TonProof
Extension to the TON Connect 2.0 protocol for cryptographic wallet-ownership verification. Used as Sign-in with TON: a dApp checks the private-key signature over a server-issued nonce message.
Aliases: ton proof, ton-proof, sign in with ton
TonProof is a cryptographic standard for proving TON wallet ownership, built on top of TON Connect 2.0. It solves the “how does the dApp server know the connected address actually belongs to the real owner, not just a claimant” problem.
Why it exists
Base TON Connect 2.0 returns wallet address + public key to the app on connection. Enough to render UI and request transaction confirmations, but not enough for authentication: any client can supply someone else’s address. The server can’t distinguish owner from observer.
TonProof closes the gap: the dApp asks the wallet to sign a message containing a server-issued nonce, and the server verifies the signature against the wallet’s public key. This turns TON Connect into a full Sign-in system.
What’s signed
Message structure per v2 schema:
- Prefix
ton-proof-item-v2/ - Wallet address (workchain + hash)
- Domain length + the dApp domain itself
- Timestamp
- Payload (= server nonce)
Then a hash with an additional ton-connect prefix is signed with the wallet’s ed25519 key.
Replay-attack protection
The nonce is a single-use string (32 bytes). After a successful verify the server blacklists it and won’t accept it again. Blocks reuse of an intercepted signature for impersonation login.
Where it’s used
- DeFi protocols and NFT marketplaces for login (replacing email/password)
- Telegram Mini Apps requiring user authentication
- Backend services associating actions with a specific wallet account
What it doesn’t do
TonProof proves ownership only at signing time. If the user loses the key after login and someone else gets it — TonProof can’t tell the new owner from the previous one. Extra layers (session timeouts, refresh tokens) remain the dApp’s responsibility.