Wallets serve many purposes, but their most fundamental role is to onboard users and provide an interface to sign transactions using private keys in a self-custodial manner, while protecting users from vulnerabilities in key management. This basic functionality, though crucial, remains an elusive goal for many wallet solutions. In Parts 1 and 2, we introduced Human Keys—the human intrinsic private key derived from human attributes like passwords and biometrics, combined with a moon math – OPRF, that makes public key infrastructure usable for everyone. This method abstracts private key management, and aims to return wallets to their essential purpose with least friction and a security first approach, unseen in wallets today.
In this third part, we'll delve into the practical applications and use cases of Human Keys, demonstrating how Human Keys can move wallets only for the technically adept—Bob and Alice, to being fully accessible and secure for the average Joe.
Secure Wallet Management for Everyday Interactions
Wallet-as-a-Service (WaaS) provides infrastructure for dApps to create customizable wallets, with few clicks by signing up through email or social logins, making the process seedless, and also embedded into the app to give app native experience, reducing the cognitive overload.
Now, there are no seed phrases, but they often rely on cloud backups or social recovery methods, and naive implementation practices, fragmenting user experience by a wallet per app basis, and introducing several security vulnerabilities. Check this for security vulnerabilities, and this for major distinction with WaaS and Silk’s Wallet as a protocol, built on top of Human Keys.
Silk built on Human Keys addresses these security and centralization concerns, combined with other cryptographic primitives built by the Holonym Foundation. Silk or any wallets built on Human Keys function across multiple dApps without being confined to a specific application. Here is the tech stack that makes Human keys, and Silk – the consumer facing side of Human keys:
- OPRF derives highly random and secure cryptographic keys from human attributes computed privately.
- Threshold cryptography network built as an AVS on Eigen Layer for computing OPRF in a decentralized setup.
- Two-Party Computation - Multi-Party Computation (2PC-MPC) for security, trustless cross chain interaction and programmable transaction.
- Zero-Knowledge Proofs (ZKPs) for conveying user input privately with Mishti, verifying individual node contribution, and account recovery.
- Vector Oblivious Linear Evaluation (VOLE) based client-side ZKPs for efficiency and instant proofs for zk personhood proofs encrypted to Human keys through Zeronym
This architectural approach mitigates most security issues prevalent with wallets today. It also conceals user input data from network nodes, providing resilience against vulnerabilities that can arise in decentralized systems.
The use cases and features unlocked here for dApps integrating Silk are:
Compasibility
Unlike WaaS where different accounts are created for each dApp, Human Key works across platforms/devices, consolidating all on-chain interactions in one place.
Security
Keys derived are split between the user and a network using 2PC MPC. This provides user authorization for every transaction and the network verifies and authenticates every user-signed transaction by running transaction simulations and deploying policy engines, to prevent any internal or external threats.
Programmability
Human Keys can be programmed using 2PC MPC, by designing and executing complex logic into with smart contracts, that unlocks trustless cross chain interaction, programming account recovery using zk credentials, etc
Native dApps experience with zero integration cost
Human Keys are free and easy to integrate for developers using Silk.
User Preffered Sign-Up Methods
Keys can be derived from web accounts and mobile numbers for now, meanwhile other methods such as biometrics are in production.
Human Keys for WaaS
WaaS providers can leverage Mishti Network for secure and scalable key generation. Also, use Holonym’s zero knowledge identity protocol Zeronym for private identity verification.
Human Keys for Decentralised Identity Protocols
Programmable Privacy
Privacy has been either black or white, in terms of handling personal data for identity verification. Obligated entities are required to retain user data for regulatory purposes, storing this sensitive information in centralized servers, creating attractive targets for hackers. This can have serious real-world consequences, such as long-term threats or emotional distress—like the case of blockchain addresses being doxxed linking personal details, leading to extortions.
ZK KYC or “verify once and delete” data isn’t practical for compliance due to unavailability of data. Complete privacy with ZK KYC, and minimal privacy with traditional identity providers has held back web3 from mainstream adoption, due to the incompatibility of privacy and regulatory compliance.
