# Accounts

LTO network supports multiple cryptographic algorithms for signatures and encryption.

| id | reference                                    | type                | curve      |
| -- | -------------------------------------------- | ------------------- | ---------- |
| 1  | [ed25519](/protocol/accounts/ed25519.md)     | EdDSA               | curve25519 |
| 2  | [secp256k1](/protocol/accounts/secp256k1.md) | ECDSA               | secp256k1  |
| 3  | [secp256r1](/protocol/accounts/secp256r1.md) | ECDSA               | secp256r1  |
| 4  | bls12-381                                    | BLS (pairing-based) | BLS12-381  |

## Creating the address

The public network address is obtained from the **(signature) public key** and network id. The method is the same regardless of the key type.

| # |    Field Name   |  Type | Length |
| - | :-------------: | :---: | ------ |
| 1 |  Version (0x01) |  Byte | 1      |
| 2 |    Network id   |  Byte | 1      |
| 3 | Public key hash | Bytes | 20     |
| 4 |     Checksum    | Bytes | 4      |

{% hint style="info" %}

* *Public key hash* is the first 20 bytes of the *SecureHash* of the public key. *SecureHash* is the hash function `sha256(Blake2b256(public_key))`.
* *Checksum* is the first 4 bytes of *SecureHash* of version, scheme, and hash bytes.
  {% endhint %}

Because the address contains the **network id**, different networks result in a different address for the same seed / public key.

| Network | Char | Byte |
| ------- | ---- | ---- |
| Testnet | T    | 0x54 |
| Mainnet | L    | 0x4C |

### Example

For public key

```
GjSacB6a5DFNEHjDSmn724QsrRStKYzkahPH67wyrhAY
```

for the mainnet network (network id 'T'), this key results in the following address

```
3JmCa4jLVv7Yn2XkCnBUGsa7WNFVEMxAfWe
```

### Derived identities

The blockchain address of derived identities is calculated from a public key, plus a secret. To calculate the public key hash, hmac is used, instead of a regular sha256 hash.

```
sha256_hmac(Blake2b256(public_key), secret)
```

Derived identity addresses are only used for [decentralized identifiers (DIDs)](/protocol/identities/decentralized-identifiers.md) and can't be used to sign transactions on the public blockchain.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.ltonetwork.com/protocol/accounts.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.