What exactly is an authentication (auth) key?

#Aptos blockchain offers support for both single-signer and multi-signer accounts. In the case of multi-signer accounts, which are similar to joint bank accounts, a single account represents multiple parties, and transactions need signatures from all parties involved.

So, how is a multi-sig account represented? Unlike single-signer accounts that use a single (private key, public key) keypair, multi-sig accounts use the keypairs of all the accounts that are part of the multi-sig, and thus do not have a single public key. To represent the account, we need a key that encapsulates the public keys of all users involved, and that is where authentication keys come into play. In essence, auth keys are created by hashing the concatenation of all public keys of users involved. For further details, you can refer to the official documentation.

Authentication keys are also present for single-signer accounts, although they are somewhat redundant since a public key can do the same job. However, using auth keys ensures consistency across all types of accounts, and can be seen as a generalized public representation of a private key.

Have you ever experienced compromised passwords?

Passwords can be compromised for various reasons, just as private keys can be. For instance, if you store your private key in third-party storage and the third party is hacked, your information (including your private key) may be compromised.

In such a situation, what can be done? In the case of usernames and passwords, we can change our passwords periodically to ensure the safety of all our accounts. However, changing private keys is not as simple as changing passwords. A fresh pair of public and private keys can be used to create a new account and transfer all assets to it, but this process involves transferring assets and updating contact details with the new public key in the blockchain.

Aptos supports key rotation, allowing private and public keys to be changed. However, updating contact information may still be a problem. That is where the account address comes into play. Address stays the same after key rotation, representing your account, and allowing others to send you assets using the same address. Although the authentication key is tied to the public keys and changes with it, addresses are not changed and continue to represent your account.

Note: On construction, the address is kept the same as authentication, but there is no dependency between the two; it’s just initialization.

My discord name — shef198911#9095