69 lines
3.0 KiB
Markdown
69 lines
3.0 KiB
Markdown
# Introduction
|
|
|
|
Quorum Key Management (QKM) is an open source system of playbooks and
|
|
tooling which facilitates the creation and maintenance of highly resilient
|
|
Quorum-based Key Management Systems based on a strict [threat model](threat-model.md)
|
|
which can be used for a variety of different cryptographic algorithms. The
|
|
system was designed and developed by [Distrust](https://distrust.co), with the
|
|
generous support of the following sponsors: TODO.
|
|
|
|
The basic premise of QKM is that primary cryptographic material akin to a root
|
|
certificate, called Root Entropy, is derived during a secure key derivation
|
|
ceremony, and then used to derive chosen cryptographic material via different
|
|
algorithms such as PGP keys, digital asset wallets, web certificates and more.
|
|
The system was designed with extensibility in mind.
|
|
|
|
The Root Entropy is sharded using [Shamir's Secret Sharing](glossary.md#shamirs-secret-sharing-sss) to a [Quorum](glossary.md#quorum) in order to
|
|
protect it from single points of failure, requiring cooperation of multiple
|
|
individuals - a quorum, and use of cryptographic material stored in separate
|
|
physical locations with significant access controls in order to reconstruct the
|
|
secret material, namely the Root Entropy.
|
|
|
|
## Use Cases
|
|
|
|
QKM can be used for a wide range of use-cases which span but are not limited
|
|
to:
|
|
|
|
* Deriving a PGP key pair whose public key can be used as a "one-way deposit
|
|
box" - for example a company can back up keys for their digital asset wallets by
|
|
encrypting them to the public key and storing the encrypted ciphertext blobs on
|
|
multiple cloud storage platforms, or on offline hard drives for redundancy.
|
|
|
|
* Deriving PGP keys for multiple individual users in a deterministic manner.
|
|
|
|
* Deriving wallets for digital assets using BIP-0032 style derivation as part of
|
|
a cold signing setup.
|
|
|
|
* Decrypting data in a secure, quorum protected, air-gapped environment.
|
|
|
|
* Generating digital certificates
|
|
|
|
## Playbooks
|
|
|
|
QKM can be set up by using a set of highly opinionated playbooks which outline
|
|
the process. The documentation should be read in its entirety by all
|
|
participants in the ceremony in order to ensure that the system is well
|
|
understood by all in order to ensure that the integrity of the process is
|
|
preserved and enforced by all participants.
|
|
|
|
## Directives
|
|
|
|
The documentation provides directives in order to specify the importance of
|
|
adhering to parts of the specification as follows to achieve high levels of
|
|
security:
|
|
|
|
* **MUST** - not adhering to this will result in significant deterioration of
|
|
security properties of the system
|
|
|
|
* **SHOULD** - is recommended and may impact the security of the system
|
|
depending on the context
|
|
|
|
* **MAY** - is typically a design decision with no significant impact to the
|
|
overall security of the system
|
|
|
|
## Method
|
|
|
|
The reader is encouraged to read through the entire body of documents which
|
|
should not take more than 30 minutes. If any parts are unclear, they may contact
|
|
Distrust for clarification, which is welcomed as it will aid improving the
|
|
documentation. |