LAST CHANCE BLACK FRIDAY: Save now on Ledger hardware wallets and accessories.

Shop now

Tech | 09/26/2024

Ledger Key Ring Protocol: Ledger’s New Solution For Secure Data Sharing

Things to know
The digital landscape is shifting away from centralized models in favor of their decentralized counterparts. But decentralization also brings a significant challenge: secure and confidential data sharing. Blockchain technologies ensure data integrity, non-repudiation, and authenticity, but pose a challenge when it comes to confidentiality.

Our new patented technology, Ledger Key Ring Protocol, enables both security and confidentiality for encrypted data sharing.

Ledger Key Ring Protocol enables multiple applications or multiple instances of the same application to access shared information.

Ledger Key Ring Protocol helps developers build decentralized and private apps, including potential functionalities such as end-to-end encrypted messaging, decentralized file storage, synchronized data, and more.

— Ledger Key Ring Protocol can only be used as a “privacy” tool. It is not meant to manage crypto and authentication keys

The digital landscape is currently undergoing a major, gradual change, shifting away from centralized models wherein a single entity controls both data and security. Centralized models represent a significant risk to users, creating single points of failure and leaving the system vulnerable to hacks. This is why decentralization is so important. Control must be distributed and users must have guaranteed ownership. As such, the need for secure and decentralized systems is more pressing than ever; new protocols and technologies must emerge to meet these needs.

However, decentralization brings a major challenge: secure data sharing. This is where our new feature, Ledger Key Ring Protocol, comes into play. This new feature enables both security and confidentiality in decentralized environments, allowing for true data sovereignty.

Ledger Key Ring Protocol: our solution for secure and confidential data sharing

A critical answer to the challenge of secure data sharing in decentralized environments is end-to-end encryption. This approach encrypts user data on a client-side application and relays the encrypted data to untrusted servers—whether centralized or decentralized. It then decrypts it on the other side with another application instance controlled and trusted by the user. 

Hardware wallets are renowned for their robust security features, which include isolated storage of cryptographic keys and secure execution environments that protect against a wide range of attacks. At Ledger, we designed the Ledger Key Ring Protocol to take advantage of these features by using the hardware wallet as a central point for key management and end-to-end encryption. This means that users can rely on their hardware wallet to securely manage who has access to their data, ensuring it remains confidential throughout its entire journey. 

Ledger Key Ring Protocol also addresses the limitations of traditional secure devices, which, while highly secure, often suffer from constrained storage and processing power. By leveraging a key derivation tree structure—similar to the one used in hierarchical deterministic (HD) wallets—Ledger Key Ring Protocol allows for the efficient management of a large number of encryption keys. Thanks to Ledger Key Ring Protocol, hardware wallets can now provide secure end-to-end encryption for applications that require frequent or complex data-sharing operations.


Important to note:
Ledger Key Ring Protocol can only be used as a “privacy” tool. It is not meant to manage crypto and authentication keys. Ledger Key Ring Protocol encryption keys and your device’s private keys always stay isolated from one another.


As we delve deeper into the mechanics of Ledger Key Ring Protocol, this blog post will explore its intricacies, shedding light on how it works. We also published a comprehensive white paper on Ledger Key Ring Protocol available here.

What is Ledger Key Ring Protocol For?

Developers can build a wide range of applications with the protocol. Here are several use cases that illustrate how Ledger Key Ring Protocol can be applied:

End-to-End encrypted messaging

Ledger Key Ring Protocol can be used in secure messaging platforms to ensure that only intended recipients can read messages. Each message or conversation can have its own encryption key. New members can be added dynamically to a group conversation and messages can be individually shared.

Decentralized file storage

In decentralized file storage systems, Ledger Key Ring Protocol can manage the encryption of user files. Each file or folder can have its own encryption key, allowing users to share specific files without exposing the rest of their data.

To Synchronize application data

The protocol can be used to share user data among multiple instances of the same application without revealing its content to online storage services, whether centralized or decentralized.

To Build User Data for Decentralized platforms

Ledger Key Ring protocol allows applications to build shared user data. An application can record user data and share part (or all) of this data with other applications. For example, it could facilitate secure communication between a wallet application that stores user addresses and a service requesting access to a single account.

Ledger Key Ring Protocol is not restricted to these use-cases and can empower developers to build more applications where users have control of their data.

