Top Cryptographic Primitives Behind Every Blockchain
A guide to the core cryptographic primitives that make blockchains work—hash functions, digital signatures, Merkle trees, elliptic-curve crypto, and commitments.
- guide
Every blockchain claim — "this transaction is final," "this address owns this asset," "this history hasn't been altered" — ultimately reduces to a handful of cryptographic primitives doing narrow, well-defined jobs. None of them are blockchain inventions. Hash functions, digital signatures, and Merkle trees predate Bitcoin by decades. What blockchains did was combine them into a system where no single party has to be trusted for any of those claims to hold.
This guide walks through the primitives that actually carry the weight: hash functions that fingerprint data, digital signatures that authorize transactions, Merkle trees that make huge datasets verifiable in pieces, the elliptic-curve math those signatures run on, and commitment schemes — the building block that leads into zero-knowledge proofs. Understanding each one is the fastest way to understand what a blockchain is actually doing under the hood.
Cryptographic Hash Functions (SHA-256, Keccak)

A hash function takes an input of any size and deterministically produces a fixed-size output — a "digest" — such that flipping a single bit of input scrambles the output completely, and finding two different inputs that hash to the same output is computationally infeasible. That property, collision resistance, is what makes a hash usable as a compact, tamper-evident fingerprint for arbitrarily large data.
Bitcoin uses SHA-256 throughout: block headers are chained by embedding the SHA256(SHA256()) hash of the previous header in each new one, so altering any past block changes its hash and breaks every header that follows it (Bitcoin Developer Guide). The same double-SHA-256 construction hashes transactions into the block's Merkle tree (Bitcoin.org reference).
Ethereum instead standardizes on Keccak-256 (the original Keccak submission, distinct from the later NIST SHA-3 standard) as its general-purpose hash. Every account address is derived by taking the last 20 bytes of the Keccak-256 hash of the account's public key (ethereum.org), and the same function underlies the key/value content-addressing used throughout the Merkle Patricia Trie that stores Ethereum's state.
Hashing is also what turns block headers into a genuine chain rather than a loose collection of records — each header's hash depends on the previous header's hash, so rewriting history requires redoing every block after the point you want to change, plus outrunning the honest network's ongoing work. That "chaining" property is the literal reason the data structure is called a blockchain.
Public-Key Cryptography & Digital Signatures (ECDSA, EdDSA, BLS)

A blockchain has no login form, so it needs another way to prove "this transaction really came from the owner of this account." Public-key cryptography solves this with a key pair: a private key kept secret and a public key that can be shared freely. Signing a transaction with the private key produces a digital signature that anyone can verify against the public key — proving authorization without ever revealing the private key itself.
Ethereum accounts derive their public key from the private key using the Elliptic Curve Digital Signature Algorithm, ECDSA, over the secp256k1 curve — the same curve Bitcoin uses (ethereum.org accounts docs; EIP-2, secp256k1 signature malleability fix). ECDSA is fast to verify and has decades of scrutiny, but it has one operational weakness relevant to newer designs: individual ECDSA signatures don't aggregate efficiently, so verifying thousands of them means doing thousands of separate checks.
That's the gap EdDSA and BLS signatures fill. EdDSA (used by chains like Solana and Stellar) uses a different curve construction that's deterministic and resistant to certain implementation pitfalls that have historically caused ECDSA nonce-reuse bugs. BLS signatures go further: because of the mathematical pairing property of the curves they use, many BLS signatures can be combined into a single aggregate signature that verifies all of them at once. Ethereum's proof-of-stake consensus layer relies on exactly this — validators sign attestations with BLS keys so the beacon chain can aggregate votes from hundreds of thousands of validators into signatures compact enough to verify quickly, which is what makes large-scale proof-of-stake practical at all (ethereum.org, The Beacon Chain). Ethereum also exposes BLS12-381 curve operations as EVM precompiles specifically to support BLS signature verification in smart contracts (EIP-2537).
