Native VetKeys Integration for End-to-End Encrypted Applications

[qwerty2000]

Problem Statement

Currently, developers building privacy-focused applications on Juno that require verifiable end-to-end encryption need to deploy and manage a separate canister to access the Internet Computer's VetKeys (Verifiably Encrypted Threshold Key Derivation) system APIs. This adds complexity, deployment overhead, and additional costs.

Use Case

Developers building privacy-first applications on Juno need to:

• Encrypt user data end-to-end with cryptographic guarantees
• Enable secure data sharing between users using Identity-Based Encryption (IBE)
• Provide cryptographic verifiability that encrypted data hasn't been tampered with
• Offer threshold security where keys are distributed across IC nodes (no single point of failure)

Current Workaround

Deploy a separate KeyManager canister that wraps VetKeys system APIs:

# Deploy DFINITY's KeyManager template
git clone https://github.com/dfinity/vetkeys.git
cd vetkeys/examples/key_manager
dfx deploy --network ic key_manager

Drawbacks:

• Additional deployment complexity
• Separate canister to manage and provision with cycles
• Not integrated with Juno's developer experience
• Extra infrastructure to maintain

Proposed Solution

Add native VetKeys support to Juno Satellites, similar to how Datastore and Storage are currently integrated.

API Design Example:

import { VetKeys } from '@junobuild/core';

// Get encrypted VetKey
const vetkey = await VetKeys.getVetkey({
  owner: userPrincipal,
  keyName: "resource:123"
});

// Share access with another user
await VetKeys.setUserRights({
  owner: userPrincipal,
  keyName: "resource:123",
  user: recipientPrincipal,
  rights: { ReadWrite: null }
});

Implementation Approach:

In Satellite Motoko code:

import IC "mo:base/ExperimentalInternetComputer";

public shared func getVetkey(
    owner: Principal,
    keyName: Blob
) : async Blob {
    let result = await IC.vetkd_derive_encrypted_key({
        derivation_path = [keyName];
        key_id = {
            curve = #bls12_381;
            name = "production_key_1";
        };
        encryption_public_key = transportKey;
    });
    return result.encrypted_key;
};

Benefits

For Juno Users:

• ✅ Zero additional infrastructure - works out of the box
• ✅ Integrated with Juno's cycles management
• ✅ Simplified deployment (one juno deploy instead of multiple canisters)
• ✅ Consistent developer experience with other Juno features
• ✅ Built-in best practices and security

For the IC Ecosystem:

• ✅ Makes advanced cryptography accessible to more developers
• ✅ Showcases Internet Computer's unique capabilities (threshold cryptography)
• ✅ Enables new categories of privacy-preserving applications
• ✅ Competitive advantage vs. other Web3 platforms

Use Cases:

• 🔒 End-to-end encrypted messaging and collaboration tools
• 📝 Privacy-first document and content management
• 🏥 Healthcare applications requiring HIPAA compliance
• 💰 Financial applications needing verifiable encryption
• 🔐 Password managers and secret storage
• 📊 Encrypted analytics and reporting
• 🎯 Any application requiring zero-knowledge privacy

Technical Considerations

Cycles Cost:

• VetKey derivation: ~1M cycles per request (~€0.0013)
• For 1000 active users: ~€1-2/month
• All subsequent crypto operations are client-side (free)

Client-Side Integration:
The @dfinity/vetkeys package already provides utilities for:

• Transport key generation
• VetKey decryption
• Symmetric key derivation
• AES-GCM encryption/decryption
• Identity-Based Encryption (IBE)

Security:

• VetKeys are cryptographically verifiable
• Threshold security (no single point of failure)
• Keys never leave IC in plaintext
• Automatic key rotation support

Alternatives Considered

1. Deploy separate KeyManager canister (current workaround)

• ❌ Extra complexity
• ❌ Additional costs
• ✅ Works, but not ideal DX

2. Use only client-side encryption (e.g., AES-GCM)

• ✅ Simple
• ❌ No IBE (can't encrypt for unknown recipients)
• ❌ No verifiability
• ❌ No threshold security

3. Third-party encryption service

• ❌ Centralized trust
• ❌ Additional vendor lock-in
• ❌ Doesn't leverage IC's unique capabilities

Why This Matters

Privacy-preserving applications are a key differentiator for Web3. The Internet Computer's VetKeys feature is unique in the blockchain ecosystem, offering threshold cryptography that's not available on other platforms. Making this accessible through Juno would:

• Lower the barrier to entry for developers building privacy-first dapps
• Enable new categories of applications that weren't previously feasible
• Strengthen Juno's position as the go-to platform for serious privacy applications
• Showcase IC's advanced cryptographic capabilities to a wider audience

References

• [VetKeys Overview](https://internetcomputer.org/docs/references/vetkeys-overview)
• [VetKeys GitHub](https://github.com/dfinity/vetkeys)
• [@dfinity/vetkeys npm package](https://www.npmjs.com/package/@dfinity/vetkeys)
• [KeyManager Example](https://github.com/dfinity/vetkeys/tree/main/examples/key_manager)

Community Interest

This feature would significantly benefit developers building privacy-focused applications on Juno. The current workaround (deploying a separate canister) adds unnecessary complexity that could be eliminated with native integration.

Would you consider adding this to the Juno roadmap?

---

Labels

enhancement, feature-request, crypto, security, privacy