--- title: Chain-key cryptography slug: chain-key-cryptography description: The threshold-cryptography engine that gives each subnet its own signing key — without any single party ever holding the private material. tags: - cryptography - core-concept - chain-fusion date: 2026-03-21 updated: 2026-04-25 related: - internet-computer-protocol hub: true --- Chain-key cryptography is the engine that lets the Internet Computer sign for itself. Each subnet has a stable public key; the corresponding private key is split into shares held by the nodes, and never reconstructed in one place. Signatures are produced by a threshold protocol — most nodes agree, the protocol emits a signature, and from outside it looks like a single trusted party. This is what enables three otherwise-impossible things: 1. **Self-signing canisters** — a canister can ask the protocol to sign on its behalf. The result is a real signature that any external verifier accepts, derived from a key that no human ever held. 2. **Native multi-chain interaction** (Chain Fusion) — canisters can sign Bitcoin, Ethereum, and Solana transactions directly, without a bridge. Custody happens inside the protocol. 3. **Stable subnet identity** — subnets can rotate their underlying nodes without changing their public key, so an app’s external identity stays stable even as the hardware beneath rotates. ## The protocol layer The threshold scheme used is a derivative of BLS (Boneh-Lynn-Shacham) signatures, with modifications for the network’s specific needs: asynchronous consensus, dynamic subnet membership, and the ability to re-share secrets when nodes join or leave a subnet. The cryptographic story is documented in the [`Document library`](/document-library/#documents?tag=Technical%20Paper) under Technical Papers. Look for entries on **DKG** (distributed key generation), **threshold ECDSA**, and **vetKeys**. ## Why it matters for the editorial framing The chain-key engine is what justifies calling the platform “tamperproof.” There is no admin machine to compromise because there is no admin machine. Even if an attacker physically takes a node, they hold a fragment of every subnet key — useless on its own. The threshold protocol’s safety margin is configurable per subnet, but typically allows up to a third of nodes to be Byzantine-faulty without compromising signing. ## Related - [`Internet Computer Protocol`](/wiki/internet-computer-protocol/) — the network protocol the engine runs inside.