This section provides definition of common cryptography terms used through the ARK Ecosystem product landscape. You will learn the importance of your passphrase and how it translates to private key, public key and wallet address generation. We also explain some common encryption algorithms and encoding protocols.
The passphrase is the master password (key) for your ARK tokens. Every ARK address has its own unique passphrase. With the passphrase you can sign transactions to send your ARK or vote for a delegate.
Do not lose it, and do not share it with others, or you could lose access to your ARK tokens. If you lose your passphrase, or if it is stolen, there is nothing we can do to help you. We CANNOT recover any lost passphrases.
A passphrase is a "key to the castle." It is used to directly calculate the PrivateKey of an ARK account and should never be shared, stored irresponsibly, or transmitted over the internet. The only person that should ever have access to a passphrase is the owner of its account.
We can technically use any word, phrase, or string as a passphrase which will result in a valid ARK Address or Wallet; however, it is heavily discouraged as the security of an address relies on the randomness of its Passphrase. Humans are bad at creating randomness, and entering sequences of random letters and numbers isn't easy to do accurately.
To promote usability while also maintaining security, ARK passphrases are implemented using the BIP39 Protocol. Simply, it's a mnemonic sentence constructed via randomly chosen words from a large wordlist. From here, that sentence or "Passphrase" is piped through a series of hashing, curve, and encoding algorithms to derive a PrivateKey / WIF, a PublicKey, and subsequently Addresses / Wallets and Signatures.
The following examples will be using testfixtures from the ARK Core repo on GitHub.
â€‹Identities Test Fixtures:â€‹
{"data": {"privateKey": "d8839c2432bfd0a67ef10a804ba991eabba19f154a3d707917681d45822a5712","publicKey": "034151a3ec46b5670a682b0a63394f863587d1bc97483b1b6c70eb58e7f0aed192","address": "D61mfSggzbvQgTUe6JhYKH2doHaqJ3Dyib","wif": "SGq4xLgZKCGxs7bjmwnBrWcT4C1ADFEermj846KC97FSv1WFD1dA"},"passphrase": "this is a top secret passphrase"}
â€‹Message Test Fixtures:â€‹
const fixture = {data: {publicKey:"034151a3ec46b5670a682b0a63394f863587d1bc97483b1b6c70eb58e7f0aed192",signature:"304402200fb4adddd1f1d652b544ea6ab62828a0a65b712ed447e2538db0caebfa68929e02205ecb2e1c63b29879c2ecf1255db506d671c8b3fa6017f67cfd1bf07e6edd1cc8",message: "Hello World"},passphrase: "this is a top secret passphrase"};
â€‹
To learn more about randomness, visit the Wiki's on Randomness and Random Number Generationâ€‹
A PrivateKey is a 256bit integer represented by a 32byte Hexencoded string of 64 characters obtained via SHA256 hashing of a Passphrase.
To understand the significance of this large number, consider the following:
Passphrase:
"this is a top secret passphrase"
PrivateKey HEX (base 16) / SHA256 of Passphrase:
d8839c2432bfd0a67ef10a804ba991eabba19f154a3d707917681d45822a5712
PrivateKey DEC(base 10 encoded):
97932109907804210295451942024598204992707895659209392543371974078748689061650
The DEC representation is the "base 10" interpretation of our PrivateKey and gives us a little insight into the size of the numbers we're dealing with "under the hood". This large integer is also referred to as a "BigNumber" or UINT256.
WIF stands for "Wallet Import Format", and is a BASE58encoded PrivateKey prepended by a network prefixbyte (0xaa
for ARK Mainnet & Devnet Network).
It's essentially a more useable/humanreadable PrivateKey and should be treated with the same diligence with regards to storage and security.
A PublicKey is like an ID or Passport. It is a mathematical proof of identity and is derived from a PrivateKey via ECDSA and SECP256K1 computation.
ARK also uses "Point Compression" to obtain compressed PublicKeys that are 33bytes in length.
An ARK address is shareable much like an email address. It is the destination to which ARK tokens can be sent, and is obtained from a PublicKey via a combination of RIPEMD160 hashing and Base58Check encoding prefixed by a single network byte.
Since an address is derived from a PublicKey, that means it is also mathematically tied to a PrivateKey and Passphrase.
Network  dec  hex  Prefix  Example address 
Mainnet  30 



