Developers Home»docs»Cryptography


This document offers a conceptual overview of the cryptography used in Substrate.

Hashing algorithms

Hash functions are used in Substrate to map arbitrary sized data to fixed-sized values.

Substrate provides two hash algorithms out of the box, but can support any hash algorithm which implements the Hasher trait.


xxHash is a fast non-cryptographic hash function, working at speeds close to RAM limits. Because xxHash is not cryptographically secure, it is possible that the output of the hash algorithm can be reasonably controlled by modifying the input. This can allow a user to attack this algorithm by creating key collisions, hash collisions, and imbalanced storage tries.

xxHash is used in places where outside parties cannot manipulate the input of the hash function. For example, it is used to generate the key for runtime storage values, whose inputs are controlled by the runtime developer.

Substrate uses the twox-hash implementation in Rust.


Blake2 is a cryptographic hash function. It is considered to be very fast and is also used in Zcash.

Substrate uses the blake2 implementation in Rust.

Public-Key cryptography

Public-key cryptography is used in Substrate to provide a robust authentication system.

Substrate provides multiple different cryptographic schemes and is generic such that it can support anything which implements the Pair trait.


Substrate provides an ECDSA signature scheme using the secp256k1 curve. This is the same cryptographic algorithm used to secure Bitcoin and Ethereum.


Ed25519 is an EdDSA signature scheme using Curve25519. It is carefully engineered at several levels of design and implementation to achieve very high speeds without compromising security.


SR25519 is based on the same underlying curve as Ed25519. However, it uses Schnorr signatures instead of the EdDSA scheme.

Schnorr signatures bring some noticeable features over the ECDSA/EdDSA schemes:

  • It is better for hierarchical deterministic key derivations.
  • It allows for native multi-signature through signature aggregation.
  • It is generally more resistant to misuse.

One sacrifice that is made when using Schnorr signatures over ECDSA is that both require 64 bytes, but only ECDSA signatures communicate their public key.

Next steps

Learn more



  • Take a look at the Hash trait needed for implementing new hashing algorithms.
  • Take a look at the Pair trait needed for implementing new cryptographic schemes.
Last edit: on

Was This Page Helpful?
Help us improve