relationship between seed phrase, wallet address, public key, UTxO, verification key, and signing key

Question

Everything I read about cryptography talks about a "public key" and a "private key". However, the Cardano CLI reality appears more complex.

As I understand it, the 24 word seed phrase is sufficient to generate all the keys and wallet addresses necessary for a Daedalus wallet to function.

If I bypass Daedalus and the seed phrase process and instead generate a signing key (.skey) and a verification key (.vkey) using

cardano-cli address key-gen {parameters}

and an address from those using

cardano-cli address build {parameters}

what qualifies as the "public key"? The signing key (.skey) is obviously the private key. As far as I can tell, once the wallet address is generated, the .vkey file is no longer used. The wallet address of the sending wallet is not necessary for sending ADA. So it appears that the UTxO is the "public key". However, that is not reflected in the language of the articles I have read, which refer to the wallet address as the public key.

It does seems that the UTxO is cryptographically married to the (sending) wallet address, or at least the signing key (which is of course cryptographically married to the wallet address). I have tried sending test ADA thru the CLI from a UTxO from wallet B while signing with the skey for wallet A, and of course that fails. Does that digital marriage between UTxO and (sending) wallet address make it irrelevant which one is the public key?

Answer 1

Firstly, UTXOs are not “public keys” anymore so than mail is not your mailbox. Think of your wallet/address as the mailbox, the UTXO as the mail, and the .skey as the key to the mailbox. It is true that when a UTXO is sent to an address, the only way to unlock it is to use the corresponding address’s private key. However, this is an specific feature of cryptocurrency blockchains, and should not be confused with the “cryptographic marriage” that exists between public/private keypairs. Actually, this “marriage” is more like a parent-child relationship because the public key is derived downstream of the private key.

Second, when you use Cardano-cli to generate keys, it does so randomly, without following any hierarchical deterministic (HD) wallet derivation standards. To derive keys from a 24 word mnemonic, the HD standard is used by wallet software (like Daedalus).

In principle, the .vkey file is commonly used for a wide variety of verification purposes. It is used anytime a private key needs to be linked with something without exposing the private key itself (i.e. smart contract scripting, building addresses, message signing, e.t.c.)

In your case, if all you are doing is generating an address once and only once to use for basic sending/receiving, then yes, the .vkey is relatively obsolete (also if you ever need it you can re-derive it from the .skey with cardano-cli).

Answer 2

The seed phrase corresponds to the root key for derivation. From that root key you can derive account keys (unique wallets with their own payment/stake keys) and the account key typically derives a single stake key and numerous payment keys, 20 at a time. An address is the combination of some header information, the hash of payment public key and hash of stake public key. A utxo is created by sending funds to one of those addresses. The utxo is identified by the hash of the transaction sending the funds and the index of the output in the transaction. When those funds are sent elsewhere, that transaction is then spent and no longer a utxo or unspent transaction output. If you want to use CLI with a seed phrase you need to utilize cardano-addresses command. Here's a python library that shows how the two CLI commands can be used: https://github.com/input-output-hk/adawallet/blob/master/adawallet/adawallet/lib.py