“Cryptography rearranges power: it configures who can do if, from what?” - The moral character of cryptographic work by Phil Rogaway.
Realizing this power requires users to manage secrets that are cryptographically secure, not memorable inputs like passwords. What if memorable inputs, or what you know, what you have, or what you are, could become those secrets – letting you spin up wallets, recover them, and generate private identity proofs that are unlinkable to real life people.
A New Way to Create Keys
vOPRF is a cryptographic primitive that empowers humans to derive keys from human-memorable inputs for private identity, self custodial wallets, and compliance access control. Having pioneered this novel technology, human.tech deployed vOPRF on the Human Network as a threshold network that adds entropy to human attributes, solving three historically separate problems where usability, privacy, and security couldn’t previously coexist.
The Human Network is built as an Autonomously Verifiable Service (AVS), restaked on EigenLayer and Symbiotic, with 27 nodes and over $2.5B in restaked ETH securing computation on human data.
The network has created more than 2.5 million keys for:
Human Passport – a meta identity aggregator that supports plural identity by design – you prove who you are through what you’re comfortable with.
Wallet-as-a-Protocol (WaaP) – a set of modules and plugins that provide a decentralized, trustless wallet solution with protected self-custody.
Human Bridge supports bridging clean funds into Aztec for private transactions using Proof of Clean Hands - a zero knowledge identity tool, where disclosure of user identity for compliance purposes is controlled by Human Network.
Growing Adoption of OPRF
We started building on vOPRF two years back, to tackle web3’s most pressing challenges:
User friendly wallets without seedphrases and trusted intermediaries
Unlinkable per user identifier (nullifier) for zero knowledge identity from human data that is not cryptographically secure, such as name, DOB, address
Programmable disclosure of identity for compliance purposes, without custody of sensitive data
OPRF has since gained traction across the ecosystem, with varying implementations of the same tech. TACEO has built their own vOPRF service for identity, now integrated with World – the largest decentralized identity protocol by number of users. They implemented OPRF through a coordinated infrastructure, with trust and reputation-based security models.
Metamask uses OPRF for supporting social logins on wallets. Reclaim Protocol makes identity proofs on web data/TLS through a threshold setup inspired by Human Network’s vOPRF. Ethereum’s Privacy Stewards of Ethereum has endorsed the implementation of vOPRF for deriving identity from verifiable web2 data.
This validates vOPRF’s novel capabilities as a cryptographic building block for identity and wallet infrastructure, and other applications that were not possible before.
What is OPRF?
An Oblivious Pseudorandom Function (OPRF) is a two-party protocol: a client holds a secret input, a server holds a secret key, and together they compute a pseudorandom output. The client receives the result; the server learns nothing about the input. Crucially, the output is deterministic, meaning the same input always yields the same result.
This makes OPRF ideal for turning memorable, low-entropy, and sensitive inputs (passwords, security questions, biometrics) into high-entropy cryptographic keys. The same input reliably reproduces the same wallet or identity nullifier, enabling private key derivation for wallets, recovery without seed phrases and per user identifiers for digital identity systems.
Human Network Pioneered vOPRF with a Trustless Implementation
Human Network is designed to derive cryptographic keys from human data – Human Keys. These human-bound keys are used for easier onboarding in self-custodial wallets and creating nullifiers for private identity.
The same underlying primitive is repurposed to enable programmable disclosure via threshold ElGamal on BabyJubJub. Users can encrypt identity data and define conditions under which it can be decrypted by the network, satisfying compliance requirements without exposing the sensitive data of all users.
Adding verifiability via a zero knowledge proof makes it into a vOPRF. Verifying individual node contributions is important to decentralizing the network.
Threshold Network for Critical Compute
Human Network operates as a t-of-n threshold network, where no single node holds the complete secret, and a minimum quorum must collaborate for any computation. A higher threshold increases the cost of attack, but set it too high, and a few nodes going offline or getting corrupted can halt the entire service.
Human Network balances this tradeoff with a two-thirds threshold quorum for 25 nodes, which ensures high uptime and security, without relying on any trusted parties.
The network runs as an Autonomously Validated Service (AVS), restaked on EigenLayer and Symbiotic, secured by over $2.5 Billion in restaked ETH across 25 nodes. Operators stake economic collateral subject to slashing, while being incentivized for running the vOPRF service. This allows anyone connected to the internet to spin up a self custodial wallet in one click, without a single point of failure.
How Safe is the Secret?
Distributing a secret across nodes introduces specific threats: collusion among operators or attackers accumulating information over time. Economic security via restaking raises the cost of attack, but Human Network adds three additional mechanisms:
Proactive resharing: Every epoch, nodes execute a resharing protocol. Individual keyshares change; the network's secret remains constant.
Forward-Secure Public-Key Encryption (FSPKE): Even if an attacker compromises a node and retrieves its decryption key, they cannot decrypt messages from previous epochs and retrieve prior keyshares. This closes the attack where an adversary records encrypted traffic and later breaks into a node to decrypt historical data.
Mobile adversary tolerance: The security model assumes an attacker can corrupt up to t-1 nodes per epoch, and can choose different nodes each epoch. The combination of resharing and FSPKE ensures that accumulating corruptions over time doesn't eventually yield the secret.
For a detailed threat model, see the whitepaper or this EthResearch post for a quick overview.
Biometric Keys: What’s Next
We are actively building and researching on deriving keys from human inputs, which can further make self custodial wallets accessible to anyone. We are currently working on facial biometrics. The technical challenge is fuzziness: unlike a password, your face never scans identically twice. We've developed methods to handle this variability, with production planned soon. More details here.
Build on Human Network
Human Network is an infrastructure, not a walled garden. Teams can use it as a building block, or fork it to create:
Per-user nullifiers from cryptographically signed data: web credentials, DKIM email signatures, NFC passports
Per-user identifiers from non-cryptographic data: SSN, date of birth, name, address
Wallet onboarding without seed phrases or centralized custodians
Human Key Represents People
Having a key that represents you solves all sorts of problems – you never lose access to your wallet if it’s based on your identity, and you can privately prove you are a unique person just by showing you have a Human key. vOPRF made this technically possible. Human Network translates this capability into practical solutions for solving onboarding and privacy challenges.
Wallet as a Protocol is built on top of the Human Network. Builders can best experience the functionalities by testing Wallet as a Protocol (WaaP) at docs.waap.xyz and join the Telegram if you have any questions.
