Decentralized Identifiers (DIDs) empower individuals to manage identities independently, without relying on centralized authorities. A crucial aspect of DIDs is cryptographic key management, where key rotation ensures security and trust by mitigating risks like key compromise, expiration, and cryptographic weaknesses. This paper examines key rotation mechanisms in decentralized identity systems, addressing security, trust, usability, interoperability, and governance. It introduces a generalized key rotation framework applicable to various DID methods, covering key generation, DID document updates, authentication, propagation, verification, revocation, and history management. The study compares key rotation approaches in ledger-based, web-based, and event-based DID methods, highlighting their strengths and limitations. Additionally, it explores revocation mechanisms to prevent unauthorized key reuse and maintain system integrity. The findings emphasize the need for standardized, automated key rotation frameworks to enhance security, interoperability, and resilience in decentralized identity ecosystems.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

A Comprehensive Survey of Cryptography Key Management in Decentralized Identity Ecosystem

  • Geun-Hyung Kim

摘要

Decentralized Identifiers (DIDs) empower individuals to manage identities independently, without relying on centralized authorities. A crucial aspect of DIDs is cryptographic key management, where key rotation ensures security and trust by mitigating risks like key compromise, expiration, and cryptographic weaknesses. This paper examines key rotation mechanisms in decentralized identity systems, addressing security, trust, usability, interoperability, and governance. It introduces a generalized key rotation framework applicable to various DID methods, covering key generation, DID document updates, authentication, propagation, verification, revocation, and history management. The study compares key rotation approaches in ledger-based, web-based, and event-based DID methods, highlighting their strengths and limitations. Additionally, it explores revocation mechanisms to prevent unauthorized key reuse and maintain system integrity. The findings emphasize the need for standardized, automated key rotation frameworks to enhance security, interoperability, and resilience in decentralized identity ecosystems.