Quest For The Mnemon Seed

From IIW

Quest for the Mnemon Seed: The Three R's of Key Management: Reproduction, Rotation, Recovery


Wednesday 3A

Convener: Samuel M. Smith

Notes-taker(s): Samuel M. Smith


Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:


See slide deck https://drive.google.com/open?id=0B_luqCyRPBXjSUJSLVB0UVdwM3dVTGdmRFlPV1JNbWlKTmlJ


This session discusses a new class of data called *decentralized autonomic data* (DAD). The term *decentralized* means that the governance of the data may not reside with a single party. A related concept is that the trust in the data provenance is diffuse in nature. Central to the approach is leveraging the emerging [*DID*](https://w3c-ccg.github.io/did-spec/) (decentralized identifier) standard. The term *autonomic* means self-managing or self-regulating. In the context of data, we crystalize the meaning of self-managing to include cryptographic techniques for maintaining data provenance that make the data self-identifying, self-certifying, and self-securing. Implied thereby is the use of cryptographic keys and signatures to provide a root of trust for data integrity and to maintain that trust over transformation of that data, e.g. provenance. Thus key management must be a first order property of DADs. This includes key reproduction, rotation, and recovery. The pre-rotation and hybrid recovery methods presented therein are somewhat novel.


The motivating use of DAD is to provide provenance for streaming data that is generated and processed in a distributed

manner with decentralized governance. Streaming data are typically measurements that are collected and aggregated to form higher level constructs. Applications include analytics and instrumentation of distributed web or internet of things (IoT) applications. Of particular interest is the use of DADs in self-sovereign reputation systems. A DAD seeks to maintain a provenance chain for data undergoing various processing stages that follows diffuse trust security principles including signed at rest and in motion.


Streaming data applications may impose significant performance demands on the processing of the associated data. Consequently one major goal is to use efficient mechanisms for providing the autonomic properties. This means finding minimally sufficient means for managing keys and cryptographic integrity.


Importantly this session describes detailed descriptions of the minimally sufficient means for key reproduction, rotation, and recovery for DID leveraged DADS.

More detail can be found in the RWOT Spring 2018 Paper in file DecentralizedAutonomicData.md at https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust-spring2018/tree/master/final-documents