boltlabs-inc / key-mgmt-spec

Formal specification for the key management project
MIT License
3 stars 2 forks source link

Lock Keeper Specification

This repository holds the current design specification for Lock Keeper, a human-centric digital asset management system.

Contents

Top-level

  1. README
  2. Design Philosophy and Threat Model
  3. Stakeholders and System Goals
  4. Development Notes
  5. System Architecture
  6. System Functionality
  7. Where to Find Code
  8. Contributing
  9. Glossary

This page

  1. Contents
  2. Problem Statement
  3. Repository Overview

Problem Statement

Humans need to own and control digital assets; doing so securely requires humans to leverage cryptographic key management in order to generate, store, retrieve, and use arbitrary secrets, or keys, associated with these digital assets, while preventing key theft and key misuse.

In practice, a person’s experience of their digital asset portfolio is often mediated by an organization, or Service Provider (SP). The service provider provides an asset manager to its community members. The asset manager is a specialized key management system that helps people manage and use the secret keys corresponding to their digital assets.

A key point is that the asset manager must meet the needs of both community members and the service provider. The service provider might itself be composed of several entities offering a variety of services and utilities, each with their own set of goals and requirements with respect to how digital assets are created and handled. In order to meet compliance and regulatory frameworks, service providers are particularly concerned with the processes that approve, sign, and transmit transactions (i.e., messages that move assets) on behalf of users. The needs of these various actors sometimes conflict, and a challenge of design in this space includes identifying and selecting the tradeoffs that achieve a balanced, beneficial system for all stakeholders.

We plan to build the core key management technology for a digital asset management system (DAMS), which we call Lock Keeper. We stress that this design does not encompass the full details of a digital asset manager, although we do include a wallet application proof of concept (PoC) for reference. Lock Keeper can be used by a Service Provider to create a feature-complete digital asset manager.

We focus on:

Repository Overview

Goals

We are designing and building Lock Keeper iteratively, so this specification is meant to be a single point of truth for our current development phase.

At a high level, we want to capture information that helps developers and the public understand the properties of our digital asset management system, as well as a formal specification of the underlying cryptographic protocols used.

Expected Audience

We want this repository to be a helpful reference for the following groups:

In Scope

Here is a working list of what should be included in this repository:

Out of Scope

We do not attempt to capture granular, non-cryptographic implementation and software architecture decisions. This type of development decision should be documented clearly in Lock Keeper.

Contributing

Please see this page for guidelines.