Skip to main content

Key pair

TON Blockchain uses asymmetric cryptography, such as the Ed25519 signature scheme. There are multiple ways to derive a key pair from a mnemonic. Below is the most common approach in TON.
Some apps in the TON ecosystem may use a different derivation method, eventually producing an Ed25519-conformant key pair.

Key pair from a mnemonic

To transform a mnemonic phrase into a key pair, a seed is first derived using PBKDF2, and the key pair is then derived from that seed. PBKDF2 has five input parameters: PRF, Password, Salt, c, and dkLen. Each of those parameters is assigned a concrete value. The most commonly used values are:
ParameterDescriptionValue
PRFPseudo-random function of two parametersHMAC‑SHA512
PasswordMaster password from which a derived key is generated""
SaltSequence of bits, known as a cryptographic salt"TON default seed"
cNumber of iterations desired100000
dkLenDesired bit-length of the derived key64

Generate a key pair

TypeScript
import { mnemonicToPrivateKey, mnemonicNew } from "@ton/crypto";

// Replace with your own persisted mnemonic phrase (see note below).
const mnemonicArray = await mnemonicNew();

// derive private and public keys from the mnemonic
const keyPair = await mnemonicToPrivateKey(mnemonicArray); 

console.log("Public Key: " + keyPair.publicKey.toString('hex'));
console.log("Private Key: " + keyPair.secretKey.toString('hex'));
The private key is needed to sign messages, and the public key is stored in the wallet’s smart contract. When new external messages arrive on that smart contract, the public key would be used to check the authenticity of the messages signed using the corresponding private key.
ImportantSave the generated mnemonic seed phrase. If you need deterministic behavior during development, print and reuse the exact phrase so the wallet derives the same key pair on every run.

Mnemonic validation

  1. Check that all the words are from the list of BIP-39.
  2. If a password is used: the first byte of the derived seed computed with c = 1 and salt = 'TON fast seed version' must equal 0.
  3. If no password is used: the first byte of the derived seed computed with c = floor(100000/256) = 390 and salt = 'TON seed version' must equal 1.
Random mnemonic phrases are generated until PBKDF2 yields a seed whose first byte matches the expected version (0 for the ‘fast seed’ parameters, 1 for the ‘seed version’ parameters); then a valid mnemonic is returned.

Generate a mnemonic

TypeScript
import { mnemonicNew } from "@ton/crypto";

const mnemonicArray = await mnemonicNew(); 
console.log(mnemonicArray);
I