Onchain Privacy in Action: A Guide to vetKeys Use Cases
The goal of a truly private and decentralized web is taking a step forward. With the release of the vetKeys feature on the Internet Computer Protocol ($ICP) with the Niobium milestone, builders now have the tools to create a new wave of trustworthy onchain services, opening up a wide field of new dapps.
The open nature of blockchains is a great strength, but it clashes with the need for privacy in many use cases. This has long been a consideration in blockchain technology. As noted by Kristofer Lund, Developer Evangelist at the DFINITY Foundation, this has been a dealbreaker for many. “When you talk to a real-world person about building an application on the blockchain,” he says, “the conversation stops 100% of the time” the moment they learn that their data will be public. For many organizations, especially those dealing with legislation like the EU’s General Data Protection Regulation (GDPR), this makes building on a public blockchain impossible.
Now, vetKeys offers an answer to this concern.
### What Are vetKeys?
At its heart, vetKeys is about “being able to create cryptographic keys in a decentralized environment and transport them securely to the user,” as Kristofer puts it. He calls this a “game changer” because it solves the issue of how to keep information private on a public network.
In other words, vetKeys gives you the best of both worlds: you can use the trust and uptime of a public blockchain without having to make all your data public. It gives builders a toolkit to keep user information secret, even while it lives on a transparent network. Significantly, it also enables this without the need for a centralized party to manage keys.
The engine behind this is something called verifiably encrypted threshold key derivation (vetKD). To see how it’s used in practice, let’s walk through an example of the secure process that makes it possible:
1. **The Request:** A user, interacting with a dapp, generates a temporary, single-use “transport key pair” and gives the public part to the dapp’s smart contract, or canister, as they are called on the Internet Computer.
2. **Access Control:** The canister checks the user identity and, acting on the user’s behalf, requests that the nodes on the network derive a specific secret key for that user, a vetKey.
3. **The Derivation:** Each node in the network independently creates its own secret share of the final vetKey. Each node then encrypts its own share using the user’s transport key. These individual locked shares are then gathered and combined into a final, secure package for the user. Crucially, no single node ever has access to the full key, and the key itself is never exposed on the network.
4. **The Unlock:** Only the user, with the secret part of their original transport key, can decrypt the final derived vetKey on their own device. The user can also verify that the package is valid and hasn’t been tampered with before they even open it.
This setup makes ideas like identity-based encryption (IBE) practical to use. For example, in an encrypted chat app, you generally need to do some kind of key exchange. But with vetKeys, Kristofer explains, “we don’t need that anymore because I can derive your public key and we just use your username as the identifier.”
### What You Can Build with vetKeys
With vetKeys, smart contracts on the Internet Computer can act as gatekeepers. In other words, they can enforce rules for who can get a key and when. This powerful combination of vetKeys and canisters offers builders the chance to create a whole host of new applications. Here are just a few.
#### Personal Data Vaults and Secure Storage
vetKeys enables applications for purely personal privacy. This is a pattern Kristofer highlights as “just me deriving my own vetKey and transporting it securely to myself.”
In this model, you can build things like a secure onchain diary, a password manager, or a private notepad. The user derives a secret key based on their own unique identity, one only they can access. This allows them to encrypt their most sensitive personal data and store it on the blockchain with the confidence that they are the sole keyholder.
This solves a classic problem for dapps that handle sensitive files: how does a user access their encrypted documents across different devices without compromising their keys? By using vetKeys to derive a consistent key based on their identity, users can securely access their own data from any device, a critical feature for high-security document management.
#### Secure Communication and Collaboration
vetKeys allows for the building of systems where users can communicate and share information with complete privacy, with access control managed onchain.
As indicated above, a cornerstone use case is end-to-end encrypted chat. A builder can create a dapp where a user gets another person’s public key simply by using their username, writes them a secret message, and sends it. The person getting the message, after they prove who they are, can then get their own private key to read it. The canister acts as the gatekeeper, making sure only the right user can get their own key.
#### Time-Based Reveals
This feature unlocks applications where information is revealed only after a certain amount of time has passed, all enforced by the blockchain.
For auctions or votes, you may want bids to be kept secret so, as Kristofer puts it, “no one can take advantage of knowing someone else’s bids.” With vetKeys, bidders can lock their bids using a key tied to the closing time of the auction. When the time is up, the canister can get the key, unlock all the bids at once, and show the results.
Another key use case is for a dead-man’s switch. For instance, a journalist with confidential information could lock it with a key that has a timer. As Kristofer describes, “every 24 hours they need to go to the interface… press the button, and they will extend the time lock.” If they don’t, for whatever reason, the timer runs out, the key can be found, and the information is revealed to the world.
