Skip to main content
T TON Adoption
RU
← Glossary
NODE/03 · Term

Public key

The open half of an asymmetric key pair. TON uses Ed25519, with 32-byte public keys; the wallet address is derived deterministically from this key. Can be published safely without risking the private key.

Aliases: pubkey, open key

Public key is the open half of a cryptographic key pair. TON uses Ed25519: the public key is 32 bytes (256 bits), computed from the private key by multiplying it with the curve’s base point.

What you can do with a public key

  • Verify signatures. Anyone with the public key can confirm that a transaction or message was signed by the corresponding private key — no access to the private key required.
  • Derive the wallet address. A TON address is essentially a hash of the smart contract’s StateInit, which embeds the public key. Knowing the public key and the contract version (v3, v4, v5), all possible addresses can be enumerated.
  • Encrypt messages (in theory — TON’s actual message-encryption mechanisms are separate primitives).

What you cannot do: spend funds, sign transactions, or recover the private key. Recovering a private key from a public Ed25519 key is computationally infeasible — the operation is one-way.

Relationship to the address

A TON address is workchain:hash(StateInit), and StateInit includes the contract code plus its initial data (which contains the public key). This means:

  • One public key → different addresses across contract versions (v3R2, v4R2, v5R1).
  • Changing the contract without changing the key is the standard “wallet migration” flow.
  • Changing the key requires a new mnemonic — there is no key rotation without a new seed.

When it becomes visible

The public key is exposed to the network on the first outbound transaction from a wallet, where it ships with the signature. Before the first transaction (the contract deploy), the public key exists only on the user’s side; the chain only sees the address.

This gives a small privacy / quantum-resistance edge: an address that never sent a transaction has not leaked its public key. In current networks this is more of a curiosity than a real defence.

Where it shows up in UIs

The public key is normally hidden from users — wallets surface only the address. In advanced flows (multisig, manual contract deploys, third-party signature verification) it appears in Tonscan or Tonviewer as the pubkey field of the contract data.

Related terms