LUX
All Chains
K

K-Chain (Key)

Privacy ChainLinear Consensus

Distributed key management with ML-KEM-512/768/1024 encapsulation, ML-DSA-44/65/87 signatures, BLS threshold signing, and AES-256-GCM encryption.

Overview

The Key Chain provides distributed key management services for the entire Lux ecosystem. It supports multiple post-quantum key encapsulation mechanisms (ML-KEM), signature schemes (ML-DSA), BLS threshold signing, and AES-256-GCM encryption.

K-Chain acts as a decentralized key management service (KMS) where keys are generated, stored, rotated, and revoked through on-chain governance. No single party has access to complete keys — they're always distributed across the validator set.

Enterprises can use K-Chain for secure key lifecycle management without running their own HSM infrastructure. The on-chain audit trail provides complete transparency for compliance requirements.

Technical Specifications

EncapsulationML-KEM-512/768/1024
SignaturesML-DSA-44/65/87
ThresholdBLS (t-of-n)
EncryptionAES-256-GCM
Key RotationAutomated
Chain TypeOptional

Key Features

  • ML-KEM key encapsulation (512/768/1024)
  • ML-DSA signatures (44/65/87)
  • BLS threshold signing
  • AES-256-GCM encryption
  • Key lifecycle management
  • On-chain audit trail

SDK Example

Quick start using the Lux JavaScript SDK.

k-chain-example.ts
import { KeyClient } from 'luxnet/key'

const kms = new KeyClient('https://key.lux.network')

// Generate and store a managed key
const key = await kms.generateKey({
  algorithm: 'ml-kem-768',
  label: 'my-encryption-key',
})

// Encrypt data
const encrypted = await kms.encrypt(key.id, plaintext)