Threshold Key Derivation - Privacy on the IC

Hi @lastmjs, we recently started thinking again about integration, we should be able to give an update in the next weeks.

If I understand your use case, you mainly need an encryption key to transfer the token to the canister, since you then rely on SEV-SNP for storing the secret. One thing to notice is that the canister has to generate some (ephemeral) transport key pairs to get the encrypted key from the nodes running vetkd. So you could as well use the transport key to transfer the token to the canister directly, without relying on vetkd. The main advantage I see with vetkd is in the simplification of the key management on the canister: the canister does not need to generate and announce the long term public keys (it only generates some ephemeral keys), long term encryption keys for the canister could be computed publicly from a master public key.