Cryptographic Primitives

Algorand Smart Contracts support the set of cryptographic primitives described in the table below. Each of these cryptographic primitives is associated with a cost, which is a number indicating its relative performance overhead compared with simple TEAL operations such as addition and substraction. Simple TEAL opcodes have cost 1, and more advanced cryptographic operations have a larger cost. Below is how you express cryptographic primitives in PyTeal:






SHA-256 hash function, produces 32 bytes



Keccak-256 hash funciton, produces 32 bytes



SHA-512/256 hash function, produces 32 bytes

Ed25519Verify(d, s, p)


1 if s is the signature of d signed by the private key corresponding to the public key p, else 0

EcdsaVerify(c, d, r, s, pk)


1 if (r, s) is the signature of d by private key corresponding to public key pk, else 0

EcdsaDecompress(c, short_pk)


produces the decompressed public key associated with the compressed public key short_pk

EcdsaRecover(c, d, id, r, s)


produces the public key associated with the signature (r, s) and recovery id id

* Ed25519Verify is only available in signature mode up to version 4 of TEAL. From version 5 upwards, Ed25519Verify can be used in any mode.

Note the cost amount is accurate for version 2 of TEAL and higher. The parameter c in the ECDSA expressions defined above represents the elliptic curve specification to be used (for example, Secp256k1).

These cryptographic primitives cover the most used ones in blockchains and cryptocurrencies. For example, Bitcoin uses SHA-256 for creating Bitcoin addresses; Algorand uses ed25519 signature scheme for authorization and uses SHA-512/256 hash function for creating contract account addresses from TEAL bytecode.