David Kimura PRO said almost 3 years ago on Authentication from Scratch :
The authenticate method is an alias for some meta programming that's going on in the module that is included by has_secure_password.


  define_method("authenticate_#{attribute}") do |unencrypted_password|
    attribute_digest = public_send("#{attribute}_digest")
    BCrypt::Password.new(attribute_digest).is_password?(unencrypted_password) && self

  alias_method :authenticate, :authenticate_password if attribute == :password

So, it basically just calls BCrypt to check with the method is_password? if they are a match.