equation for Public Key: $Q = d \times G$

$d$ : Your Private Key (Scalar).
$G$ : The Generator Point (Constant).
$Q$ : Your Public Key (Point on Curve).
$\times$ : Elliptic Curve Point Multiplication.

Physics: Given $d$ and $G$ , it is trivial to calculate $Q$ . Given $Q$ and $G$ , it is thermodynamically impossible to calculate $d$ . You would need more energy than exists in the Observable Universe.

Deep Dive: Hierarchical Deterministic (HD) Wallets

How does 1 Seed Phrase generate 1 Million addresses? BIP32 (The Tree of Keys).

The Physics:

Seed: Converted to a 512-bit “Master Key” (Key + Chain Code).
Child Derivation: $H(ParentKey + Index) \rightarrow ChildKey$ .
Path: m/44'/60'/0'/0/0 (Ethereum Standard).
- 44': BIP44 Purpose.
- 60': Ethereum Coin Type.
- 0': Account 0.
- 0: External Chain (Receiving).
- 0: Address Index 0.

This allows you to backup 1 key (the root) and recover the entire forest of accounts.

Strategy: Entropy Math (Brute Force)

A Seed Phrase is 12 or 24 words from a list of 2048 (BIP39). Is 12 words secure?

The Math:

Total Combinations: $2048^{12} \approx 5.4 \times 10^{39}$ .
Physics: There are $\approx 10^{80}$ atoms in the universe.
Attacker: Even if they could check 1 trillion keys per second per atom, they would not find your key before the heat death of the universe.

Risk: The risk is not Brute Force. The risk is RNG Failure. If your Random Number Generator outputted 000000..., your key is predictable.

Code: Deriving a Public Key

import ecdsa
import binascii

def derive_public_key(private_key_hex):
    # Decode hex private key
    priv_key_bytes = binascii.unhexlify(private_key_hex)

    # Create Signing Key object using SECP256k1 curve
    sk = ecdsa.SigningKey.from_string(priv_key_bytes, curve=ecdsa.SECP256k1)

    # Generate Verifying Key (Public Key)
    vk = sk.verifying_key

    # Return compressed public key
    return binascii.hexlify(vk.to_string()).decode()

# Example Private Key (Do not use with real funds!)
# 1111111111111111111111111111111111111111111111111111111111111111
print(derive_public_key("1111111111111111111111111111111111111111111111111111111111111111"))

Practice Exercises

Exercise 1: The Trapdoor (Beginner)

Concept: Multiply $G$ by 2. It’s easy ( $G+G$ ). Multiply $G$ by 3. Easy ( $2G+G$ ). Task: Try to divide $Q$ by $G$ to find 3. (Answer: Point Division is not defined. You must brute force: “Is it 1? No. Is it 2? No…”).

Exercise 2: Derivation Path (Intermediate)

Scenario: You use the wrong path (m/44'/0'/0'/0/0 instead of m/44'/60'/0'/0/0). Result: Your keys are valid, but they are Bitcoin addresses, not Ethereum addresses. Your ETH wallet won’t see them.

Exercise 3: RNG Failure (Advanced)

Scenario: Android 2013 Bug. The SecureRandom class wasn’t random. Result: Thousands of wallets generated keys with low entropy. Hackers drained them instantly.

Knowledge Check

What is the “Discrete Logarithm Problem”?
Why do we use Elliptic Curves instead of RSA?
What allows one seed to generate many keys?
How many bits of entropy are in a 12-word seed?
What is “hardened derivation” in BIP32, and why does it exist?

Answers

Irreversibility. Computationally trivial to compute $A^k$ , hard to find $k$ given $A^k$ .
Efficiency. Smaller keys (256-bit) provide same security as huge RSA keys (3072-bit).
BIP32. Deterministic math using Parent Key + Index + Hashing.
128 bits. ( $12 \times 11$ bits per word - checksum).
Hardened derivation uses the parent private key in the hash instead of the parent public key. This prevents a compromise of a child private key + parent public key from revealing the parent private key, which would expose all sibling keys.

Summary

Key: Large Number.
Curve: The Trapdoor.
Seed: The Root.

Want to go deeper?

Weekly infrastructure insights for engineers who build trading systems.

Free forever. Unsubscribe anytime.

You're in. Check your inbox.

Questions about this lesson? Working on related infrastructure?

Let's discuss