During the spring of 2025, NCC Group was engaged to perform a cryptography review of DFINITY USA Research’s verifiably encrypted threshold key derivation (vetKD) protocol implementation. The use of vetKD in the Internet Computer allows users to securely and privately derive keys (vetKeys) tied to their identity. The protocol itself uses nodes’ BLS signature threshold key shares (vetKD master key shares) to sign (a hash of) the user’s identity, then ElGamal-encrypt this signature with an ephemeral transport key generated by the user.