Skip to main content

Keys and Security

Platus implements a dual-key architecture where the ability to view transactions and the ability to spend funds are cryptographically isolated.

The scheme is built on re-randomizable stealth addresses, a mechanism that allows any third party to generate unlinkable payment addresses for a recipient without knowing their private keys or previous transaction history.

Key Architecture

Spending Key (sk)

The spending key is the root secret from which all other keys are derived.

Properties:

  • Grants full control over funds
  • Required to authorize transactions
  • Never leaves client or transmitted on-chain

Spending Public Key (sPK)

From the spending key, the spending public key is derived as:

sPK=SHA-512(sk)[0:32]×G\text{sPK} = \text{SHA-512}(\text{sk})[0:32] \times G

Where:

  • GG is the base point of the Baby Jubjub curve.

Viewing Key (vk)

The viewing key is deterministically derived from spending public key:

vk=Poseidon(sPKx,sPKy,nonce)\mathrm{vk} = \text{Poseidon}(\mathrm{sPK}_x , \mathrm{sPK}_y , \mathrm{nonce})

Where:

  • sPKx,sPKysPK_x, sPK_y are the (x,y) coordinates of the spending public key.
  • nonce\mathrm{nonce} starts at 1 and increments until vk<Fr\mathrm{vk} < \mathbb{F}_r.

Properties:

  • Cannot authorize spending
  • Cannot derive the spending key (one-way derivation)
  • Combined with ML-KEM secret key for decryption

Identity key (ik)

The identity key is derived from the viewing key as:

ik=vk×G\text{ik} = \text{vk} \times G

Properties:

  • Cannot authorize spending or leak transaction history
  • Used by third parties to generate stealth addresses

ML-KEM Public Key (mPK)

Derived from post quantum seed, where seed:

prk=Poseidon(sPKx,sPKy,domain_separator)\mathrm{prk} = \mathrm{Poseidon}(\mathrm{sPK}_x, \mathrm{sPK}_y, \mathrm{domain\_separator}) seed=Poseidon(prk,0)Poseidon(prk,1)\mathrm{seed} = \mathrm{Poseidon}(\mathrm{prk}, 0) \,\|\, \mathrm{Poseidon}(\mathrm{prk}, 1)

Properties:

  • Used to generate shared secret key for encryption
  • Provides post-quantum security

Hybrid Public Key (hPK)

Combination of identity key and ML-KEM public key:

hPK=(ik,mPK)\mathrm{hPK} = (\mathrm{ik}, \mathrm{mPK})

Properties:

  • Can be shared publicly to receive payments
  • Used to encrypt notes with hybrid post-quantum security
  • Used to generate stealth addresses for the user
  • Combines classical ECDH with post-quantum ML-KEM-1024

App Key (ak)

These are protocol-specific keys derived as:

ak=Keccak256(sk,protocol_identifier)\mathrm{ak} = \mathrm{Keccak256}(sk , \mathrm{protocol\_identifier})

where appIdentifier can be domain, ENS name, or IPFS hash identifying the app.