Generation of a cryptographic key is deterministically derived from client data of which a client computer proves knowledge in order to obtain the key. A client computer provides client data and is adapted to define a vector, having a plurality of data blocks with indices, corresponding to the client data. The client computer is further adapted to generate a first non-hiding vector commitment and a second hiding vector commitment, to the vector, and to generate a third commitment to the first commitment. The client computer sends the second and third commitments to the key server, and provides to the key server a first proof of knowledge, for a subset of the indices, of the corresponding data blocks of the vector in the second and third commitments. The key server stores a secret server key and is adapted to engage with the client computer in a key-generation protocol.