Key pair

To control your account in the blockchain you need to have access to the seed or secret key. It is good practice to have a backup of the seed and therefore often a selection of words from a dictionary (seed phrases). The seed is then hashed and the resulting string of characters forms the secret key. Next a so called key pair is derived using a mathematical function. As the name suggests, the key pair consists of two keys: the secret key (also private key) and public key. For each key there is only one other matching key that is calculated by elliptic curve multiplication in Tezos. Similar to hashing, this only goes one-way. You can derive from a secret key the corresponding public key, but not the other way around. Every Tezos address of an implicit account starts with tz followed by either 1,2 or 3 and the hash of the public key. Originated accounts always start with capital letters KT.

The 3 signature schemes for implicit accounts depend on the elliptic curves used, in particular:

  • tz1 for Ed25519
  • tz2 for Secp256k1 (ECDSA)
  • tz3 for NIST P256 (ECDSA)
danger

Keep the seed and secret key always to yourself. Never share it with anyone, otherwise someone else will gain access to your account.

graph LR seed["Seed"]-->|hashing|secret["Secret Key<br>(Private Key)"] secret-.->|"⨂"|seed secret-->|elliptic curve <br>manipulation|public["Public Key"] public-.->|"⨂"|secret public-->|hashing|address["Address"] address-.->|"⨂"|public class seed,secret nodeDanger class public,address nodeWarning
alice: {
pkh: "tz1VSUr8wwNhLAzempoch5d6hLRiTh8Cjcjb",
sk: "edsk3QoqBuvdamxouPhin7swCvkQNgq4jP5KZPbwWNnwdZpSpJiEbq",
pk: "edpkvGfYw3LyB1UcCahKQk4rF2tvbMUk8GFiTuMjL75uGXrpvKXhjn"
}
tip

Do not mix up pk with private key. Common abbreviations in the Tezos ecosystem and often seen in .config files are:

  • pkh = public key hash
  • sk = secret key
  • pk = public key
Edit this page