10 Decentralized key management

 

by Dr. Sam Smith

Chapter 9 covered the overall topic of SSI digital wallets and agents. However the function at the very core of digital wallets—cryptographic key management—is deep enough to merit its own chapter. Although thousands of papers and dozens of books have been written on the subject of key management, for this chapter on decentralized key management we called on Dr. Sam Smith, who is not only one of the most prolific thinkers and authors in SSI, but the inventor of Key Event Receipt Infrastructure (KERI), covered in the final section of this chapter. Sam received his Ph.D. in Electrical and Computer Engineering from Brigham Young University in 1991, spent 10 years at Florida Atlantic University reaching full professor status, then retired to become a full-time entrepreneur and strategic consultant. He has over 100 refereed publications in the areas of machine learning, AI, autonomous vehicle systems, automated reasoning, blockchains, and decentralized systems.

Chapter 9 began with this overarching definition of digital wallets:

A digital wallet consists of software (and optionally hardware) that enables the controller of the wallet to generate, store, manage, and protect cryptographic keys, secrets, and other sensitive private data.

We followed that by saying that a digital wallet is the nexus of control for every actor in SSI. The essence of that control is key management. As the Wikipedia article on the subject states:[1]

10.1    Why any form of digital key management is hard

 

10.2    Standards and best practices for conventional key management

 
 
 
 

10.3    The starting point for key management architecture: roots of trust

 
 

10.4    The special challenges of decentralized key management

 

10.5    The new tools VCs, DIDs, and SSI bring to decentralized key management

 
 
 

10.5.1    #1: Separating identity verification from public key verification

 
 
 

10.5.2    #2: Using VCs for proof of identity

 
 
 

10.5.3    #3: Automatic key rotation

 

10.5.4    #4: Automatic encrypted backup with both offline and social recovery methods

 
 

10.5.5    #5: Digital guardianship

 

10.6    Key management with ledger-based DID methods (algorithmic roots of trust)

 

10.7    Key management with peer-based DID methods (self-certifying roots of trust)

 
 
 
 

10.8    Fully autonomous decentralized key management with Key Event Receipt Infrastructure (KERI)

 
 

10.8.1    #1: Self-certifying identifiers as a root of trust

 
 
 

10.8.2    #2: Self-certifying key event logs

 
 
 
 

10.8.3    #3: Witnesses for key event logs

 
 

10.8.4    #4: Pre-rotation as simple, safe, scalable protection against key compromise

 
 
 

10.8.5    #5: System-independent validation (“ambient verifiability”)

 
 
 
 

10.8.6    #6: Delegated self-certifying identifiers for enterprise-class key management

 
 
 

10.8.7    #7: Compatibility with the GDPR “right to be forgotten”

 

10.8.8    KERI standardization and the KERI DID Method

 
 
 

10.9    Summary

 
 
sitemap

Unable to load book!

The book could not be loaded.

(try again in a couple of minutes)

manning.com homepage
test yourself with a liveTest