Cryptography Basics: Hash Functions and Digital Signatures

When you deposit money in a bank, your funds are protected by regulation, insurance (FDIC up to $250K), and the legal system. If the bank steals your money, you can sue. If it goes bankrupt, the government steps in. Trust is enforced by institutions and lawyers.

On a blockchain, none of that exists. There is no FDIC. There is no customer support hotline. There is no court that can reverse a transaction. Instead, your funds are protected by something quieter and far more reliable: mathematics that has never been broken in the history of computing.

Consider what actually happens when you "own" one Bitcoin. There is no coin, no certificate, no account balance held in a vault with your name on it. What you own is a single secret number. Whoever can prove they know that number controls the coin — and the proof can be checked by anyone in the world without ever revealing the number itself. That sentence sounds impossible. The rest of this lesson explains exactly how it is done.

Three cryptographic tools make the entire system work: hash functions, public-private key pairs, and digital signatures. They are the same primitives that secure your bank's website, your messaging apps, and every HTTPS connection you have ever made — crypto just uses them more honestly, with no trusted middleman papering over the gaps. Understanding these isn't academic. It is the difference between knowing why your money is safe and merely hoping it is.

A hash function takes any input — a single letter, a novel, an entire database — and produces a fixed-size output called a hash (or digest). Bitcoin uses SHA-256, which always produces a 256-bit output (64 hexadecimal characters) regardless of whether you feed it one byte or one terabyte.

A handful of properties turn this simple-sounding operation into the backbone of blockchain security:

• Deterministic — the same input always produces the same hash. Hash "Hello" a million times across a million machines and you get the identical 64-character string every time.
• Avalanche effect — changing one bit of the input scrambles the entire output. "Hello" and "Hello!" produce hashes with no visible relationship to each other.
• Preimage resistance (one-way) — given a hash, you cannot work backward to find the input that produced it. The only known method is to guess inputs and hash them until one matches — which, for a 256-bit space, is computationally hopeless.
• Collision resistance — it is infeasible to find two different inputs that produce the same hash. For SHA-256, finding a collision would take roughly 2¹²⁸ operations — more than the number of atoms in a mountain range.
• Fast to compute — verifying a hash is near-instant, which is what lets thousands of nodes re-check the chain cheaply.

This combination is what makes blockchains tamper-evident. Each block contains the hash of the previous block. If anyone alters a historical transaction, that block's hash changes, which breaks the link in every block after it. The corruption doesn't hide — it lights up the entire chain like a tripwire, and every honest node rejects the forged version instantly.

Hashing also does the heavy lifting in Proof of Work. Bitcoin miners race to find an input that, when hashed with the block data, produces an output below a target threshold (a hash starting with many zeros). Because the output is unpredictable, the only strategy is to try trillions of guesses per second. That wasted electricity is precisely what makes rewriting history prohibitively expensive — security bought with raw computation.

Hashing proves data hasn't changed. To prove who you are, blockchains use public-key cryptography — also called asymmetric cryptography. Your identity is a pair of mathematically linked numbers, where one direction of the math is easy and the reverse is effectively impossible.

Private key — a 256-bit random number, essentially an unguessable secret. This is your proof of ownership. Whoever holds this number controls the funds at the associated address. There is no "forgot password" flow and no support desk. Lose it, and the funds are gone forever; leak it, and they can be stolen in seconds.

Public key — derived from your private key using elliptic curve mathematics (Bitcoin and Ethereum use the secp256k1 curve). Your wallet address is then derived from the public key by hashing it. You share the address freely — anyone can send you funds with it. But the relationship is strictly one-way: a public key reveals nothing about the private key that produced it, exactly the way a hash reveals nothing about its input.

This asymmetry is the whole trick. The same pair supports two complementary operations:

• Encryption — anyone can encrypt a message with your public key, and only your private key can decrypt it. (This is how secure messaging and TLS/HTTPS protect data in transit.)
• Signing — you sign with your private key, and anyone can verify with your public key. This is the operation blockchains care about: it proves authorization without exposing the secret.

Crypto wallets lean on the signing direction. Why not encryption? Because a transaction isn't secret — it's published to the whole world. What matters is proving you authorized it. That's the job of a digital signature, which we unpack next.

A digital signature is the cryptographic glue that binds hashing and key pairs together. It answers three questions at once: Did this person really authorize this? Has the message been altered? Can they later deny it? In cryptography these are called authentication, integrity, and non-repudiation.

Signing a transaction is a three-step process:

• 1. Hash. The full transaction data — sender, recipient, amount, fee — is run through a hash function to produce a fixed-size digest. Signing the compact digest instead of the raw data is faster and keeps the signature size constant.
• 2. Sign. Your private key is mathematically combined with that hash to produce the signature — a number that could only have been generated by someone holding your private key, for this exact hash. Bitcoin and Ethereum use the Elliptic Curve Digital Signature Algorithm (ECDSA) on the secp256k1 curve to do this.
• 3. Verify. Anyone on the network feeds three things into the verification algorithm — the transaction, the signature, and your public key. The math returns a simple true/false. True means the signature genuinely came from the private key matching that public key, and the transaction hasn't been altered by a single bit since it was signed.

