# Address Derivation

One of the most important properties of ZK Login is that your on-chain wallet address is **deterministic.** Meaning the same Gmail account will always produce the same address, regardless of which device or session you are logging in from.

#### How the Address is Derived

The address is derived by the Salt Service during the login flow, using the following inputs extracted from your verified JWT:

<table><thead><tr><th width="204.8984375">Input</th><th>Description</th></tr></thead><tbody><tr><td><code>iss</code> (Issuer)</td><td>Identifies the OAuth provider - e.g. <code>accounts.google.com</code></td></tr><tr><td><code>sub</code> (Subject)</td><td>Your unique, stable user ID assigned by the OAuth provider</td></tr><tr><td><code>salt</code></td><td>A unique value generated by the Salt Service, tied to your identity</td></tr></tbody></table>

These inputs are combined and hashed to produce a **deterministic wallet address** (`addr`). Because the `sub` value is a stable, provider-assigned identifier; not your email address, and the `salt` is never exposed on-chain, the resulting address cannot be reverse-engineered to reveal your identity.

#### Why This Matters

* **Consistency:** You always arrive at the same address when logging in with the same Google account, making your wallet recoverable without a seed phrase.
* **Non-custodial:** No centralized party holds your private key; the ephemeral key pair handles transaction signing, and address derivation is purely cryptographic.
* **Provider-agnostic by design:** The same derivation logic can accommodate multiple OAuth providers (Google, Apple, etc.), each producing a distinct address per provider.

{% hint style="info" %}
Your address is derived from your `sub` value, not your email address. Even if you change your Gmail address, your `sub` remains the same, meaning your on-chain address stays consistent.
{% endhint %}

{% hint style="warning" %}
If the salt is lost and cannot be recovered from the Salt Service, the address cannot be re-derived. Salt recovery depends on the availability and integrity of the Salt Service. This is an important operational consideration for both users and applications integrating ZK Login.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://wp.vola.network/docs/vola-architecture/zk-login-and-identity/address-derivation.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.