Exploring The Ledger Key Ring Protocol

The Ledger Key Ring Protocol enables multiple applications or multiple instances of the same application to access a shared secret used to encrypt and decrypt data. Typically, when multiple applications share a secret, sharing the secret with an additional application means re-encrypting the entire data set.  In many instances, this is impractical, if not completely infeasible. 

Instead, Ledger Key Ring Protocol allows decentralized data management without committing to a single storage method.

Key Features and Design Goals

Selective Disclosure

Ledger Key Ring Protocol lets you share selected data with other entities. This is crucial in decentralized applications where trust in centralized servers is not possible. Instead of encrypting the data as a whole, we split it into shards, then encrypt each field with its own encryption key (e.g. each field of a JSON document would have its own encryption key). This data is then safe to share across decentralized networks. Other applications can retrieve and decrypt the data only if they obtain the appropriate encryption keys from the user. The user is in control and decides who can decrypt his/her data.

Decentralized Key Management

Unlike traditional centralized systems, where a central server manages keys and data, Ledger Key Ring Protocol relies on a decentralized approach. Using a key derivation tree based on the BIP32 key derivation standard in Bitcoin, Ledger Key Ring Protocol can generate an infinite number of secrets from a single source. This ensures that new participants can be added without having to re-encrypt the entire dataset.

Enhanced Security with Secure Devices

Ledger Key Ring Protocol leverages secure devices to manage access to secrets. These devices, although limited in memory and computational power, provide robust security by ensuring that sensitive operations occur within the device without exposing the secrets. It allows the user to keep control over their data and choose who has access to what.

Efficient Key Revocation and Identification

The protocol includes mechanisms to handle key revocation, a critical feature when a third party is no longer trusted. Ledger Key Ring Protocol’s structured derivation path allows for efficient key management and identification of resources behind an encryption key, meaning you can review which data you’re sharing and easily revoke an application’s access when necessary.

How Ledger Key Ring Protocol Works

At its core, Ledger Key Ring Protocol operates through a data structure called the “Ledger Key Ring Protocol tree,” wherein each node or “leaf” of the tree represents an encryption key, and the origin of each branch is the root key. This hierarchical design simplifies the sharing process, as users can share an entire category of data by sharing a single parent key, or just a single piece of data by sharing a leaf key.

The Root Key

  • The root key is generated by the secure element but not stored by it. The root key is also generated by a single private key, making sure that only a hardware wallet with the same seed phrase can decrypt it. Storage space on a hardware wallet is limited, and this approach allows devices to handle as many Ledger Key Ring protocol trees as required without forcing applications to rely on the same secret.
  • Ledger Key Ring Protocol uses the root key to create encryption keys but never shares it with other applications—sharing only the derived keys instead. This ensures that only the permitted parties have access to specific portions of data. It also makes it easy to revoke keys and remove untrustworthy parties’ access.

The Command Stream

Inside each tree node, lies a list of blocks(called a command stream), containing information on all members of the node and encrypted secrets. 

When a user wants to share data, they grant access by adding the new member to the command stream. These commands allow the user to add a new member, publish the encryption key to a trusted member, or close the stream to deprecate the shared secret. 

The integrity of the command stream is maintained through cryptographic signatures and hashes, ensuring that only authorized members can modify or access the data. This means data can be verified by the device  —- no central authority needed! By verifying the integrity of the command stream, the device can prevent malicious actors from requesting access to the shared secret.

Why is Ledger Key Ring Protocol using a tree?

Bear in mind that the protocol was designed to take advantage of hardware wallets capabilities and is not designed to be the one and only approach to implement end-to-end encryption. Here are a bunch of common questions:

Why don’t you let the device encrypt and decrypt user data?

While allowing the device to encrypt and decrypt the data would offer the most secure approach, it still relies on the user trusting the application they are communicating with. This approach also limits the amount of data you can encrypt and makes for a less-than-practical user experience. For instance, you would have to keep your device connected while sending your message, and with significant data, that may take some time. 

Our approach facilitates end-to-end encryption for applications that require seamless communication and more complex data sharing with multiple parties.

Why don’t you generate random encryption keys for each member?

There are 3 main issues with generating random encryption keys for each member.