The elegance is that your private key never leaves your device and never appears on the blockchain. Verifiers prove you authorized the transaction without ever seeing your secret — like proving you know a password by answering a challenge, rather than by speaking the password aloud.

Two more properties matter in practice. A signature is bound to one specific transaction: change the amount or the recipient by a single character and the hash changes, so the old signature no longer verifies. And it cannot be replayed: an attacker who copies your signature can't paste it onto a different transaction, because it only validates against the exact data it was made for. This is why a worried "digital signature" is nothing like a scanned image of your handwriting — a handwritten signature looks the same on every document, whereas a cryptographic one is unique to each message and impossible to forge without the private key.

Everything above hinges on one fragile object: the private key. The entire crypto industry has been stuck choosing between two bad ways to protect it.

Option 1: Custodial (the exchange holds your keys) — Convenient, but you're trusting a company exactly as you would a bank, with none of the legal backstop. FTX users trusted Sam Bankman-Fried. Mt. Gox users trusted Mark Karpelès. Both lost everything.

Option 2: Self-custodial (you hold your keys) — Secure in principle, but one mistake is fatal. An estimated 3.7 million BTC (~$220 billion) has been permanently lost because owners misplaced their private keys or seed phrases. There is no undo.

GaiaEx uses a third approach: MPC (Multi-Party Computation) wallets.

Instead of storing the complete private key in one place, MPC never creates a complete key in one place to begin with. The key material is split into multiple encrypted key shards distributed across independent parties — your device, GaiaEx's secure infrastructure, and a third-party backup. No single party ever possesses the whole key, not even for an instant.

To sign a transaction, the parties run a cryptographic protocol that produces a valid ECDSA-compatible signature collaboratively, without any party ever reconstructing the full key. The shards perform their part of the math locally and exchange only intermediate values that reveal nothing about each other's secret. The output is an ordinary signature the blockchain verifies like any other — the network can't even tell MPC was used.

Knowing how keys work is only half the battle; the other half is where they live. Professional crypto operations — exchanges, funds, custodians — never keep all assets behind one key in one place. They use a tiered architecture that trades speed against exposure:

Hot Wallet — connected to the internet, used for instant withdrawals. Holds only the minimum balance needed for liquidity. Fast but the most exposed to attack. Think of it as the cash register at a store.

Warm Wallet — semi-connected, used to refill hot wallets. Moving funds requires multiple approvals. Medium security, medium speed. Like the safe in the back office.

Cold Wallet — completely offline. Air-gapped hardware that never touches the internet, so a remote attacker simply has nothing to reach. Maximum security, but signing requires physical access, which makes it slow. Like the vault at a bank's headquarters.

MPC Wallet — the next evolution. Instead of relying on physical isolation (cold storage) or connectivity trade-offs (hot/warm), MPC provides security through mathematical key splitting. The key never exists in one place, so there is nothing to steal even if a single device is fully compromised. GaiaEx uses MPC as the primary wallet layer, combining the security posture of cold storage with the operational speed of a hot wallet.

The math is unbroken, but math is not the whole system. Honest education means naming where the real risk actually lives — and it is almost never the algorithms.

• The endpoints, not the cipher. SHA-256 and ECDSA have never been cracked. Nearly every "crypto hack" is a failure at the edges: a private key copied off an infected laptop, a phishing site that tricks you into signing a malicious transaction, or a buggy smart contract that approves a drain. The cryptography held; the human or the software around it didn't.
• Key management is the hard problem. A perfect signature scheme is worthless if the key is stored in a screenshot, emailed to yourself, or written on a sticky note. Public-key cryptography moves the entire burden of security onto keeping one secret secret. This is exactly the burden MPC is designed to remove.
• Irreversibility cuts both ways. A valid signature is final. No one can forge your authorization — and no one can reverse a mistaken one for you. Sign a transaction to the wrong address and the funds are gone; the verification algorithm has no concept of "I didn't mean that."
• The quantum horizon. A large enough quantum computer could, in theory, derive a private key from a public key by breaking the elliptic-curve math (hashing is far more resistant). That hardware does not exist today, but the industry is already standardizing post-quantum algorithms — NIST finalized its first set in 2024 — and "harvest now, decrypt later" is why forward-looking custodians track the transition closely.

Three primitives, working in concert, replace an entire legal and institutional apparatus with code anyone can check:

• Hash functions compress any data into a tamper-evident fingerprint — securing the chain of blocks and powering Proof of Work.
• Public-private key pairs give you an identity where one number is shared freely and one stays secret, with no way to compute the secret from the public half.
• Digital signatures combine the two to prove you authorized a specific transaction, verifiable by anyone, without your secret ever leaving your device.

This is what people mean when they say crypto is "trustless." It doesn't mean there's no trust — it means the trust is placed in mathematics that has never failed rather than in a company that eventually might. The records are public, the rules are code, and no single human can quietly change the outcome.

GaiaEx takes these primitives and removes their one ergonomic flaw — the fragile single key — by signing with MPC across distributed shards. You get the security guarantees of the math and the convenience of a modern app, without choosing between "trust an exchange" and "never make a mistake." That is the whole point of this lesson: your money is safe because of what is mathematically true, not because someone promised it would be.