Distributed Key Management System
Glossary
Term DefinitionsClient SDKClient libraries used by mobile and web applications to connect end users to the network. SDKs can sign requests and verify responses without relying on trusted nodes.Public API microservices that expose all public web APIs to clients (e.g. REST or JSON-RPC). Provides endpoints that handle all end-user transactions and queries.Gossip protocol microservices that provide efficient one-to-many and one-to-one communication between nodes in the network.Cryptography ServicesLibraries and services that provide low-level cryptographic routines and services such as signing, hashing, and encryption. Has native and non-native fallbacks.Secure StorageLibraries and services that store keys such as private keys in a secure manner. Uses HSMs when used, relying on dedicated hardware and tamper-resistant chassis.System Parameters and GovernanceHolds infrastructure configuration parameters and handles updates and configuration.Virtual Machines (Compute)Holds microservices for transaction and smart contract execution, serving all virtual chains.The compute layer holds transient state for non-final execution and sidechain data. Processor A set of microservices that provide the actual runtime environment required to execute smart contracts in various languages (EVM, Python, Java, JavaScript, etc.). Raw Storage A layer responsible for storing and retrieving raw data on local machines. Sidechain Connectors A set of microservices that provide cross-chain interoperability with third-party blockchains (such as Ethereum). Provides access under third-party consensus. Clock Synchronization A microservice responsible for synchronizing clocks between different machines, nodes, and services. Provides a consistent reference system for absolute time. Consensus A microservice instantiated by each virtual chain, responsible for reaching agreement between nodes on the order of transactions and their validity. Implements the consensus algorithm. Consists of the following sublayers: Ordering, Validation, Transaction Pool. State Storage A microservice instantiated by each virtual chain, saving mutable and immutable states that have reached consensus. Manages efficient caching, sharding, and redundancy of state data. Accessed by virtual machines and public APIs. Block Storage A microservice instantiated by each virtual chain, saving a long-term log of deltas of all previously closed blocks. Manages efficient sharding and redundancy of block data. Used to generate and verify state. Multiple parallel instances of a virtual blockchain consensus, state, and storage layers; providing the illusion of independent, dedicated blockchains in a shared physical node environment. Elastic Capacity An architecture that is able to scale different types of resources independently based on actual network needs. Distributed Ledger Security Sharing The burden of securing the ledger is shared between multiple independent entities, making distributed ledger implementations easier to secure. Censorship and Front-Ending The act of miners manipulating the blockchain for financial gain. Opaque Pre-Consensus Transactions A mechanism that allows clients to submit transactions to the network without knowing what the transaction is about. Network-Possessed Keys A cryptographic protocol that allows shared keys to be securely held in a decentralized network. Cross-Chain Contracts A smart contract running on top of a public platform that is configured to read data from other blockchains in a secure and reliable manner. User Authentication The process by which a user proves their identity by providing a set of weak keys (e.g., PINs, passwords, etc.). Decentralized Key Possession The ability to securely store and use keys (e.g., key encryption keys) across multiple nodes in a decentralized network. Authentication Protocol A protocol that defines a series of steps to verify a user's identity. Key Sharing A technique for splitting a key into multiple parts, each held by a different participant. Threshold encryption A form of encryption where a ciphertext can only be decrypted if a certain number of decryption shares exist.
Short Answer Question
Describe the functionality of the Client SDK and how it improves security.
The Client SDK is a software development kit that allows mobile and web applications to interact with a decentralized network. It enhances security by allowing applications to sign requests and verify responses without relying on trusted nodes. This means that even if one node in the network is compromised, the entire system remains secure.
Explain the concept of virtual blockchains and their advantages in decentralized applications.
Virtual blockchains are multiple parallel blockchain instances built on top of a shared physical node environment that provide the illusion of running on a dedicated blockchain. This approach allows for better resource utilization, scalability, and customized support for different applications while maintaining isolation between different virtual chains.
How does decentralized ledger security sharing improve the security of decentralized platforms?
In decentralized ledger security sharing, no single entity controls the entire ledger. Instead, security responsibilities are distributed among multiple independent nodes. This approach eliminates single points of failure and makes it more difficult for malicious actors to compromise the system because they need to control a majority of nodes to control the ledger.
What challenges do opaque pre-consensus transactions solve and how do they work?
Opaque pre-consensus transactions enhance privacy and security by allowing clients to submit transactions to the network without knowing their contents. This is achieved through the use of cryptography, which allows transactions to be verified and added to the blockchain without revealing the underlying data.
How network-owned keys work in a decentralized environment and provide a use case.
Network-owned keys is a cryptographic protocol that allows a decentralized network as a whole to securely hold and use keys without any single node possessing the full key. This is achieved through the use of threshold cryptography, which requires multiple nodes to cooperate to perform any cryptographic operation. Use cases include signing blockchain states or executing transactions on behalf of smart contracts using network-owned keys, eliminating the need for a trusted third party.
Discuss cross-chain contracts and their significance in decentralized application development.
Cross-chain contracts are smart contracts that can interact with multiple blockchains. They act as a bridge between different blockchains, allowing for the development of more complex and interconnected decentralized applications. For example, cross-chain contracts can be used to read data from another blockchain, such as Ethereum, allowing for the development of applications that rely on data from multiple blockchains.
Explain why traditional user authentication methods, such as passwords, may not be sufficient in decentralized applications.
Traditional user authentication methods, such as passwords, may not be secure enough in decentralized applications because they are vulnerable to phishing attacks and key logging attacks. In a decentralized environment, there is no central authority that can help recover lost or stolen passwords, which makes users more vulnerable to attacks.
Describe how decentralized key holding enhances security on decentralized platforms.
Decentralized key holding enhances security by distributing keys among multiple nodes so that no single node possesses the entire key. This approach eliminates single points of failure and makes it more difficult for attackers to compromise the system because they would need to control multiple nodes to gain access to the keys.
What is the purpose of authentication protocols in the context of decentralized key management systems?
Authentication protocols define a series of steps for how users prove their identity in a decentralized key management system. These protocols ensure that only authorized users can access and use the keys associated with their identities.
Explain the role of key sharing in decentralized authentication and key management.
Key sharing is a technique for splitting a key into multiple parts, each held by a different participant. The original key can then be reconstructed by combining a sufficient number of shares. This approach eliminates single points of failure and makes it harder for attackers to compromise the system because they would need to obtain all shares to reconstruct the key.