diff --git a/services/identity/src/config.rs b/services/identity/src/config.rs
--- a/services/identity/src/config.rs
+++ b/services/identity/src/config.rs
@@ -1,9 +1,9 @@
 use opaque_ke::{errors::PakeError, keypair::Key};
 use std::{env, fs, io, path::Path};
 
-#[derive(Default, Debug)]
+#[derive(Debug)]
 pub struct Config {
-  server_secret_key: Option<Key>,
+  pub server_secret_key: Key,
 }
 
 impl Config {
@@ -14,7 +14,7 @@
     path.set_extension("txt");
     let key = get_key_from_file(path)?;
     Ok(Self {
-      server_secret_key: Some(key),
+      server_secret_key: key,
     })
   }
 }
diff --git a/services/identity/src/service.rs b/services/identity/src/service.rs
--- a/services/identity/src/service.rs
+++ b/services/identity/src/service.rs
@@ -1,15 +1,21 @@
 use futures_core::Stream;
+use opaque_ke::{
+  errors::ProtocolError, RegistrationRequest as PakeRegistrationRequest,
+  ServerRegistration,
+};
+use rand::{CryptoRng, Rng};
 use std::pin::Pin;
+use tokio::sync::mpsc::{error::SendError, Sender};
 use tonic::{Request, Response, Status};
 
-use crate::config::Config;
-use crate::database::DatabaseClient;
+use crate::{config::Config, database::DatabaseClient, opaque::Cipher};
 
 pub use proto::identity_service_server::IdentityServiceServer;
 use proto::{
-  identity_service_server::IdentityService, LoginRequest, LoginResponse,
-  RegistrationRequest, RegistrationResponse, VerifyUserTokenRequest,
-  VerifyUserTokenResponse,
+  identity_service_server::IdentityService,
+  registration_response::Data::PakeRegistrationResponse, LoginRequest,
+  LoginResponse, RegistrationRequest, RegistrationResponse,
+  VerifyUserTokenRequest, VerifyUserTokenResponse,
 };
 
 mod proto {
@@ -57,3 +63,37 @@
     unimplemented!()
   }
 }
+
+impl MyIdentityService {
+  async fn pake_registration_start(
+    &self,
+    pake_registration_request: Vec<u8>,
+    rng: &mut (impl Rng + CryptoRng),
+    tx: Sender<Result<RegistrationResponse, Status>>,
+  ) -> Result<(), Error> {
+    let server_registration_start_result = ServerRegistration::<Cipher>::start(
+      rng,
+      PakeRegistrationRequest::deserialize(&pake_registration_request)?,
+      &self.config.server_secret_key,
+    )
+    .map_err(Error::Pake)?;
+    tx.send(Ok(RegistrationResponse {
+      data: Some(PakeRegistrationResponse(
+        server_registration_start_result.message.serialize(),
+      )),
+    }))
+    .await
+    .map_err(Error::Channel)?;
+    Ok(())
+  }
+}
+
+#[derive(
+  Debug, derive_more::Display, derive_more::From, derive_more::Error,
+)]
+pub enum Error {
+  #[display(...)]
+  Pake(ProtocolError),
+  #[display(...)]
+  Channel(SendError<Result<RegistrationResponse, Status>>),
+}