Symbol uses elliptic curve cryptography to verify data integrity and to authenticate a signer’s identity.

Key pair

Elliptic curve cryptography is based on key pairs: a private and a matching public key. In particular, Symbol uses the Twisted Edwards curve with the digital signature algorithm named Ed25519 and hashing algorithm SHA-512:

  • Private key: A random 256-bit (32 byte) integer used to sign entities known by the owner.
  • Public key: A 256-bit (32 bytes) integer derived from the private key. It serves as the public identifier of the key pair and can be disseminated widely. It is used to prove that an entity was signed with the paired private key.

The public key can be derived from the private key, but not the other way around.

Symbol keys

Key pairs are used in Symbol in different places, for different purposes. This is a summary of the keys used:

  • Main: This key pair manages a regular Account, containing assets like mosaics or namespaces.
  • Remote: This key pair manages the remote account used in Remote harvesting.
  • VRF: Required for harvesting.
  • Voting: Required for nodes participating in the Finalization process.
  • Transport: This key pair is used by nodes for secure transport over TLS.


As a rule of thumb, the private key in any key pair should be kept secret at all times. However, how bad is it to have a private key stolen?

Key Severity Impact
Main 🔴 HIGH Funds could be transferred to another account.
Remote 🟠 MED Harmless to the account or the node. Easily reverted by linking another remote account. An attacker grabbing a large number of remote keys could gain a lot of harvesting power, influencing which blocks are added to the blockchain.
VRF 🟡 LOW Harmless without the key used for harvesting.
Voting 🟠 MED Harmless to the account or the node. Easily reverted by linking another voting account. An attacker grabbing more than 50% of the network’s voting keys could influence block finalization.
Transport 🟡 LOW An attacker could steal harvesting delegations away from the node, but harmless otherwise.


All transactions are signed using a private key, producing 512-bit (64 byte) signatures.

As part of the regular workflow of the protocol, signatures are validated using the matching public key. This ensures the authenticity of the signer of an entity.


Symbol public keys can be shared in a shorter form as 39-character addresses.

First, a 24-byte triplet is built, consisting of:

  • A network-id byte.
  • A 160-bit (20 byte) hash of the account’s public key.
  • A 3-byte checksum, to allow the quick recognition of mistyped addresses.

Then, the whole string is Base32-encoded to produce the 39-character address.

It is possible to create an address without interacting with the blockchain. In fact, the blockchain only tracks addresses and public keys when they first appear in a transaction.

HD-Wallets and Mnemonics

Hierarchical Deterministic Wallets (HD-Wallets for short) can derive a series of accounts from a single seed account. This allows handling a group of accounts using a single key pair, greatly simplifying their management:

  • Only one key to protect.
  • Multiple accounts can be stored in a single QR code or mnemonic phrase.

A Mnemonic Phrase is human-friendly representation for a private key, composed of 24 random English words. Mnemonic phrases are sometimes used instead of private keys as they are easier for humans to remember and write down.

However, they are equivalent to private keys so it is critical that they are kept secret at all times. Even more so in the Symbol Desktop Wallet, where the mnemonic phrase encodes the seed account’s key.

See the NIP-6 document for technical details on Symbol’s mechanism to create HD Wallets.

Continue: Block.