System Architecture

01. Overview

The Key Protocol is an algorithmic baroque approach to digital sovereignty. It provides a layer of absolute privacy for communication atop the high-performance Solana ledger.

Unlike traditional messaging apps, Key does not utilize a traditional database for message storage. Instead, it leverages the ledger as an immutable, append-only transmission medium, using the Fee Payer Network to subsidize the friction of blockchain interactions.

Key Principles

  • • Identity is local and absolute.
  • • Transmission is public, content is private.
  • • Sovereignty is gasless.

02. Anchor Protocol

The identity registry is governed by a secure Anchor program. It manages the mapping of human-readable handles to cryptographic public keys.

#[program]
pub mod key_registry {
    pub fn register_username(ctx: Context, username: String) -> Result<()> {
        let user_account = &mut ctx.accounts.user_account;
        user_account.owner = ctx.accounts.owner.key();
        user_account.username = username.to_lowercase();
        Ok(())
    }
}

Each username exists as a Program Derived Address (PDA). This design prevents handle-space collisions and ensures that each handle can only be initialized once, effectively creating a decentralized name service for messaging.

03. Whisper Mechanism

Communication is achieved through "Whisper Transactions" — tiny SOL transfers carrying encrypted payloads in their memo data.

Phase I: Local

Sender generates an ephemeral keypair and performs a Diffie-Hellman exchange to derive a symmetric key. The message is encrypted via XSalsa20-Poly1305.

Phase II: Ledger

The Fee Payer prepares a transaction with a SystemProgram::transfer of 1 lamport to the recipient, embedding the encrypted blob in a SplMemo instruction.

Security Note

"The ledger acts as a public waterfall. While everyone can see the water falling, only those who hold the matching key can extract the meaning from the spray."

04. Fee Payer

To enable a frictionless user experience, Key operates a robust Fee Payer Network. This off-chain service manages the operational treasury required to fund user activity.

  • Automated Underwriting

    The API uses sophisticated rate-limiting and spending caps (0.01 SOL/day per user) to ensure the sustainability of the free-forever model while preventing malicious drain.

  • Non-Custodial Design

    While the Fee Payer signs for gas, it never has access to identity keys or message content. It is a blind service, underwriting the costs of sovereignty without compromising it.

05. Open Protocol

Key is a permissionless protocol - anyone can build alternative frontends, backends, or fee-payer services.

Program Address

96hG67JxhNEptr1LkdtDcrqvtWiHH3x4GibDBcdh4MYQ

Public Instructions

  • registerUsername(username, encryption_key) - Permissionless registration
  • lookupUsername(username) - Query username → public key mapping
  • updateEncryptionKey(new_key) - Owner-only key rotation
  • transferUsername(new_owner) - Transfer username ownership
  • closeAccount() - Burn username, recover rent

Building Alternative Frontends

Developers can:

  • 1. Call program instructions directly via Solana RPC (no Key API needed)
  • 2. Build custom UI with their own design
  • 3. Implement custom fee-payer services
  • 4. Use different encryption libraries (compatible with X25519)
  • 5. Create platform-specific apps (desktop, CLI, browser extension)

No Vendor Lock-In

  • • Users control their keypairs (local storage)
  • • Messages stored on public blockchain (Solana + Arweave)
  • • Username registry is on-chain (永久 permanent)
  • • Alternative clients can decrypt messages (if user imports keypair)

06. Group Chat

Key implements Signal-style hybrid encryption for group messaging, supporting up to 50 members with full end-to-end encryption.

Architecture Overview

Each group message uses a randomly generated symmetric key to encrypt the content, then that key is individually encrypted for each group member using their X25519 public key. This ensures perfect forward secrecy and allows members to be added/removed without re-encrypting historical messages.

Encryption Flow

  1. 1. Generate random ChaCha20 symmetric key (32 bytes)
  2. 2. Encrypt message with symmetric key
  3. 3. Encrypt symmetric key separately for each member using their X25519 public key
  4. 4. Upload to Arweave: {encryptedMessage, encryptedKeys: {member1Pubkey: key1, ...}}
  5. 5. Notify each member via Solana transaction with memo: group:groupId:arweaveTxId
  6. 6. Receive notification → Fetch from Arweave → Decrypt personal key → Decrypt message

Data Storage Model

Redis

Group metadata only (name, member list)

NO MESSAGES STORED

Arweave

Encrypted message payloads

Cannot decrypt without member keys

Solana

Notification transactions

Pointers only, no content

Your Device

Decryption keys

Never leave your device

Privacy Guarantees

  • ✓ End-to-end encrypted - only group members can decrypt
  • ✓ No plaintext storage - messages encrypted before Arweave upload
  • ✓ Server cannot read - backend only routes encrypted blobs
  • ✓ Forward secrecy - new symmetric key per message
  • ✓ Metadata on-chain - groups stored on Solana with Redis cache

07. Encryption Deep Dive

Encryption Flow

  1. 1. Sender generates message plaintext
  2. 2. Client fetches recipient's X25519 public key from on-chain registry
  3. 3. Client encrypts with NaCl box (Diffie-Hellman + ChaCha20-Poly1305)
  4. 4. Client signs transaction with Ed25519 keypair
  5. 5. Transaction sent to blockchain with two instructions:
    • a. SystemProgram.transfer(1 lamport) → triggers recipient's listener
    • b. MemoProgram instruction → stores "senderPubkey|encryptedMessage"

On-Chain Storage

  • • Messages live in Solana transaction logs (memo instructions)
  • • Anyone can read the encrypted ciphertext (public blockchain)
  • • Only recipient can decrypt (requires their private X25519 key)
  • • Large messages (>750 bytes) uploaded to Arweave, memo stores "ar:txId"

Security Properties

✓ SECURE

  • • End-to-end encrypted
  • • Forward secrecy (random nonce)
  • • Authenticated encryption
  • • Publicly verifiable

✗ LIMITATIONS

  • • No perfect forward secrecy
  • • Metadata visible

Why It's Secure

  • • Private keys never leave device (stored in OS keychain)
  • • Server is stateless fee-payer (can't decrypt without private keys)
  • • Encryption happens client-side before transmission
  • • Uses audited cryptography library (TweetNaCl)
  • • X25519 provides 128-bit security level

08. Developer Guide

Build your own Key client using the open protocol. No permission needed - the protocol is fully permissionless.

