What are vetKeys?
vetKeys (verifiably encrypted threshold keys) on the Internet Computer (ICP) make it easier for developers to implement encryption, threshold decryption, and threshold signing in their dapps. They are powered by the vetKD (verifiably encrypted threshold key derivation) protocol, which enables secure, on-demand key derivation. With vetKeys, a public blockchain like ICP can hold and work with secret data securely.
The goal of vetKeys is to simplify the use of security and privacy tools on ICP. Encrypting data locally and storing it onchain is straightforward, since the secret key stays on the device. However, challenges arise when a user wants to access that data from another device or share it with someone else, as there’s no easy, privacy-preserving way to transmit secret key material across public channels. vetKeys solve this by enabling secure, on-demand key access without exposing secrets.
Why are they called "vetKeys"?
Verifiable: Users can verify the correctness of the derived vetKeys and that they have not being tampered with.
Encrypted: The derived vetKeys are encrypted under a user-provided transport key. This ensures that neither individual nodes nor the network ever have access to user’s private vetKeys.
Threshold: vetKeys are derived in a distributed manner, requiring the contribution of a threshold of nodes in a subnet. No single node ever sees the derived vetKeys, ensuring that no central authority can derive or reconstruct them.
Keys: Key material that can be used to further derive strong cryptographic keys, such as encryption and signature keys.
The availability of vetKeys allows for a variety of applications, including but not limited to those covered in the following sections.
Distributed key management service (DKMS)
Managing user keys, especially in multi-device and multi-user settings, is notoriously complex and error-prone. vetKeys enables the development of DKMSs that let users easily generate, retrieve, and share cryptographic keys across devices and with other users. By offloading key derivation to subnet nodes without ever exposing the keys, vetKeys simplifies key distribution. Moreover, because threshold key derivation is deterministic, users can reliably retrieve their keys on demand without having to explicitly store them anywhere.
Encrypted onchain storage
A core application of DKMS is the generation of encryption keys for securing data, whether stored in a canister, on another blockchain, or off-chain entirely. With vetKeys, these keys can be securely shared across devices and between users, enabling powerful privacy-preserving use cases. This includes private storage solutions, end-to-end encrypted messaging, password managers, and collaborative applications operating on confidential data.
Threshold BLS signatures
Chain Fusion technology allows canisters to natively interact with other blockchains, such as Bitcoin or Ethereum, without relying on external bridges or trusted intermediaries. This is made possible through threshold signature schemes, which enable canisters to instruct subnet nodes to collectively compute ECDSA, Schnorr and EdDSA signatures. vetKeys extends this capability by introducing a new threshold signature scheme to canisters: threshold BLS signatures. BLS signatures are particularly well-suited for multi-chain applications due to their compact size and efficient aggregation properties. By supporting threshold BLS, vetKeys further enhances ICP’s interoperability, empowering canisters to participate in more advanced multi-chain dapps and protocols.
The corresponding documentation will be added soon.
Identity-based encryption (IBE)
vetKeys enables IBE, allowing data to be encrypted directly to an identity, such as a principal, an Internet Identity, an email address, or even an Ethereum address. This makes it possible to encrypt data for a specific user or account, even if that user has never previously interacted with the dapp. By authenticating with the dapp using their identity, the user can securely retrieve their decryption key and access the data.
Compared to DKMS, IBE works differently. In DKMS, one or more users share the same symmetric key, and only those users can encrypt and decrypt data using that key. In contrast, IBE is an asymmetric encryption scheme. Anyone can encrypt messages to a given identity, including other users or canisters, but only the holder of the corresponding decryption key can decrypt them.
The corresponding documentation will be added soon.
Timelock encryption
A special variant of IBE is called timelock encryption. It allows a sender to encrypt to a specific timestamp, ensuring that the recipient can only decrypt after the specific time has passed. Canisters can enforce this time-based access control by requesting threshold decryption of a ciphertext only after a predetermined expiry time, keeping sensitive information secret until the appropriate moment. This makes it possible to implement time-sensitive applications, like secret-bid auctions, time-locked documents, dead-man switches, and delayed reveal NFTs. Timelock encryption also serves as a key building block for protecting against maximal extractable value (MEV). By keeping transaction details confidential until after block inclusion, it prevents adversaries from doing front-running and reordering of transactions.
The corresponding documentation will be added soon.
Externally verifiable randomness
vetKeys can also function as a Verifiable Random Function (VRF). This means that canisters can generate randomness that is not only unpredictable and tamperproof but also publicly verifiable. Trusted randomness is a critical building block for a wide range of decentralized applications, including trustless online lotteries, fair casino games, and GameFi experiences where outcomes must be demonstrably fair. It also plays a key role in NFT ecosystems, for example, in assigning randomized traits or rarities during minting, or enabling dynamic, chance-based in-game interactions.
The corresponding documentation will be added soon.