A quiet shift is taking place in blockchain. One that moves beyond speed, tokens, or hype. With the launch of vetKeys on the Internet Computer Protocol (ICP), developers finally have a way to build privacy-respecting applications on a fully public network—without needing centralised workarounds. vetKeys launched as part of the Niobium milestone, offering a cryptographic foundation for encrypted storage, secure messaging, privacy-preserving voting, and more.
The promise is simple: users can now generate cryptographic keys in a decentralised environment and receive them securely, with no one else—including the blockchain nodes—ever seeing the full key. For Kristofer Lund, Developer Evangelist at the DFINITY Foundation, this could help solve a longstanding problem. “The conversation stops 100% of the time,” he says, when regular people hear their blockchain data would be public. Regulations like GDPR have only made the issue more urgent.
vetKeys, short for verifiably encrypted threshold key derivation (vetKD), offers a way around this. It enables smart contracts on ICP—called canisters—to help users generate and retrieve private keys. These keys can then be used to encrypt and access personal data onchain. It’s private by design, not just by promise.
Here’s how it works. A user first generates a single-use transport key and shares the public part with a canister. That canister, acting on their behalf, asks the network to derive a unique vetKey for the user. The process is decentralised. Each node produces part of the final key, encrypts it with the user’s public key, and then contributes to a final package. Only the user, on their own device, can decrypt it. No single node ever sees the full key, and no key ever appears in plaintext on the network.
The potential applications range widely. From encrypted diaries to secure chats to provably fair lotteries, the common thread is that users remain in control of their own data. Smart contracts become the rule-setters—who gets a key, under what conditions, and when.
For personal data vaults, it means users can derive a key tied to their identity, letting them access encrypted documents across devices without trusting any single service. For end-to-end encrypted communication, it removes the need for traditional key exchange. With vetKeys, all a user needs is a recipient’s username.
Time-based reveal is another option. Think auctions, where sealed bids stay hidden until a preset time. vetKeys let developers lock bids with a future key. When the clock runs out, bids are unlocked all at once—fair and tamper-resistant. The same method could be used for whistleblowing or dead man’s switches, where information gets revealed only if someone stops checking in.
In DeFi, vetKeys could be used to blind trades until they’re confirmed, tackling front-running and MEV attacks head-on. Encrypting transaction details before submission shuts out bots and opportunists.
Then there’s randomness. Games, lotteries, and rare NFT drops depend on it. Using vetKeys as a verifiable random function allows developers to prove randomness in a way that’s tamper-proof and auditable.
But perhaps one of the most forward-looking uses of vetKeys is letting canisters act as decentralised signers. A canister can ask nodes to produce a BLS signature, letting it interact with other blockchains or issue credentials without needing bridges or custodians. This plays into ICP’s broader ambitions for multichain communication, as seen with Chain Fusion, which already supports other signature schemes like ECDSA and EdDSA.
Projects are already using vetKeys. OpenChat, a community-run messaging app on ICP, is integrating it to bring end-to-end encryption. “If a user loses their device,” says co-founder Hamish Peebles, “they will be able to securely regenerate their encryption key and regain access to their messages. This is not possible on any other encrypted messaging service.”
Diode.io is another adopter. CEO Hans Rempel notes vetKeys make it possible to store private data in canisters without relying on outside encryption methods. CTO Dominic Letz adds that even the developers can’t read user data: “It’s really only the owner of the data… that can read their data and decrypt it.”
Of course, the tool isn’t magic. Developers need to rethink how they build. Storing data and generating keys comes with onchain costs, so large files or frequently changing keys require careful planning. Kristofer Lund gives the example of a blog that could use one new key per month to keep overheads manageable. “If you approach it like a Web2 app,” he says, “you’ll build it the wrong way.”
Security, too, has limits. vetKeys keep data safe up to the point it is decrypted. Today, that decryption should happen in the browser, not on a smart contract. If it’s unlocked in a canister, privacy can’t be guaranteed. But future developments could close this gap. Trusted Execution Environments (TEEs)—hardware zones where data can be processed in isolation—could one day let canisters safely unlock and use private data without exposing it to the node.
That’s the longer-term direction. For now, the arrival of vetKeys marks a practical breakthrough. It opens the door for a real wave of dapps that take privacy seriously—without giving up on decentralisation.
It’s not about flashy new tokens or speculative gains. It’s about tools. vetKeys give developers a new way to think about trust, access, and ownership in the digital world. As the ecosystem begins to build with them, the results will speak for themselves.
Community Discussion