#### Fair Financial Systems
For the world of DeFi, vetKeys technology provides the tools to build applications that are shielded from front-running and other forms of market manipulation.
A major headache in DeFi is maximal extractable value (MEV). Because most blockchain transactions are broadcast to a public waiting room before they are confirmed, actors can see this information and exploit it for profit. By using vetKeys to encrypt the details of a trade, these actors are blinded. They cannot see the opportunity in the waiting room because the transaction’s content is kept secret until after it is finalized in a block.
This simple act of enforced privacy shuts down this entire avenue of exploitation, making DeFi fairer.
#### Provably Fair Randomness
vetKeys also empowers the creation of games or any system where the outcome needs to be both random and provably fair to all participants.
A great example is using vetKeys as a verifiable random function (VRF). This means it can create outcomes that are not only random but also can be checked by anyone to prove they are fair. This is key for honest casino games, lotteries, and rare item drops.
#### Secure Onchain Signatures and Interoperability
This technology gives smart contracts their own cryptographic “pen” to sign data, allowing them to interact authoritatively with other blockchains or prove facts to the outside world.
With vetKeys, a canister can instruct the nodes of its subnet to produce a standard BLS signature, which supports the aggregation of multiple individual signatures into a single compact signature, or can be used within multi-signature protocols.
This turns the canister itself into a decentralized signer. This feature is a key building block for a more interconnected and trustworthy multichain world, enabling a canister on the Internet Computer to sign a transaction that is then submitted to another chain, or to issue a verifiable onchain credential to a user, all without centralized bridges.
Chain Fusion already allows canisters to sign transactions. It uses other schemes, namely threshold ECDSA, Schnorr and EdDSA. With vetKeys, canisters now have an additional signature scheme at their disposal, opening up new possibilities for builders.
### The Ecosystem Is Already Building
Projects in the $ICP ecosystem are already exploring these possibilities, from secure messaging and file storage applications to new forms of decentralized governance.
One example is OpenChat, a community-owned chat application running on the Internet Computer. As Hamish Peebles, Co-Founder of OpenChat, describes, “OpenChat will support end-to-end encryption of messages using vetKeys. By using vetKeys, if a user loses their device, they will be able to securely regenerate their encryption key and regain access to their messages. This is not possible on any other encrypted messaging service.”
Another project integrating vetKeys is Diode.io. According to Hans Rempel, CEO of Diode.io, “with vetKeys, we can quickly store private data in a canister without having to first create out-of-band encryption methods. This allows us to move quickly while continuing to provide our users with self-custody, private means of connectivity and communication.”
Dominic Letz, Co-Founder and CTO of Diode.io, also highlights the value of vetKeys for user privacy. “All the data, even if it’s living in canisters, is completely end-to-end encrypted. We can’t read it, the $ICP guys can’t read it. It’s really only the owner of the data, only the users of the app, that can read their data and decrypt it.”
These examples demonstrate the immediate and practical value of vetKeys, and there is more to come.
Unleashing the power of vetKeys — first public demo and developer bounties
### A New Way of Thinking
While vetKeys opens up many doors, builders need to think in new ways to open them. As Kristofer warns, “if you approach it with a mindset that you will be able to build applications the same way that you do on Web2, then you will end up building them the wrong way.”
New ways of building are needed. Since storing data and making keys have onchain costs, apps that handle large files or need to change keys very often must be planned with care. The successful projects will use the strengths of the tech, finding smart ways of working with the opportunities it brings. A paid blog, for instance, could make one new key for all of its posts each month to keep costs down. Over time, Kristofer says, “these new design patterns will emerge.” The exciting thing is that these opportunities are there and waiting for builders to seize upon them.
### The Road Ahead
It is important to note where the privacy guarantee of vetKeys applies. It provides security for your data right up to the moment it is unlocked. Right now, for the best security, data should only be unlocked in the user’s web browser. Once a smart contract unlocks data, you can no longer assume that the information is private. “If you decrypt it in the canister,” Kristofer notes, “then it’s out in the open again.”
But this points to the next great leap: **Trusted Execution Environments (TEEs)**. With TEEs, a canister will be able to unlock data inside a safe, walled-off part of a node, work with it, and lock it back up without the node ever seeing the raw data.
When that day comes, Kristofer suggests that the door will open for “any and all regular Web2 enterprise use cases” to run with full privacy on a public blockchain.
The era of onchain privacy has truly begun. It’s time to start building.
Are you ready to start building with vetKeys? Explore the Developer Docs for guides and examples.
Onchain Privacy in Action: A Guide to vetKeys Use Cases was originally published in The Internet Computer Review on Medium, where people are continuing the conversation by highlighting and responding to this story.