Chain-key cryptography

Chain-key cryptography is the engine that lets the Internet Computer sign for itself. Each subnet has a stable public key; the corresponding private key is split into shares held by the nodes, and never reconstructed in one place. Signatures are produced by a threshold protocol — most nodes agree, the protocol emits a signature, and from outside it looks like a single trusted party.

This is what enables three otherwise-impossible things:

1. Self-signing canisters — a canister can ask the protocol to sign on its behalf. The result is a real signature that any external verifier accepts, derived from a key that no human ever held.
2. Native multi-chain interaction (Chain Fusion) — canisters can sign Bitcoin, Ethereum, and Solana transactions directly, without a bridge. Custody happens inside the protocol.
3. Stable subnet identity — subnets can rotate their underlying nodes without changing their public key, so an app’s external identity stays stable even as the hardware beneath rotates.

The protocol layer

The threshold scheme used is a derivative of BLS (Boneh-Lynn-Shacham) signatures, with modifications for the network’s specific needs: asynchronous consensus, dynamic subnet membership, and the ability to re-share secrets when nodes join or leave a subnet.

The cryptographic story is documented in the Document library under Technical Papers. Look for entries on DKG (distributed key generation), threshold ECDSA, and vetKeys.

Why it matters for the editorial framing

The chain-key engine is what justifies calling the platform “tamperproof.” There is no admin machine to compromise because there is no admin machine. Even if an attacker physically takes a node, they hold a fragment of every subnet key — useless on its own. The threshold protocol’s safety margin is configurable per subnet, but typically allows up to a third of nodes to be Byzantine-faulty without compromising signing.

Related

• Internet Computer Protocol — the network protocol the engine runs inside.