· 6 min read

Human Keys – How They Work and Why They’re the Future of Secure Digital Identity

Human Keys – How They Work and Why They’re the Future of Secure Digital Identity

Human Keys – How They Work and Why They’re the Future of Secure Digital Identity

The Need for a New Approach to Key Management

In Part 1, we explored key management, the challenges of securing private keys, and how Holonym’s Mishti Network, enables protected self custody of wallets without leaning in on any centralized mechanism, thereby abstracting key management and simplifying authentication. Human Keys combines the security of Public Key Infrastructure with the familiarity of everyday inputs like passwords and biometrics for private key generation. 

Building on that foundation, this part delves deeper into the mechanics of Human Keys—how they work, how they are set up, and why they represent the best option for secure digital digital interactions and identity management.

Human Keys redefines digital access, as highlighted in a recent media feature

“Human Keys, on the other hand, takes a less intrusive, user-first approach. Instead of requiring specific biometric scans, the system works with various forms of human-verified data, giving users more autonomy. Such flexibility makes Human Keys more adaptable to different cultural and personal preferences regarding privacy” 

What Are Human Keys?

Human Keys are a novel concept introduced by Holonym Foundation that allow users to generate secure private keys using familiar, human-friendly inputs. Unlike traditional private keys, which are typically generated from random seed phrases, Human Keys derive their security from inputs that users already know and use regularly, such as passwords, email addresses, or biometric data. 

What is identity can differ from individuals. Human Keys takes a plural approach. 

The key innovation behind Human Keys is their ability to transform these low-entropy inputs into high-entropy private keys that are resistant to brute force attacks. This is achieved through an advanced cryptographic techniques threshold Verifiable Oblivious Pseudorandom Function (tVOPRF) used in Holonym’s Mishti Network. This approach makes key management more intuitive for users while maintaining the high level of security required for interaction and self custody of digital assets and identities.

Entropy Secures Private Keys

Entropy is a measure of randomness or unpredictability in a system. In cryptography, high entropy is crucial for generating strong private keys that are resistant to guessing or brute-force attacks. The security of private keys directly correlates with their entropy level.

While familiar authentication methods like passwords, security questions, and biometrics are user-friendly, they often suffer from low entropy. Passwords have predictable patterns on personal information, security questions can be socially engineered, and contrary to the popular belief biometrics like face and palm scans have lower entropy than commonly thought.

Modern technologies, including machine learning and quantum computing, can potentially crack these low-entropy systems. The misconception of biometrics as high-entropy is particularly dangerous, as they can be compromised.

How Human Keys Work: The Technical Backbone

At the core of Human Keys is the idea that secure private keys can be generated from inputs that are easy for users to remember and manage. However, because these inputs—such as passwords—typically have low entropy, they need to be transformed into something much more secure. Here’s how this process works:

  1. Input Collection: The user provides a familiar input, such as a password or biometric data, which is easy to recall for seamless authentication, reducing the risk of losing access. If the input is forgotten, it can be securely recovered in a trustless setup without relying on centralized authorities.
  2. tVOPRF Transformation: The provided input becomes the seed for generating a high-entropy private key by  running a threshold Verifiable Oblivious Pseudorandom Function (tVOPRF). 

Key Components:

Privacy Consideration during Key Generation:

  1. The user's data is masked before being sent to the network, ensuring that no node can see the actual input.
  2. The network performs computations on this masked data.

Why Mishti as an Actively Validated Service

EigenLayer expands the capital efficiency of ETH by using staked ETH to provide economic security for services built on top of it. Currently, with 3.64 million ETH and 70 million EIGEN restaked (totaling $9.1 billion), EigenLayer’s economic security makes it an ideal foundation for Mishti, particularly as Human Keys address the critical issue of private key management.

Given that Personally Identifiable Information (PII) is used in creating Human Keys, Mishti leverages EigenLayer's continuous validation and anti-collusion design. This ensures a secure environment for processing sensitive data, with no single node having access to all the information.

EigenLayer’s dual-token system supports on-chain verifiability for objective problems and community-driven resolution for subjective issues. This, combined with decentralized governance, the reputation of EigenLayer operators, and alignment with Ethereum’s ethos, makes EigenLayer a strong fit for Mishti.

Setting Up and Using Human Keys

The easiest explanation is that it has the same steps as using google with Oauth. 

Step by step explanation here:

For example, a user could sign up via Silk, Holonym’s onboarding wallet, which uses the Mishti Network for key derivation and recovery:

Why Human Keys are secure

When it comes to security, Human Keys offer several key advantages over traditional methods:

  1. High Entropy and Resistance to Attacks: Despite being generated from low-entropy inputs, Human Keys are highly secure due to the tVOPRF transformation. This ensures that the resulting private key has a high level of randomness, making it resistant to brute force attacks.
  2. Decentralized:  The OPRF on Mishti computes on sign up and every subsequent sign in for deriving the key. Given the high stakes, the network is deployed as an AVS on Eigen Layer, and Mishti has successfully onboarded several operators, and others in the pipeline to secure Human Keys. 
  3. Zero-Knowledge Proofs for Privacy and anti collusion: Nodes provide ZKPs on their computation for integrity, and users send their masked input in a ZKP to derive keys on the network for privacy. 
  4. User Controlled MPC: The private key generated on Mishti is shared with the user and a network through Ika’s 2PC-MPC (Two-Party Computation Multi-Party Computation). This ensures user sovereignty for all transactions, and protection from the network by designing transaction logic and policy engines to combat any single point of failure. 

Comparison with Other Key Management Solutions

To highlight the advantages of Human Keys, it’s useful to compare them with other key management solutions:

Feature

Traditional PKI

Custodial Wallets

Blockchain-Based PKI

Human Keys

Key Management

Centralized

Centralized

Decentralized

Decentralized

User Control

Limited

Limited

Full

Full

Security

High, but centralized risks

High, but custodian-dependent

High, but complex

High, with familiar inputs

Ease of Use

Moderate

High (easy, but custodial)

Low (complex keys)

High (familiar and secure)

Recovery

Difficult (seed phrase)

Easy (custodian-based)

Difficult (seed phrase)

Easy (familiar input-based)

Human Keys secures your Digital Identity

As the digital world becomes increasingly decentralized, the need for secure, user-friendly key management solutions will continue to grow. Human Keys represent a significant step forward in this evolution, offering a solution that is both secure and accessible.

Human Keys makes onboarding seedless and human friendly. Create your Human Keys on Silk to secure your digital assets, send payments, access global internet finance protocols, and manage your private data using Zeronym. 

On top of Keys being created on human identity, they can be used to make ZK Proof of personhood on Zeronym. Keys can custody their own identity; this mitigates the risks associated  with centralized storage of identity. Human Keys can program privacy by delegating roles and permissions to other parties for custody transfer and selective disclosure of private data, useful for identity verification use cases that would like to preserve privacy and be accountable.