Human Keys in Action – Use Cases and Practical Applications
Wallets serve many purposes, but their most fundamental role is to create, authenticate, and sign transactions using private keys in a self-custodial manner, while protecting users from vulnerabilities in key management. This basic functionality, though crucial, remains an elusive goal for many wallet solutions. In Parts 1 and 2, we introduced Human Keys—a paradigm approach that merges familiar inputs like passwords and biometrics with sophisticated cryptographic techniques to generate secure private keys. This method aims to return wallets to their essential purpose while enhancing user experience and security.
In this third part, we'll delve into the practical applications and use cases of Human Keys, demonstrating how Human Keys can move wallets only for the technically adept—Bob and Alice, to being fully accessible and secure for the average Joe.
Secure wallet Management for everyday interactions
Wallet-as-a-Service (WaaS) provides infrastructure for dApps to create customizable wallets, offering options ranging from custodial to self-custodial solutions, including Account Abstraction and MPC wallets. These services support both embedded and browser extension implementations, abstracting complexities to make integration effortless.
While these services abstract away complexities, they often rely on cloud backups or social recovery methods, introducing potential security vulnerabilities, such as dependence on centralized providers like Google or Apple for authentication.
In contrast, Human Keys offer a permissionless and composable solution that addresses these security and centralization concerns. Wallets built on Human Keys function across multiple dApps without being confined to a specific application. These wallets are decentralized, utilizing advanced cryptographic techniques, such as:
- Threshold cryptography for Distributed Key Generation
- Two-Party Computation - Multi-Party Computation (2PC-MPC) for trustless authentication, cross interaction and account recovery
- Zero-Knowledge Proofs (ZKPs) of identity for verifiable account recovery
- Anti-collusion mechanisms
- Vector Oblivious Linear Evaluation (VOLE) based client-side ZKPs for efficiency and instant proofs
This architectural approach mitigates security issues such as deceptive attacks and social hacking. It also conceals user input data from network nodes, enhancing resilience against vulnerabilities that can arise in decentralized systems.
Human Keys for WaaS
WaaS providers can integrate Human Keys to offer users decentralized, self-custodial key management, along with intuitive one-click social logins for seamless onboarding and authentication. By eliminating reliance on centralized vectors, Human Keys prevent single points of failure, improving overall security.
Zero Trust Authentication
Human Keys enable a Zero Trust Environment for authentication using the innovative 2PC-MPC (Two-Party Computation - Multi-Party Computation) network. In this system, users retain full ownership of their signatures, and no trusted party is ever fully responsible for cross-chain interactions. The 2PC-MPC network, implemented in Silk, facilitates secure and distributed computation of cryptographic operations. It splits key generation and signing between the user and the network, ensuring neither has full access to the entire private key.
Seamless Cross-App and Cross-Chain Authentication
With Human Keys, users can seamlessly authenticate across multiple dApps without needing to recreate accounts. Single-click authentication is available via social logins, such as Google, or password-based methods. The 2PC-MPC model ensures that all authentication processes are protected against phishing, clickjacking, XSS attacks, malware, and malicious smart contracts, maintaining seamless and secure interactions across applications.
This same mechanism extends to cross-chain functionality, enabling a chain-abstracted user experience that enhances both usability and security without compromise. This is currently active for EVM chains, with other chains coming soon.
Biometric Authentication
Passwordless authentication such as biometric authentication have increasing adoption. Human Keys derived from biometrics will make authentication simple and secure. Biometrics use unique physical or behavioral characteristics to verify identity, promise enhanced security and convenience. This method is also subject to significant criticism for privacy intrusion and unmitigateable risks of data leaks. While, biometric authentication relies on a variety of human attributes, Human Keys will soon be derived from face recognition with a privacy by default design, with the design primitives to be resilient to backtracking or exposing this data to anyone other than the user. A detailed research article dropping soon to delve into the details.
Human Keys for Decentralised Identity Protocols
Programmable Privacy
Privacy has been either black or white, in terms of handling personal data for identity verification. Obligated entities are required to retain user data for regulatory purposes, storing this sensitive information in centralized servers, creating attractive targets for hackers. This can have serious real-world consequences, such as long-term threats or emotional distress—like the case of blockchain addresses being doxxed linking personal details, leading to extortions.
