Encryption underpins nearly every layer of security in cryptocurrency, from the wallet file sitting on a user's laptop to the network traffic passing between blockchain nodes. There are two broad families: symmetric encryption, where the same key encrypts and decrypts data, and asymmetric encryption, which uses a linked pair of public and private keys so that only the intended recipient can read a message.
Most crypto wallets rely on symmetric ciphers, specifically AES-256, to protect the private key stored on disk. Bitcoin Core, for example, encrypts its wallet file with AES-256-CBC using a key derived from the user's passphrase, so the raw private key is never written in plaintext; the wallet only decrypts it briefly in memory when a transaction needs signing. Ethereum keystore files follow a similar pattern, combining a key-derivation function such as scrypt with AES and a message authentication code to confirm the correct password was entered.
Beyond wallet storage, encryption secures several other parts of the crypto stack:
- TLS encrypts the connection between a wallet app, exchange, or full node and the servers it talks to.
- Exchanges encrypt customer data and internal key material at rest to limit the damage from a server breach.
- Some messaging and privacy-focused wallets encrypt metadata or notes attached to a transaction.
Blockchain signatures themselves rely on asymmetric cryptography, generating key pairs through elliptic-curve algorithms rather than AES. This distinction matters for the emerging quantum-computing threat: researchers warn that a sufficiently powerful quantum computer could eventually break the elliptic-curve math securing networks like Bitcoin, while symmetric ciphers such as AES-256 are considered far more resistant. Standards bodies are already finalizing post-quantum algorithms so blockchains can migrate before that becomes a practical risk.