Cryptographic Secret Recovery: Difference between revisions
No edit summary |
|||
Line 5: | Line 5: | ||
==Problems== | ==Problems== | ||
By definition, in a decentralized identity system, there is no centralized service to provide an “I forgot my password” button. | By definition, in a decentralized identity system, there is no centralized service to provide an “I forgot my password” button. | ||
That is the starting condition. It is certainly possible to build safeguards and recovery mechanisms into a decentralized identity system. | That is the starting condition. It is certainly possible to build safeguards and recovery mechanisms into a decentralized identity system. | ||
==Solutions== | ==Solutions== | ||
===Decentralized Identifiers Foundation=== | ===Decentralized Identifiers Foundation=== |
Revision as of 19:17, 28 May 2020
Full Title
Context
Any good Identity Management architecture must address key management. The whole point of any Public Key Infrastructure is that individuals, organizations, and things create and manage their own cryptographic keys without reliance on a central authority or intermediary. But as we know, with great power comes great responsibility — in this case, while we have the power to wield private keys that control DIDs, we can also lose everything connected to those DIDs if we can’t retain and secure them.
Problems
By definition, in a decentralized identity system, there is no centralized service to provide an “I forgot my password” button. That is the starting condition. It is certainly possible to build safeguards and recovery mechanisms into a decentralized identity system.
Solutions
Decentralized Identifiers Foundation
The DIF Identifiers & Discovery Working Group has announced an open call for contributions and development of new secret recovery schemes, and implementations. To kick off work in this area, Microsoft, a member of the DIF I&D WG, will be contributing a scheme called ‘Fuzzy Vault,’ which incorporates many desirable, human-friendly features into a single recovery scheme. Daniel Buchner of Microsoft will be posting soon to detail their contribution to the ‘Fuzzy Vault’ scheme to this DIF I&D WG initiative. The whitepaper for the ‘Fuzzy Vault’ scheme will be published in this DIF repository: https://github.com/decentralized-identity/fuzzy-vault. The code implementation and any specifications required for ‘Fuzzy Vault’ will be developed within the DIF I&D WG.
Another approach DIF participants have worked on is a mnemonic scheme encoded as a 3D experience, called Seed Quest. This scheme uses geo-temporal-spatial inputs, which are more human-friendly than traditional word inputs. The scheme provides 128 bits of entropy for seed recovery with a mnemonic sequence that requires minimal rehearsal: https://github.com/reputage/seedQuest. DIF members have recently discussed ways to combine these schemes to maximize UX and recoverability.
These two efforts are just the beginning of DIF’s work in the area of secret retention and recovery. We encourage everyone to contribute their ideas, code, and insights to this vital work. For more information about participating in this new initiative, and the DIF I&D WG in general, view its Meeting Page, read the group’s Charter, and join DIF!
References
- DIF I&D WG: Starting work on a cryptographic secret recovery by Markus Sabadello.