vetKeys Encryption Technology
LongYear uses cutting-edge vetKeys technology for verifiably encrypted threshold key derivation, ensuring your whistleblower reports are protected by cryptographic guarantees.
What is vetKD?
At the core of vetKeys there is a cryptographic protocol called verifiably encrypted threshold Key Derivation (vetKD). To understand how vetKeys work, it's helpful to first unpack the meaning of each part of this protocol's name:
Key Derivation
A process to derive new cryptographic keys from an existing master key.
Threshold
The protocol uses threshold cryptography, meaning the master key is not held by a single party. Instead, it is split among multiple nodes. A quorum of nodes must cooperate to derive new keys.
Encrypted
Users can supply an encryption (transport) public key, which is used to securely deliver the derived key. The derived key is encrypted at all times, including during intermediate steps.
Verifiable
The protocol provides cryptographic guarantees that the encrypted derived key is correct and has not been tampered with. It's publicly verifiable that the derived key was correctly computed.
Protocol Overview
The Internet Computer integrates the vetKD protocol as a threshold key derivation service operated by vetKD-enabled subnets. The protocol involves three main actors:
Users
Typically interacting through a dapp frontend. They request derived keys and provide a public key for secure delivery.
Canisters
Perform access control and forward user requests to the vetKD protocol using the system API.
Subnet Nodes
Execute the key derivation protocol, each using its share of the vetKD master key.
How the Protocol Works
Transport Key Generation
The user generates a fresh key pair, referred to as a transport key pair. The public key is sent to the canister to be used for encrypting the derived key. The user may also supply input arguments that determine the derived key.
Access Control and Routing
The canister authenticates the user and enforces access control policies. If authorized, the canister invokes the vetKD system API, specifying context, input, transport public key, and master key ID.
Key Derivation
All nodes in the designated vetKD subnet run the threshold key derivation protocol. Each node computes an encrypted share of the derived key, and once a quorum is available, the shares are combined into a single encrypted derived key.
Verification and Decryption
The user verifies that the key is valid and corresponds to the provided context and input. If verification passes, the user decrypts the result using their private key.
Master Key Generation
To enable secure threshold key derivation, each vetKD master key is generated and maintained by the nodes of a dedicated subnet. For fault tolerance and resilience, the master key is also backed up on at least one additional subnet so it can be restored in the event of subnet failure or recovery.
Distributed Key Generation (DKG)
To eliminate single points of failure and ensure that the master key remains decentralized at all times, a distributed key generation (DKG) protocol is used. The Internet Computer uses Jens Groth's non-interactive DKG protocol, which offers several important advantages:
Why vetKeys Matter for Whistleblower Protection
This advanced cryptographic foundation ensures that your whistleblower reports are protected by mathematical guarantees, not just promises.
No Single Point of Failure
With threshold cryptography, no single node or entity can compromise your data. Multiple independent parties must cooperate, ensuring true decentralization.
Cryptographic Verification
Every encryption operation is verifiable, meaning you can mathematically prove that your data was handled correctly and hasn't been tampered with.