The Finger Pointing at the Moon
There’s a Zen saying: when a wise man points at the moon, the fool looks at the finger.
Cryptography has a finger problem.
Privacy tech has long obsessed over complex protocols and key management, forgetting that most people just want simple, usable privacy. As a result, privacy tools feel intimidating and powerful, but too complicated for most.
Seed phrases. Hardware wallets. Encrypted backups of encrypted backups. We have built an entire liturgy around the sacred act of backing up a private key, and then we wonder why most people just leave their funds on Coinbase.
The moon was always the same thing: the ability to transact without being watched. The finger was the complexity we insisted was necessary to get there.
What if it wasn't?
You Are Already Doing It
Here is something worth noticing. Every time you unlock your phone with your face, you are performing a cryptographic operation more sophisticated than anything cypherpunks dreamed of in the 1990s. A neural network maps the geometry of your face to a mathematical representation, compares it against an encrypted template stored in a secure enclave, and upon match, releases a private key that was generated the moment you first set up the device.
You don't think about any of this. You just look at the phone and it opens.
This is not a failure of understanding. This is the highest possible success of design. The best technology disappears. The best lock is the one you never notice locking. The best privacy is the kind that doesn't require you to become a privacy expert.
Passkeys are this idea, finally arriving at the right moment.
A passkey is a cryptographic credential that lives on your device, protected by your biometrics, synchronized across your devices by your operating system. When a website asks you to log in, your device performs a challenge-response protocol using a private key you never see, never back up, and never think about. Apple, Google, and Microsoft have already deployed the infrastructure. The ceremony is gone. What remains is the gesture: a glance, a fingerprint, a tap.
Now, what if that same gesture, the one you already use to check your email, could also unlock a private account on Ethereum?
The Key That Was Always There
The WebAuthn standard, the protocol underneath passkeys, has a quiet extension called PRF: Pseudo-Random Function. Most people building with passkeys don't know it exists. It does something remarkable.
When you authenticate with a passkey, the PRF extension allows the relying party (the app) to pass a salt value to the authenticator. The authenticator combines this salt with the credential's internal secret and returns 32 bytes of deterministic output. The same credential, the same salt, the same 32 bytes. Every time.
These bytes never touch a server. They exist only in the moment of authentication, in the space between your fingerprint and the browser. They are derived from a key that is, by design, unexportable. No API can read it. No malware can copy it. It lives in silicon, behind biometrics, synchronized by the platform's own encrypted infrastructure.
This is not a password. It is not a seed phrase. It is a secret that only exists when you are present.
Platus uses this secret as the root of everything.
From One Root, Many Branches
A single 32-byte PRF output is strong enough, 256 bits of entropy, to derive every key a private account needs. But using it directly for multiple purposes would be like using your house key to also start your car: technically possible, dangerous in practice. So we branch.
Using HKDF, a standard key derivation function, Platus derives purpose-specific keys from the PRF output:
Spending key. The private scalar on the Baby Jubjub curve that authorizes transactions. This is the input to every zero-knowledge proof you generate. It never leaves your browser. It cannot leave your browser, because the ZK circuit requires it as a private input, and the proof is computed locally.
Viewing key. Derived from the spending key's public counterpart. Allows the account to scan the chain for incoming notes without exposing the ability to spend them.
Store key. An AES-GCM key that encrypts the local cache of your account state: your notes, your nullifiers, your merkle witnesses. If someone steals your laptop, they get ciphertext.
Post-quantum key. A seed for ML-KEM-1024 key generation, so that notes sent to you are encrypted against both classical and quantum adversaries.
All of this from a single biometric authentication. You touched your fingerprint sensor once. The rest is mathematics.
The Paradox of Effortless Security
The backwards law describes a simple paradox: the more you chase something, the more it slips away. Try too hard to fall asleep and you stay awake. Try to be spontaneous and you end up overthinking every move.
Security has suffered from this paradox for its entire history. The harder we try to make systems secure through user discipline, seed phrase management, hardware wallet rituals, operational security guides, the more we guarantee that most people will simply not bother. Perfect security that nobody uses protects nobody.
Instead of demanding that users rise to the level of the cryptography, bring the cryptography down to the level of the user. Not by weakening it, but by hiding it so completely that it becomes invisible.
A passkey-encrypted account is not less secure than a seed-phrase-based wallet. It is more secure, precisely because it asks nothing of you. The private key material is hardware-bound, biometric-gated, and platform-synchronized. You cannot write it on a sticky note because it doesn't exist in a form you can write down. You cannot reuse it across sites because it's origin-bound. You cannot leak it in a phishing attack because the authenticator checks the origin before responding.
The most secure key is the one you never hold.
What It Feels Like
You visit Platus. You tap "Create Account." Your device asks for your fingerprint or face. You provide it.
That's it. You have a private account on Ethereum. You can receive funds that nobody else can see. You can send transactions that prove their validity without revealing their contents. You can do all of this from any device where your passkey is synchronized.
When you return tomorrow, you tap "Sign In." Same fingerprint. Same account. Same privacy. No twelve words. No browser extension. No gas tokens. Just you, proving you are you, and the mathematics handling the rest.
This is what onchain privacy should have always felt like. Not a bunker. Not a ritual. Not a separate, harder version of the internet that only cryptographers can navigate.
Just logging in.
Browser Support
| Platform | Supported Environments |
|---|---|
| macOS 15+ | Chrome, Safari, Firefox |
| iOS / iPadOS 18+ | Safari |
| Android | Chrome |
| Windows 11 | Compatible password managers |
| Linux | Compatible password managers |
As of early 2026, this covers over 95% of users on modern devices.
The Water Finds Its Way
"Water is fluid, soft, and yielding. But water will wear away rock, which is rigid and cannot yield."
The rigid approach to onchain privacy, the one that demands users manage keys, memorize phrases, and understand elliptic curves, has been wearing itself away for years. Every forgotten seed phrase is erosion. Every phishing attack is erosion. Every user who gives up and goes back to a centralized exchange is erosion.
The fluid approach is to accept that users will behave like users. They will lose things. They will choose convenience. They will not read the documentation. And then to build systems that are secure not despite this, but because of it.
Passkey-encrypted accounts are water. They flow through the infrastructure that already exists: the secure enclaves already in phones, the biometric sensors already on laptops, the cloud sync already running in the background. They don't ask users to change. They meet users exactly where they are.
And the privacy that results is not weaker for being effortless. It is stronger, because it actually gets used.