My bitcoin wallet doesn’t actually hold my bitcoin. What it does is hold my bitcoin address, which keeps a record of all of my transactions, and therefore of my balance. This address – a long string of 34 letters and numbers – is also known as my “public key.” I don’t mind that the whole world can see this sequence. Each address/public key has a corresponding “private key” of 64 letters and numbers. This is private, and it’s crucial that I keep it secret and safe. The two keys are related, but there’s no way that you can figure out my private key from my public key.
That’s important, because any transaction I issue from my bitcoin address needs to be “signed” with my private key. To do that, I put both my private key and the transaction details (how many bitcoins I want to send, and to whom) into the bitcoin software on my computer or smartphone.
With this information, the program spits out a digital signature, which gets sent out to the network for validation.
This transaction can be validated – that is, it can be confirmed that I own the bitcoin that I am transferring to you, and that I haven’t already sent it to someone else – by plugging the signature and my public key (which everyone knows) into the bitcoin program. This is one of the genius parts of bitcoin: if the signature was made with the private key that corresponds to that public key, the program will validate the transaction, without knowing what the private key is. Very clever.
The network then confirms that I haven’t previously spent the bitcoin by running through my address history, which it can do because it knows my address (= my public key), and because all transactions are public on the bitcoin ledger.
Once my transaction has been validated, it gets included into a “block,” along with a bunch of other transactions.
Each block includes, as part of its data, a hash of the previous block. That’s what makes it part of a chain, hence the term “blockchain.” So, if one small part of the previous block was tampered with, the current block’s hash would have to change (remember that one tiny change in the input of the hash function changes the output). So if you want to change something in the previous block, you also have to change something (= the hash) in the current block, because the one that is currently included is no longer correct. That’s very hard to do, especially since by the time you’ve reached half way, there’s probably another block on top of the current one. You’d then also have to change that one. And so on.
This is what makes Bitcoin virtually tamper-proof.