Decentralized KMS

A decentralized key management system (DKMS) leverages cryptographic primitives and distributed ledger technology (DLT) to establish a trustless environment for managing cryptographic keys. Unlike centralized systems with a single point of control (below Image from Google Cloud), DKMS employs a distributed network of nodes to perform key/randomness generation, protection, storage, exchange, replacement, and use through decentralized cryptographic mechanisms. This paradigm offers enhanced security by eliminating a central point of vulnerability. It ensures resilience through Byzantine Fault Tolerance (BFT) protocols, allowing the system to function even in the presence of malicious actors. Furthermore, DKMS fosters transparency through immutable audit trails recorded on the DLT, providing users with a verifiable and tamper-proof record of all key management operations.

In Ternoa DKMS there is no root master key (Figure 2), whereas each TEE hardware is the key because nobody has access to it. Whenever data is encrypted by a data encryption key (DEK), it gets encrypted with the Key encryption key (KEK). The master key normally is used to encrypt a set of KEKs. In Ternoa for more security and forward secrecy, every key is temporary and partially accessible. To have a better vision, Ternoa KMS works like a very secure hardware wallet, but instead of putting it in a safe box, it is partitioned into smaller hardware wallets every one of which contains part of the data, moreover, these partial hardware wallets are replicable, if one of them lost we can still recover from other replicas. Additionally, key rotation happens in all of them regularly, which means even if this partial data is stolen, it will be useless after a short time, and if it is disconnected/isolated/outdated for a long time, it will be slashed off the system.