3A/ DKMS = Decentralized Key Management System

From IIW


Wednesday 3A

Convener: Drummond Reed

Notes-taker(s): Jin Wen

Tags for the session - technology discussed/ideas considered:

DID, DDOS, DKMS, Decentralized Key Management System

Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:

Note: this is an effort of DHS contract

Source: https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust-spring2017

Checklist for the DKMS, please use NIST 800-130 -- a spec on how to write the spec.


Distributed Ledger is used here

Different types of keys:

·         ?

·         ?

·             Revoke Rotate Replace, Recovery



  • the ability for individual to control the key, including recover the key -- the key 

Recovery methods:

  • Smart Contract for social recovery
  • Recursive Recovery w/ smart contracts
  • Biometric recovery
  • Key escrow services
  • Key recovery networks
  • Hybrid / Multiple approach

HD Key

Master key and 

Potential implementation:

Smart Contracts in BlockChain 

  • allow Access Control
  • does not require master key and secrets


Additional notes from Colin Jaccino:

DIDs - a community-produced spec sponsored by DHS.

Neal John is program manager

Distributed Key Management System

How are we going to manage the keys for the distributed identifiers?  

How do we do this in a privacy-respecting manner.

Sovran anticipates managing thousands of DIDs for an individual.

Defining DID is the tip of the iceberg.  Management of these will be a tougher challenge.

Additional notes by Drummond Reed

Did decentralized identifiers sponsored by home land security (stir grant)

Rebooting web of trust may

Did family of specification

New identifier for web

1 did:method name(e.i div: 22 char identifier (method specific identifier)

2 ledger

method -identifier

-crud operation


Individuals could have thousands of key pairs

Master secret not a credential

DKMS decentralized key management ( develop

NIST 800-130 spec to for writing key management spec

-Generate keys

- Key distribution :trust establishment ( mainly asymmetric keys

-Types of Keys

- revoke/ rotate/ replace keys (change)

- recovery


Promise is in individuals controlling their keys

Master key can generate pki

Using seed with master key

New key pair for each transaction in bitcoin

How does IOT an owner would be a Guardian for IOT

Ethereum -smart contract representing an identity allows using the contract to do key management

Recovery Methods

- Smart Contract for Social Recovery (Uport recovery)

- Recursive recovery w smart contracts

- - TCS is implementing

- Biometric recovery

- Key escrow services

- Key recovery networks

- Hybrid/multiple

- Hardware recovery token

Resilience w/key recovery

Compromise & Monitoring

Fraud detection