Distributed key management with ML-KEM-512/768/1024 encapsulation, ML-DSA-44/65/87 signatures, BLS threshold signing, and AES-256-GCM encryption.
The Key Chain provides distributed key management services for the entire Lux ecosystem. It supports multiple post-quantum key encapsulation mechanisms (ML-KEM), signature schemes (ML-DSA), BLS threshold signing, and AES-256-GCM encryption.
K-Chain acts as a decentralized key management service (KMS) where keys are generated, stored, rotated, and revoked through on-chain governance. No single party has access to complete keys — they're always distributed across the validator set.
Enterprises can use K-Chain for secure key lifecycle management without running their own HSM infrastructure. The on-chain audit trail provides complete transparency for compliance requirements.
Quick start using the Lux JavaScript SDK.
import { KeyClient } from 'luxnet/key'
const kms = new KeyClient('https://key.lux.network')
// Generate and store a managed key
const key = await kms.generateKey({
algorithm: 'ml-kem-768',
label: 'my-encryption-key',
})
// Encrypt data
const encrypted = await kms.encrypt(key.id, plaintext)