Firstly, generating a key per member is inefficient when it comes to time and resources. You would need one key per field and a new set of keys per member. With one or two members that may be no problem, but as soon as you’re dealing with multiple people, the management of these keys is impractical. Even when generating random encryption keys for each member is possible, it creates a subpar user experience. But often, it’s simply not feasible.

Secondly, generating a new key for each member also only works for applications that don’t require real-time updates. Our approach guarantees that any member can re-encrypt data for all parties since each member shares the same encryption key for the same piece of data.

Finally, the tree structure allows the hardware wallet to identify the encrypted resource. The position of the secret in the structure provides the hardware wallet with important information which is only possible using this approach.

Hierarchically deterministic tree

The hierarchical structure of the Ledger Key Ring Protocol’s tree also improves user experience. Grouping data together means the device has less work to perform and can operate more efficiently. And this is possible while controlling which party has access to which part of the data set. For example let’s consider the following JSON document:

{
  "author": "Alice",
  "title": "My Note",
  "content": "This is an example note<br/>",
  "created_at": "2024-06-11T13:36:59.603Z",
  "updated_at": "2024-06-14T08:03:43.212Z"
}

Previously, selective disclosure of secrets would require encrypting each field with its own encryption key. In our example there are 5 fields so we would need 5 encryption keys. 

With Ledger Key Ring Protocol, you only need to generate a single ‘parent key’ for the entire document and share that with the application. From there, the application can derive the 5 encryption keys itself, lessening the data burden on the device. This approach becomes even more beneficial the more encryption keys needed.

Levels of the tree

 The protocol defines clear rules about how to build a tree, including how to derive secret keys to build a tree, identify the resource being encrypted, and revoke encryption keys. Each level of the tree has one of 2 purposes:

Encryption key identification

This level is not used to generate encryption keys but used to create a static identifier for the resource. Meaning that the ID of a resource never changes. This allows the hardware wallet to retrieve the resource ID and map it to a human readable description, giving users the ability to clear-sign with confidence.

Key revocation

By itself, the tree is able to provide encryption keys and share them with other applications or third parties. However, what happens when a former member can’t be trusted anymore? The Ledger Key Ring protocol increments the derivation index of each encryption key,  meaning there can be several keys for the same underlying resource and each key can only be used once. This means revoking an application’s access is easy: only the resource encrypted by the revoked key must be re-encrypted; the rest of the data is still secure.

Ledger Key Ring Protocol uses BIP32 to derive encryption keys. From the root key we are able to create a tree of encryption keys. By having a strict derivation policy the protocol implements both the identification and revocation of encryption keys. 

How are encryption keys stored in blocks?

Encryption keys are stored in the tree when they are created or shared with a member. But they can’t be read by anyone: they are always encrypted for a single reader. Ledger Key Ring Protocol uses the Elliptic Curve Diffie-Hellman (ECDH) key exchange protocol to securely encrypt secrets before they are stored or shared. ECDH is a cryptographic algorithm that allows two parties to establish a shared secret over an insecure channel. With this shared secret we encrypt the encryption key by using AES-256-GCM.

The Ledger Key Ring Protocol tree can be shared with centralized or decentralized servers without revealing the encryption keys. Only members can read its content. 

Concluding Remarks

Ledger Key Ring Protocol is the answer Ledger brings to the table to improve data ownership. As the digital landscape continues to evolve, protocols like Ledger Key Ring Protocol will be essential in ensuring that privacy, security, and user control remain at the forefront of decentralized technology. Ledger Key Ring Protocol offers a powerful tool that balances security, flexibility, and user ownership. One of the key components for digital identity in the future.

Ledger Key Ring Protocol is an open standard, designed for anyone to implement and build upon. Its open nature means developers have full access to the protocol, enabling them to bring end-to-end encryption into any decentralized application. Whether you’re building secure messaging, decentralized finance solutions, or a decentralized platform, Ledger Key Ring Protocol provides the tools you need to build confidently and contribute to an open, decentralized ecosystem where users stay in control of their data.


Pierre POLASTRI
Principal Architect

Stay in touch

Announcements can be found in our blog. Press contact:
[email protected]

Subscribe to our
newsletter

New coins supported, blog updates and exclusive offers directly in your inbox


Your email address will only be used to send you our newsletter, as well as updates and offers. You can unsubscribe at any time using the link included in the newsletter.

Learn more about how we manage your data and your rights.