Human Keys, through the Mishti network, enables provable encryption of identity data with user consent, under predetermined conditions. This allows for programmed and customizable decryption of user data for compliance purposes. For example, a user completing KYC via a DID protocol can encrypt their data to Human Keys, consenting to decryption if flagged on a sanctions list, programmed through Mishti's threshold network.
This approach completely removes the burden of storing data from centralized servers to a decentralized middleware, here Mishti Network for data custody. This is presently live with Zeronym’s Proof of Clean Hands, with deployment on Aztec and Hinkal Protocol.
Nullifiers: Secret Keys for any Identity
Identifiers, whether arbitrary (like social credentials) or structured (such as Aadhaar ID or Social Security Number), can be used to create Secret Keys (Nullifiers) derived from Human Keys. These nullifiers prove ownership of credentials without revealing the actual credential data.
Reclaim Protocol is using Mishti network to privately create identity proofs on Social Security Numbers. The process involves:
- Creating a Nullifier Scheme or Secret Key that remains concealed
- Publicly recording a hash of the nullifier for verifiability
- Nullifier is unique for each identifier, preventing reuse of the same SSN
- Providing sybil resistance while concealing the actual SSN
Creating nullifiers for zk credentials without any trace back methods have been difficult and implemented with trade offs. Human keys solving this; reach us out to build on this.
Zero Knowledge Personhood
Human Keys can be used to make ZKPs on identifiers such as legacy Govt and NFC compatible Passports, to make selective disclosures on uniqueness, age, nationality, etc without revealing or storing this data to verifying organizations. This unlocks use cases in web3 and beyond.
In an industry where industrial level sybil are rampant, and identity is hard to prove without doxxing yourself, Human Keys through Zeronym’s ZK DID protocol helps with privacy preserving identity verification. Use cases spanning through sybil resistant airdrops, anonymous forums, reputation, quadratic voting, civic voting systems, sybil resistant gaming, identity for anonymous devs, etc.
Zeronym with over 125,000 proofs minted for these use cases, will help reach a larger audience through Human Keys, as the keys to the identity are easy to access and easy to self custody for any user.
Human Digital Rights for Real Humans
With continued proliferation of Human Keys, they sit right at the intersection of real world problems and crypto by granting anyone a Human Key to participate in the open global financial system through Silk and make private identity proofs on Zeronym. These use cases will particularly help people from emerging countries for:
- Accessing stable coin infrastructure for hedging against unstable currency
- Receive direct grants directed towards marginalized or people living in hostile government conditions or immigrants
- Anonymous forums, journalism – to circumvent state surveillance
- Digital voting systems
- Digital inclusion for undocumented
Some of these use cases are possible with strategic partnerships with govts and private companies serving in this context, to make it a standard.
A glimpse into web3 with Human Keys
Joe, a passionate Web2 gamer, is introduced to the world of web3 gaming by his friend Bob. Excited by the idea of truly owning his in-game assets, Joe decides to give it a try.
Bob sends $100 USDC to Joe’s email address via Silk wallet The claim prompts Joe to create an account with his email, creating a self custodial wallet in the background, where the private key is generated from his web account. This gives Joe full control of his assets without the usual complexity of seed phrases.
Using the same wallet Joe decides to bet on the Presidential Election Winner on Polymarket on Polygon chain, funding the deposit through Paypal, and top up gas money through Silk’s Gas Tank.
Later, Joe learns about Gitcoin’s quadratic funding and decides to support a US-based civic project. To vote, Joe needs to prove that he’s a US citizen and over 18 years old. Using Zeronym, Joe verifies his identity without revealing any personal data. Through Zero Knowledge Proofs (ZKPs), he proves his eligibility and casts his vote, all while keeping his privacy intact.
Joe’s experience with web3 continues to grow when his gaming platform announces a new round of airdrops, rewarding genuine users. To qualify, Joe uses Human Keys with Zeronym to prove that his account is legitimate and not a bot.