Decentralised Key Management System
Self-certifying identifiers
Identifiers emerge as a result of conducting a derivation of the key pair public key, that is then injected into one way hash function.
Manageable identifiers
Identifier digest is bound to the provenance log that establishes append only evidence of changes.
Pre-rotation mechanism
Provenance log characteristics that cryptographically guarantees the ability to change the key pair to next one, declared on identifier inception.
Delegation mechanism
Ability to create identifiers that are in parent-child relationship.
Multi signature mechanism
Ability to expect minimum amount of digital signatures defined by treshold.
NIST compliance
Only fundamental cryptographic primitives are used for one way hash functions and public key cryptography. No next-generation-crypto primitives are present, although it is perfectly fine to employ them.
Post Quantum resistance
Even though modern public-private key pair generation functions are not resistant to Shor's algorithm, this is not a concern for an Identifier event log. Each declared rotation key in the event log passes through a one-way hash function. Since one-way hash functions are not easily reversible, even when using Quantum computers, reversing the private key from its public key digest is, in essence, no different from similar mechanisms used in non-quantum computers.
Cryptographic agility
A safety measure to act prematurely, when given cryptographic algorithm becomes compromised.
Truly interoperable solution
Identifiers of an individual are not bound to any particular system, platform, network, or technology. Instead, each individual decides where to anchor their event log.