Comment on page


Learn how to create and manage STARK keys.

What are STARK keys?

STARK keys are a key pair used for cryptographic operations within the Arc system. The key pair consists of a private key and a public key, both of which are defined on a STARK-friendly elliptic curve distinct from the standard Ethereum elliptic curve. The STARK public key represents the X coordinate of a point on the STARK curve, whereas the private key is a secret number that the user must keep confidential.
The STARK key pair is an ECDSA key pair on the STARK curve. More info on the cryptography used in Arc is available in Starkware's documentation.
The public key can be distributed to anybody and is used to validate the authenticity of messages signed with the private key. In other words, the public key identifies the user publicly and may be used to validate the authenticity of signed messages.
On the other hand, the private key must be kept secret by the user. It is used to sign system operations, which are validated against the user's public key submitted at the time of registration. Any operations on Arc involving the manipulation of user funds must be signed by the private STARK key connected with the user's public key. This guarantees that only the owner of the private key may authorise such operations, ensuring self custody of assets at all times.
Never share your private STARK key! All interactions with the Arc system require either a STARK signature or the public component of the STARK key pair.

Creating STARK keys

The recommended process for creating STARK keys in the Arc system involves generating a key pair based on a signature on a deterministic message using the user's Ethereum key, as explained in the following steps.
  1. 1.
    The user signs a tenant selected message using their Ethereum keys. When using wallets, such as MetaMask, it is recommended to use EIP-712 to provide transparency to the user when they are signing the message.
  2. 2.
    The Ethereum ECDSA signature (r,s,v) is passed to the grinding algorithm that deterministically outputs the STARK key pair based on the input.
The following examples illustrate the process of STARK key creation using the Arc platform SDKs:
// -- Derivating a STARK Account from an Ethereum Signature --
// Import the NEthereum SDK to make use of the Accounts class and the EthereumMessageSigner
// Using StarkEx C# Crypto SDK, instantiate the following classes
var StarkCurve StarkCurve = new();
var IStarkExSigner StarkExSigner = new StarkExSigner(StarkCurve);
public StarkAccount GenerateStarkAccount(Account ethereumAccount)
// -- Step 1: Compute ECDSA signature --
// This message is chosen by the Tenants and should be the same for all users, to guarantee deterministic outputs
const string message = "Message chosen by the Tenants";
var signer = new EthereumMessageSigner();
var signature = signer.EncodeUTF8AndSign(message, new EthECKey(ethereumAccount.PrivateKey));
var signatureModel = signature.ToSignatureModel();
// -- Step 2: Generate STARK keys --
return StarkExSigner.GetStarkAccountFromEthSignature(signatureModel);
private static SignatureModel ToSignatureModel(this string signatureString)
var normalizedSignature = signatureString.RemoveHexPrefix();
return new SignatureModel
R = normalizedSignature[..64],
S = normalizedSignature.Substring(64, 64),