Public Keys in Monero
Author is nowhere close to being a cryptographer. Be sceptical on accuracy.
Public key is deterministically derived from private key based on edwards25519 curve with a little Monero-specific twist.
Public key is meant to be shared. Assuming correct implementation, it is not practically possible to recover private key from public key.
Public key is a point (x,y) on the elliptic curve.
In equations points are represented by uppercase letters.
In user-facing contexts, public key is encoded in a little-endian hexadecimal form, like: 016a941812293cf9a86071060fb090ab38d67945e659968cb8cf30e1bc725683
Deriving public key
Say:
- P is a public key
- x is a private key
- G is a “base point”; this is simply a constant specific to edwards25519; this point lies on the elliptic curve
Then:
P = xG
The public key is simply the base point (G) multiplied by the private key (x). Multiplying the point is adding the point to itself a number of times.
However, the addition is not a simple vector addition. It has a very specific definition nicely described in this article. What is important is that result of addition is always a point on the curve. For example, G + G is another point on the curve.
Use cases
Monero address is composed of public spend key and public view key. These keys are used to build stealth addresses to receive payments.