Merkle Trees

A Merkle tree is what lets a blockchain summarize thousands of transactions into a single 32-byte hash without forcing every participant to store every transaction. Leaves are hashes of individual data items (transactions, account states); each pair of hashes is concatenated and hashed again, repeating until one hash — the root — remains (Bitcoin Developer Guide). That root is stored directly in the block header, which is what lets a full node commit to the entire contents of a block using almost no extra space.
The payoff is proof size. To show that one transaction is included in a block, you don't need the whole block — just the transaction plus a "Merkle branch," the sibling hashes along the path from that leaf to the root, typically on the order of log₂(n) hashes for n transactions. This is the basis of Simplified Payment Verification (SPV): a lightweight client that has only block headers can still verify a specific transaction happened by checking its Merkle branch against the header's root, without downloading the entire blockchain (Bitcoin Developer Guide).
Ethereum extends the idea with the Merkle Patricia Trie, a hybrid of a Merkle tree and a prefix (radix) trie used to store the entire account state, not just a list of transactions. Every block header carries three separate trie roots — stateRoot, transactionsRoot, and receiptsRoot — each independently provable (ethereum.org). This is what lets a smart contract or a light client verify a single account balance or a single storage slot without replaying the whole chain.
Elliptic-Curve Cryptography
Elliptic-curve cryptography (ECC) is the mathematical foundation ECDSA, EdDSA, and BLS all sit on top of. Instead of relying on the difficulty of factoring large numbers (as classic RSA does), ECC relies on the difficulty of the elliptic-curve discrete logarithm problem: given a point on the curve reached by adding a base point to itself many times, it's computationally infeasible to recover how many times — even though computing the point itself, going forward, is easy. That asymmetry (easy one direction, hard to reverse) is exactly what makes a private key safe to use for signing while the derived public key stays safe to publish.
The specific curve matters. Bitcoin and Ethereum both use secp256k1, a Koblitz curve standardized by the Standards for Efficient Cryptography Group with well-studied 256-bit parameters (SEC 2: Recommended Elliptic Curve Domain Parameters). Other ecosystems use different curves for different tradeoffs — Ed25519 (the curve behind EdDSA in Solana and Stellar) prioritizes implementation safety and speed, while BLS12-381 is chosen specifically because it supports the pairing operations aggregation needs. All of them deliver roughly the same practical security level per key bit while producing much shorter keys and signatures than equivalent RSA — which is why ECC, not RSA, became the default for blockchain accounts.
Commitment Schemes (a Bridge to Zero-Knowledge)
A commitment scheme lets you "lock in" a value — publish something that binds you to a specific piece of data — without revealing the data itself, and later "open" the commitment to prove what it was. The everyday analogy is a sealed envelope: you can hand someone a sealed envelope today as proof you already decided on an answer, without them seeing it until you choose to open it later, and once sealed, you can't swap the answer inside.
This sounds like a small primitive, but it's the load-bearing piece underneath most zero-knowledge proof systems. Ethereum's blob-based data-availability design, for instance, uses KZG commitments — a polynomial commitment scheme — to reduce a large blob of rollup data down to a single small cryptographic commitment that provers and verifiers can check without processing the full blob (ethereum.org, Danksharding). A Merkle root, in fact, is itself a simple commitment scheme: it commits to an entire dataset via its root hash, and a Merkle branch is the "opening" that reveals one piece of it. ZK-rollups build on more advanced commitment schemes (polynomial and vector commitments) to compress an entire batch of transaction execution into a proof that's cheap to verify on-chain — the topic covered in depth in Perfect vs. Computational Zero-Knowledge.