Devnet  23 



The following is a full prefixbyte table for custom Address construction and is provided for informational purposes. While this would not be used for ARK Mainnet or Devnet, it CAN be used for custom networks.
dec  hex  Prefix 


































































































































































































































































































































































Adapted from: https://en.bitcoin.it/wiki/List_of_address_prefixesâ€‹
A Signature is essentially proof that a message or transaction was "signed" by a particular PrivateKey / Passphrase.
Remember that this same PrivateKey also has a matching PublicKey. That means a Signature is computationally linked to its corresponding PublicKey using ECDSA and SECP256K1 standards.
ARK Signatures use DER Encoding.
â€‹ECDSA is a "Digital Signature Algorithm" variant based on and "Modular Arithmetic".
It is a standard to sign and verify transactions/messages and Signatures using Elliptical Curve Cryptography.
ECDSA Equation 
y2 = x3 + ax + b 
â€‹SECP256K1 defines the set of ECDSA parameters used to produce output "deterministically", meaning the same input will always result in the same output. Additionally, no two inputs will ever produce the same output; It is also hard to reverse. This is known as the Discrete Logarithm Problem and is the basis for Curve Cryptography.
Curve Parameters 
a = 0 
b = 7 
SECP256K1 Equation 
y2 = x3 + (0)x + (7) 
y2 = x3 + 7 
Can the reader say what two numbers multiplied together will produce the number 8616460799? I think it unlikely that anyone but myself will ever know.
~ William S Jevons, The Principles of Science, 1874
An ARK Signature is DER Encoded using BIP66 standards.
Upon obtaining a Signature from the ECDSA/SECP256K1 algorithm, it will first be in its raw form known as an "r" and "s" value.
Signature (r, s):
(0fb4adddd1f1d652b544ea6ab62828a0a65b712ed447e2538db0caebfa68929e, 5ecb2e1c63b29879c2ecf1255db506d671c8b3fa6017f67cfd1bf07e6edd1cc8)
In our example, the "r" and "s" values are each 32bytes in length. Each of the "r" and "s" sequence identifiers are also 1byte in length. Additionally, the slots for the size of "r" and "s" each occupy 1byte.
This means that the length of the "r" and "s" values is 64bytes. The (r,s) section identifiers and their sizes occupy a total of 4bytes.
The total length of our signature is 68bytes (0x44
in hex).
Identifier  Size (dec)  Size (hex) 
r sequence 


r size 


rvalue: 


s sequence 


s size 


svalue 


total length 


The very first byte of an encoded signature is the sequence identifier 30
.
To encode the (r, s) values, we place 30
as the leading byte, followed by the total signature length (0x44
in this example).
We then place the sequence identifier for "r" (02
), proceeded by the size of "r" in hex (0x20
), proceeded by the rvalue itself (0fb4adddd1f1d652b544ea6ab62828a0a65b712ed447e2538db0caebfa68929e
).
Finally, we place the sequence identifier for "s" (02
), proceeded by the size of "s" in hex (0x20
), proceeded by the svalue itself (5ecb2e1c63b29879c2ecf1255db506d671c8b3fa6017f67cfd1bf07e6edd1cc8
).
DER Encoded Signature:
304402200fb4adddd1f1d652b544ea6ab62828a0a65b712ed447e2538db0caebfa68929e02205ecb2e1c63b29879c2ecf1255db506d671c8b3fa6017f67cfd1bf07e6edd1cc8
â€‹Base58Check encoding is used to produce human readable/typeable text from a hash.
It is used to encode a PrivateKey and is also the final step to encoding an ARK address.
â€‹RIPEMD160 is a subset of the RIPEMD family of cryptographic hash functions.
As its name suggests, RIPEMD160 hashes are 160bits in length.
SHA256 is a subset of the SHA2 family of cryptographic hash functions.
As its name suggests, SHA256 hashes are 256bits in length.