Overview
Here are the key components of IoTeX’s account cryptography:-
Elliptic Curve Digital Signature Algorithm (ECDSA):
- Private Key: IoTeX accounts are secured using private keys, which are 256-bit random numbers. The private key is known only to the account owner and is used to sign transactions.
- Public Key: The public key is derived from the private key using the secp256k1 elliptic curve. The public key is then used to generate the IoTeX address, which can be both in the format of an Ethereum address (starting with “0x…”) or a native IoTeX address (starting with “io1…”).
-
IoTeX Address:
- The IoTeX address can be generated like an Ethereum address, derived from the public key by taking the last 20 bytes of the Keccak-256 hash of the public key. This address is a unique identifier for the account on the IoTeX network.
-
Keccak-256 Hash Function:
- IoTeX uses the Keccak-256 cryptographic hash function (often referred to as SHA-3) for various purposes, including generating addresses from public keys and ensuring data integrity.
-
Digital Signatures:
- Transactions in IoTeX are signed with the account’s private key using ECDSA. The digital signature ensures that the transaction was created by the account owner and has not been altered. Nodes in the network can verify the signature using the corresponding public key.
-
Nonce:
- Each account has a nonce, which is a counter that keeps track of the number of transactions sent from the account. The nonce prevents replay attacks by ensuring that each transaction can only be processed once.
-
Account Encryption:
- While not a part of the core protocol, encryption is often used to protect private keys. Wallets and other storage solutions typically encrypt private keys to prevent unauthorized access.
-
Secure Key Storage:
- Hardware wallets and other secure storage solutions use additional cryptographic techniques to protect private keys from being compromised.
Private Key
In IoTeX, the account Private Key is generated as 64 random hex characters, e.g.:Native Address Construction
An IoTeX native representation of an account address looks like:keccak256 hash function to the public key, excluding the first byte:
See a go lang implementation for the 5-bit conversion implementation or a nodejs package (use
toWords() to convert a bytes array into 5-bit words).io prefix to obtain the address:
See a go lang implementation for the bech32 encoding implementation or a nodejs package (use
encode to encode 5-bit words with a prefix).