ZKKYC or “verify once and delete” data isn’t practical for compliance due to unavailability of data. Complete privacy with ZK KYC, and minimal privacy with traditional identity providers has held back web3 from mainstream adoption, due to the incompatibility of privacy and regulatory compliance.
Human Keys, through the Mishti network, enables provable encryption of identity data with user consent, under predetermined conditions. This allows for programmed and customizable decryption of user data for compliance purposes. For example, a user completing KYC via a DID protocol can encrypt their data to Human Keys, consenting to decryption if flagged on a sanctions list, programmed through Mishti's threshold network.
This approach completely removes the burden of storing data from centralized servers to a decentralized middleware, here Mishti Network for data custody. This is presently live with Zeronym’s Proof of Clean Hands, with deployment on Aztec and Hinkal Protocol.
Secret Keys for any Identity
Identifiers, whether arbitrary (like social credentials) or structured (such as Aadhaar ID or Social Security Number), can be used to create Secret Keys (Nullifiers) derived from Human Keys. These nullifiers prove ownership of credentials without revealing the actual credential data.
Reclaim Protocol is using Mishti network to privately create identity proofs on Social Security Numbers. The process involves:
- Creating a Nullifier Scheme or Secret Key that remains concealed
- Publicly recording a hash of the nullifier for verifiability
- Nullifier is unique for each identifier, preventing reuse of the same SSN
- Providing sybil resistance while concealing the actual SSN
Zero Knowledge Personhood
Human Keys derived on private biometrics proves humanity, and other identifiers on legacy Govt and NFC compatible Passports, can be used cryptographically to prove attributes such as uniqueness, age, nationality, etc without revealing or storing this data to verifying organizations. This unlocks use cases in web3 and beyond.
Sybil Resistant Airdrops
The abuse of industrial-level sybil attacks on airdrop distributions has been an ongoing challenge, with sybils bypassing evolving resistance mechanisms that use AI, ML, community reporting, and other design choices.
Human Keys derived from biometrics and government ID proofs allow users to privately authenticate uniqueness on-chain with high rigor, web2-like user experience, and universal access to mint these proofs. This makes Zeronym, built on Human Keys, an apt choice for sybil-resistant airdrops.
Airdrops are typically used to reward network participants and decentralize protocols through token-weighted voting. However, poor user retention and susceptibility to plutocracy can undermine the decentralization goal. Zeronym's growing user base of 125,000 has demonstrated active on-chain governance engagement. By tapping into Zeronym's user base, protocols can decentralize to a reputable social graph, potentially mitigating governance attacks and improving user retention.
Universal Personhood
Robust identity systems are testament to a country's economic efficiency and inclusivity. The digitization of identity can facilitate online payments, streamline service delivery, and improve identity authentication for citizens. While Human Keys are generated cryptographically using Zero Knowledge Proofs, Silk's user interface abstracts these complexities, providing a web2-like user experience.
Human Keys' API can be utilized for traditional KYC use cases, querying identity without revealing user data and avoiding centralized storage of sensitive information at multiple verification points. By enabling users worldwide to create blockchain-based personhood profiles with a universal standard, we can enhance efficiency in handling, authenticating, and attributing user data.
How some of these features could look like?
Joe, a passionate Web2 gamer, is introduced to the world of web3 gaming by his friend Bob. Excited by the idea of truly owning his in-game assets, Joe decides to give it a try.
Bob sends $100 USDC to Joe’s email address via Silk wallet or any Wallet created via Human Keys. The claiming prompts Joe to create an account with his email and password, creating a self custodial wallet in the background, where the private key is generated from his password. This gives Joe full control of his assets without the usual complexity of seed phrases.
Using the same wallet Joe decides to bet on the Presidential Election Winner on Polymarket on Polygon chain, funding the deposit through Paypal, and topup gas token through Silk’s Gas Tank.
Later, Joe learns about Gitcoin’s quadratic funding and decides to support a US-based civic project. To vote, Joe needs to prove that he’s a US citizen and over 18 years old. Using Zeronym, Holonym’s identity protocol, Joe verifies his identity without revealing any personal data. Through Zero Knowledge Proofs (ZKPs), he proves his eligibility and casts his vote, all while keeping his privacy intact.
Joe’s experience with web3 continues to grow when his gaming platform announces a new round of airdrops, rewarding genuine users. To qualify, Joe uses Human Keys with Zeronym to prove that his account is legitimate and not a bot.