VETKeys - Privacy on the IC

Hey everyone, we wrote an explainer article on VETKeys that introduces some of the concepts in an detailed and interesting way. My expertise is limited, and although I read the paper, I’m not 100% sure everything is fully accurate. So please take a look, and if there are any errors, kindly point them out so I can correct them. This article is from Constellation Book - if you find it helpful, feel free to drop a GitHub star!

In the post, we aim to explain vetkeys and its use of threshold cryptography in a blockchain context. We cover topics like:

  • How vetIBE replaces the PKG with subnet nodes to derive keys from IDs in a distributed way
  • The use of transport keys for secure transmission of signature shards
  • Communication IDs for end-to-end encrypted messaging resistant to device compromise
  • How vetSIG, vetPRF, and vetVRF combine into the full vetKD system

Although we tried to present the concepts clearly, there may be inaccuracies since this emerging technology is complex. If parts are confusing or seem incorrect, please let us know so we can improve the explanations.

As a community, letting us know where our understanding needs to be refined is hugely valuable. We’re still early on the decentralized web3 journey - learning and growing together is the only way forward!

We hope posts like this on projects like vetkeys make cryptographic innovations more accessible. Understanding and constructive feedback mean a lot. If you find this useful, any GitHub stars on the Constellation Book repo are super appreciated!

Let us know your thoughts in the comments below!


In general E2EE messaging, it is feasible to directly derive the decryption key using the user ID and perform end-to-end encryption. However, if someone eavesdrops on the ciphertext and compromises the user’s device to obtain the decryption key, all previous ciphertext will be compromised. The security of the user’s ID becomes compromised in such a scenario.

If a temporary communication ID is generated through certain rules and the communication ID is changed daily, and messages are set to be ephemeral (self-destruct after being read), it will be more secure. Even if the device is compromised, it will not be possible to decrypt the previous ciphertext.

1 Like

Thank you Nash! This is really impressive. Would you like to do a primer talk on vetKeys in our upcoming ICP Dev Meetup in Wuhan?