Comparison: Blockchain Cryptographic Primitives
| Primitive | Property it provides | Where it's used on-chain | Classical vs. post-quantum risk |
|---|---|---|---|
| Hash functions (SHA-256, Keccak-256) | Collision-resistant fingerprinting; chains blocks together | Block hashing, address derivation, Merkle roots | Classically strong at current output sizes; hash-based schemes are generally considered more resilient to quantum attack than today's elliptic-curve signatures |
| Digital signatures — ECDSA | Transaction authorization via a private/public key pair | Bitcoin and Ethereum account signatures | Classically secure; a sufficiently capable large-scale quantum computer is expected to break elliptic-curve-based schemes, which is why NIST has standardized post-quantum alternatives (NIST, 2024) |
| Digital signatures — EdDSA / BLS | Deterministic signing (EdDSA); efficient signature aggregation (BLS) | Solana/Stellar signing (EdDSA); Ethereum validator attestations (BLS) | Same underlying elliptic-curve assumption as ECDSA — same long-term quantum exposure |
| Merkle trees | Compact commitment to a large dataset; small inclusion proofs | Block headers, light-client (SPV) verification, Ethereum's state/transactions/receipts tries | Depends only on the underlying hash function's collision resistance, so it inherits that hash's quantum posture rather than adding new exposure |
| Elliptic-curve cryptography | Mathematical basis for compact keys and signatures | secp256k1 (Bitcoin, Ethereum), Ed25519, BLS12-381 | Vulnerable in the same way as ECDSA/EdDSA/BLS to a future large-scale quantum computer; this is the primary driver of post-quantum migration research |
| Commitment schemes | Bind to a value now, reveal/prove it later, without exposing it upfront | KZG commitments in Ethereum data availability; Merkle roots as simple commitments; building block for ZK-rollups | Security depends on the underlying hash or elliptic-curve assumption used to build the scheme |
How This Connects to Tokenized Domains
Every one of these primitives shows up directly when you tokenize a domain. The NFT representing ownership is secured by the same ECDSA signatures that protect any other blockchain asset — whoever controls the private key controls the domain token, full stop, which is why hardware wallets and careful seed phrase custody matter as much for a tokenized .com as for any other on-chain asset. The domain's ownership record lives in the same Merkle-committed state that secures every other account balance and smart contract on the chain, which is exactly what gives a tokenized domain the same tamper-evidence as any other on-chain asset — transferable, verifiable, and provably owned without a registrar's database being the sole source of truth.
Understanding these primitives also clarifies what tokenization does and doesn't change: the domain's DNS record and registry status still follow ICANN rules, but its ownership proof now runs on the cryptography described above instead of a login-protected registrar account. Explore the broader picture in Blockchain Consensus Mechanisms and Blockchain Scaling Approaches, or start tokenizing at namefi.io.
Sources and Further Reading
- Bitcoin Developer Guide — Block Chain, chaining via SHA256(SHA256()) of the previous header
- Bitcoin Developer Reference — Block Chain, Merkle root construction
- Bitcoin Developer Guide — Operating Modes, SPV and Merkle branches
- ethereum.org — Ethereum Accounts, ECDSA and Keccak-256 address derivation
- ethereum.org — Merkle Patricia Trie, state/transactions/receipts roots
- ethereum.org — Danksharding, KZG polynomial commitments
- EIP-2 — Homestead Hard-fork Changes, secp256k1 signature constraints
- EIP-2537 — Precompile for BLS12-381 curve operations
- SEC 2: Recommended Elliptic Curve Domain Parameters — secg.org
- The Eth2 Book — Signatures and BLS aggregation
- NIST — NIST Releases First 3 Finalized Post-Quantum Encryption Standards
About the author(s)
Related guides
- Top Blockchain Consensus Mechanisms: Proof of Work, Proof of Stake and BeyondA clear guide to blockchain consensus mechanisms—Proof of Work, Proof of Stake, Delegated Proof of Stake, BFT consensus, and how each secures a network.
- Top Blockchain Privacy Technologies: Zero-Knowledge Proofs, FHE, MPC, TEEs and Ring SignaturesA plain-language guide to the five leading blockchain privacy technologies—zero-knowledge proofs, FHE, MPC, TEEs, and ring signatures—compared side by side.
- Top Blockchain Scaling Approaches: Rollups, Sidechains, Channels and ShardingA learner's guide to blockchain scaling — optimistic rollups, ZK rollups, sidechains, payment channels, sharding, and data availability layers compared.
- Top Blockchain Virtual Machines: EVM, SVM, MoveVM, WASM and CairoVMA guide to the top blockchain virtual machines—EVM, SVM, MoveVM, WASM-based VMs, and CairoVM—comparing languages, execution models, and ecosystems.