Cryptography Basics Every Blockchain Developer Needs

Blockchain security rests on three cryptographic primitives. You don’t need to implement them — but you must understand what they guarantee.

1. Hash Functions

A cryptographic hash function takes any input and produces a fixed-length output (the “digest”). Bitcoin uses SHA-256.

Critical properties:

  • Deterministic — same input always gives same output
  • One-way — you cannot reverse the hash to find the input
  • Avalanche effect — changing one bit of input changes ~50% of the output bits
  • Collision resistant — it is computationally infeasible to find two different inputs with the same hash
SHA-256("Hello") = 185f8db32921bd46d35bea2f8b52aa52f57d71a8d97e68350a12e1c1c88...
SHA-256("hello") = 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938...

One character difference, completely different hash. This is how blockchains detect tampering.

2. Public-Key Cryptography (Asymmetric)

You have two mathematically linked keys:

  • Private key — kept secret. Used to sign transactions. Like your PIN.
  • Public key — shared openly. Used to verify your signature. Like your account number.

Your Bitcoin address is derived from your public key (hash of hash). Anyone can send funds to your address. Only your private key can spend them.

The golden rule: lose your private key = lose your funds. There is no “forgot password” in Bitcoin.

3. Digital Signatures (ECDSA)

When you send Bitcoin, you produce a digital signature using your private key. This signature proves:

  1. You own the private key corresponding to the sending address (authentication)
  2. The transaction data has not been altered in transit (integrity)

Ethereum uses the same elliptic curve (secp256k1). Anyone can verify the signature using only your public key — without ever seeing your private key.

Merkle Trees

Bitcoin blocks use a Merkle tree to efficiently store and verify transactions. Each transaction is hashed, then pairs of hashes are hashed together, until a single root hash (the Merkle root) represents all transactions in the block. This allows lightweight clients to verify that a specific transaction is in a block without downloading all transactions.

← Previous How Bitcoin Works — The First Blockchain Next → Consensus Mechanisms: PoW, PoS, and Beyond