View Full Developer Portal & API Reference →

What You Can Build

  • Custom Frontends: Desktop apps, CLI tools, browser extensions, mobile clients
  • Alternative Backends: Your own fee-payer service with custom rate limits
  • Bots & Automation: Automated messaging, notification systems, integrations
  • Analytics Tools: On-chain message analytics (encrypted content remains private)
  • Bridge Services: Connect Key to other messaging platforms

1. Register Username (via API)

// Step 1: Generate keypair
const keypair = nacl.sign.keyPair();
const encKeypair = nacl.box.keyPair.fromSecretKey(keypair.secretKey.slice(0, 32));
 
// Step 2: Register on-chain
await fetch('https://api.trykey.app/api/username/register', {
  method: 'POST',
  headers: { 'Content-Type': 'application/json' },
  body: JSON.stringify({
    username: 'alice',
    publicKey: bs58.encode(keypair.publicKey),
    encryptionKey: base64(encKeypair.publicKey),
    signature: base64(signature),
    timestamp: Date.now()
  })
});

2. Send 1-on-1 Message

// Encrypt message with recipient's public key
const nonce = nacl.randomBytes(24);
const encrypted = nacl.box(messageBytes, nonce, recipientPubKey, mySecretKey);
const combined = new Uint8Array([...nonce, ...encrypted]);
 
// Send via API
await fetch('https://api.trykey.app/api/message/send', {
  method: 'POST',
  body: JSON.stringify({
    encryptedMessage: base64(combined),
    recipientPubkey: recipientPubkey,
    senderPubkey: myPubkey,
    signature: base64(signature),
    timestamp: Date.now()
  })
});

3. Send Group Message

// Step 1: Generate symmetric key
const symmetricKey = nacl.randomBytes(32);
const nonce = nacl.randomBytes(24);
const encrypted = nacl.secretbox(messageBytes, nonce, symmetricKey);
 
// Step 2: Encrypt symmetric key for each member
const encryptedKeys = {};
for (const memberPubKey of groupMembers) {
  const keyNonce = nacl.randomBytes(24);
  const encKey = nacl.box(symmetricKey, keyNonce, memberPubKey, mySecretKey);
  encryptedKeys[base58(memberPubKey)] = base64([...keyNonce, ...encKey]);
}
 
// Step 3: Send to group
await fetch('https://api.trykey.app/api/message/group/GROUP_ID/send', {
  method: 'POST',
  body: JSON.stringify({
    encryptedMessage: base64([...nonce, ...encrypted]),
    encryptedKeys: encryptedKeys,
    senderPubkey: myPubkey,
    signature: base64(signature),
    timestamp: Date.now()
  })
});

4. Direct Program Calls (No API)

For fully decentralized clients, call the Solana program directly:

// Register username (direct on-chain)
const PROGRAM_ID = new PublicKey('96hG67JxhNEptr1LkdtDcrqvtWiHH3x4GibDBcdh4MYQ');
const [userPDA] = PublicKey.findProgramAddressSync(
  [Buffer.from('username'), Buffer.from('alice')],
  PROGRAM_ID
);
 
// Send message (direct memo instruction)
const MEMO_PROGRAM = new PublicKey('MemoSq4gqABAXKb96qnH8TysNcWxMyWCqXgDLGmfcHr');
const tx = new Transaction().add(
  SystemProgram.transfer({ fromPubkey: sender, toPubkey: recipient, lamports: 1 }),
  new TransactionInstruction({
    programId: MEMO_PROGRAM,
    keys: [],
    data: Buffer.from(senderPubkey + '|' + encryptedMessage)
  })
);

Required Libraries

  • • @solana/web3.js - Blockchain
  • • tweetnacl - Encryption
  • • bs58 - Encoding

API Endpoints

  • • /api/username/register
  • • /api/message/send
  • • /api/message/inbox/:pubkey
  • • /api/groups/create
  • • /api/groups/invite
  • • /api/groups/leave
  • • /api/groups/join/:code
  • • /api/groups/public/search
  • • /api/message/group/:id/send

🔓 Fully Permissionless

No API keys, no approval process, no vendor lock-in. Build your client today and connect to the Key network immediately. All program calls are on-chain and publicly accessible.

09. Sustainability

"True privacy should not have a subscription fee. The Key Protocol is sustained by the $KEY token on Pump.fun. We utilize the creator fees generated by $KEY volume to subsidize gas costs for every message sent on the network. By holding $KEY, you are not just an investor; you are a Patron of privacy."

The Key Protocol is a native Solana protocol. Every whisper, every registry update, and every signal is a permanent, onchain record on the Solana blockchain. We don't hide behind sidechains; we leverage the raw performance of the mainnet.

Network

Solana Mainnet

Token Launch

Pump.fun

10. Manifesto

In an era of digital panopticons, we reclaim the whisper. We believe that privacy is not a luxury for the guilty, but a prerequisite for the free.

Key is not just a tool, but a statement. It is the architectural embodiment of the idea that code can be as immutable as stone and as fleeting as thought.

Verba Volant, Scripta Manent.