Accounts cryptography

Private Key

In IoTeX, the accounts Private Key is generated as 64 random hex characters, e.g.:


And the corresponding Public Key is derived from the private key using ECDSA with the secp256k1 curve, which is the same as Ethereum.

Given a signed message, you can recover the public key of the signing account using Ecrecover, also defined in solidity for signature verification in smart contracts.

Address Construction

An IoTeX native representation of an account address like:


can be constructed using the following steps:

1. Generate a random private key as 64 random hex characters

privKey =


2. Calculate the corresponding public key using secp256k1 elliptic curve

pubKey := keccak256k1(privKey) =


3. Apply keccak256 hash function to the public key, excluding the first byte

hash := keccak256(pubKey[1:]) =


4. Take the last 20 bytes of the hash

payload := hash[12:] =


this is the "byte representation" of the address

5. Convert the byte representation to 5-bit encoding (base32)

2, 17, 31, 8, 0, 23, 4, 5, 17, 1, 0, 0, 19, 4, 12, 16, 28, 8, 4, 13, 15, 8, 2, 10, 14, 19, 25, 10, 1, 10, 22, 8

See a go lang implementation for the 5-bit conversion implementation or a nodejs package (use toWords() to convert a bytes array into 5-bit words).

6. Apply the bech32 encoding on the 5-bit payload with the io prefix

address :=


See a go lang implementation for the bech32 encoding implementation or a nodejs package (use encode to encode 5-bit words with a prefix).

Last updated