ED25519 is a public-key signature system based on elliptic curve cryptography. It uses the elliptic curve known as Curve25519 and the EdDSA (Edwards-curve Digital Signature Algorithm) scheme.

ED25519 offers strong security, high performance, and resistance to various cryptographic attacks, making it suitable for applications such as digital signatures, authentication, and secure communication protocols.

Creating a private key from seed

A seed string is a representation of entropy, from which you can re-create deterministically all the private keys for one wallet. It should be long enough so that the probability of selection is unrealistic and negligible.

In fact, seed should be an array of bytes but for ease of memorization, the LTO wallet uses a mnemonic seed phrase, to ensure that the seed is made up of words and easy to write down or remember. The application takes the UTF-8 bytes of the string and uses them to create keys and addresses.

For example, seed string

manage manual recall harvest series desert melt police rose hollow moral pledge kitten position add

after reading this string as UTF-8 bytes and encoding them to Base58, the string will be coded as


A seed string is involved with the creation of private keys. The nonce' field is an integer prepended to the seed bytes. Typically, this value is initially 0 and increases every time you create the new address.

We use this array of bytes to calculate the hash sha256(blake2b256(bytes)). This resulting array of bytes called the account seed. From the account seed, you can deterministically generate a private and public key pair.

Use NaCl or sodium to create an account from the account seed.


Brainwallet seed string

manage manual recall harvest series desert melt police rose hollow moral pledge kitten position add

As Base58 encoded byte array


Account seed bytes with nonce 0 before apply hash function (Base58 encoded)


Account seed sha256(blake2b256(account seed bytes)) (Base58 encoded)


Account seed after sha256 hashing (optional, if your library does not do it yourself)


Alternative methods

Using the method based on the account seed, ensure that the seed phrase is compatible with the LTO wallet. However, it's not required to use this method.

The seed is not needed for signing, only the private key. The key can be generated through other means, for instance using OpenSSL genkey.



Created private key using the account seed 93d...S1v.


Created public key



It's possible to convert an ED25519 key into an X25519 key, which can be used for signing.

This is a public key encryption schema, where the public key is used to encrypt data and the private key is used to decrypt data.

Convertion functions are available in libsodium, but not in other nacl libraries. You may need to find a library for your platform that can do this, or implement it yourself.


Created private key using the account seed 93d...S1v.


Created public key


Last updated