Ternoa Fortress: DKMS (Intro)

Ternoa Fortress is the first-of-a-kind flexible decentralized infrastructure that can host any confidential computing application. For a Decentralized Key Management System, Fortress in addition to expected security, the confidentiality of storage/retrieval of keys without any central authority or master key, provides a set of unique management features like Asynchronous Noninteractive Key Transfer, Interoperability between applications, and Resilience.

Introduction

Ternoa Fortress infrastructure co-evolved with the Ternoa Secret-NFT solution. Fortress is an off-chain and chain-agnostic decentralized protocol based on the Trusted Execution Environment (TEE) technology while Secret-NFT is a radical approach for adding confidentiality to regular NFTs respecting transferability and transparent flexible ownership. Secret-NFT technology at its core is a Decentralized Key Management System (DKMS) where in Ternoa it is backed by tens of cryptographic layers called Fortress. In this article, we explain the design decisions and implementation details of these two products.

Figure 1: Key Components of Ternoa Blockchain

Trusted Execution Environment (TEE)

Secure-hardware cryptography has always been the ultimate level of security, especially for financial and military-grade applications, because modern cryptography is based on mathematical algorithms that will eventually be executed in hardware, either conventional electronic CPU, GPU, FPGA, ASIC, or unconventional Quantum, Optical, Neuromorphic and biological computers. They all follow the same concept of computation known as the Turing machine. Computation inside the Turing machine hardware, in the hands of experts, can be manipulated, so we need verifiable computation at the micro level (proof system), and a fault-tolerant system at the macro level (state replication, error correction). Moreover, there are methods to eavesdrop on the running computation in hardware, in that case, we need to secure the processing and storage inside the hardware. Normally it has been done in expensive special-purpose microchips and secure modules like SRAM-based PUF, HSM, and TPM.

Recently main CPU manufacturers started a new line of powerful general-purpose processors as Trusted Execution Environment (TEE) which are both computationally impenetrable and verifiable. TEEs promise integrity (the program being run is exactly the one specified by the user) and confidentiality (the data processed by the program is not leaked outside of the enclave) against an actively malicious adversary with control over the operating system.

In the next article, we will investigate these processors' security measures and known vulnerabilities, and then show that TEE will be the best secure processing technology for the next decade.

Decentralized Key Management System (DKMS)

A decentralized key management system (DKMS) leverages cryptographic primitives and distributed ledger technology (DLT) to establish a trustless environment for managing cryptographic keys. Unlike centralized systems with a single point of control (below Image from Google Cloud), DKMS employs a distributed network of nodes to perform key/randomness generation, protection, storage, exchange, replacement, and use through decentralized cryptographic mechanisms. This paradigm offers enhanced security by eliminating a central point of vulnerability. It ensures resilience through Byzantine Fault Tolerance (BFT) protocols, allowing the system to function even in the presence of malicious actors. Furthermore, DKMS fosters transparency through immutable audit trails recorded on the DLT, providing users with a verifiable and tamper-proof record of all key management operations.

Figure 2: Centralized KMS (Image Source: Google Cloud Document)

In Ternoa DKMS there is no root master key (Figure 2), whereas each TEE hardware is the key because nobody has access to it. Whenever data is encrypted by a data encryption key (DEK), it gets encrypted with the Key encryption key (KEK). The master key normally is used to encrypt a set of KEKs. In Ternoa for more security and forward secrecy, every key is temporary and partially accessible. To have a better vision, Ternoa KMS works like a very secure hardware wallet, but instead of putting it in a safe box, it is partitioned into smaller hardware wallets every one of which contains part of the data, moreover, these partial hardware wallets are replicable, if one of them lost we can still recover from other replicas. Additionally, key rotation happens in all of them regularly, which means even if this partial data is stolen, it will be useless after a short time, and if it is disconnected/isolated/outdated for a long time, it will be slashed off the system.

Secret NFT

NFTs (Non-Fungible Tokens) have gained popularity as a way to represent ownership of unique digital assets. They are often associated with blockchain technology where ownership records are transparent and cannot be duplicated or forged. In the context of a network society, shared economy, and decentralized identities, NFTs play a role in redefining ownership and enabling partial, temporary, and delegated shared ownership of digital assets. This means that ownership of an NFT can be transferred or shared among multiple parties, and it can also include time-limited access rights.

As the world becomes more connected with autonomous AI-powered IoT devices, managing assets, including keys, becomes crucial. This implies that in addition to managing the ownership of digital assets through NFTs, effective key management methods should be considered to maintain security and control over these assets.

While NFTs use decentralized technology, DKMS refers to the secure storage and management of cryptographic keys in a decentralized manner. NFTs and DKMS are used together to enable secure and transparent ownership and transfer of digital assets. However, it’s important to note NFTs themselves are not a direct application of DKMS. Instead, DKMS can be utilized to enhance the security and privacy aspects of NFT ownership. DKMS can be used to add confidentiality to NFTs by enabling secure and private ownership of the NFT media content:

1. Generation of Keys: Each user generates a pair of cryptographic keys — a public key and a private key. The private key is kept secret and is used to sign transactions, while the public key is shared publicly.

2. Ownership Verification: When an NFT is created, its ownership is associated with the owner’s public key. This linkage is stored on the blockchain or decentralized ledger, making it publicly verifiable.

3. Confidential Transactions: The private key allows the owner to prove ownership and transfer the NFT without revealing their identity or sensitive information. The transfer can be cryptographically signed with the private key and broadcast to the network.

4. Decentralized Storage: The NFT’s metadata and ownership details can be stored decentrally, ensuring resilience and availability without relying on a single point of failure.

5. Extensibility: Each confidential NFT can contain another private key, source code, or NFT for more complex applications.

Figure 3: On-chain and Off-chain components of Ternoa Secret-NFT protocol

The rest of this series is an explanation of Ternoa’s answers to technical questions :

• How is each private key kept secret?
• How can the user manage many private keys for different applications?
• How do we have a confidential market for encrypted assets?
• How do we transfer a private key to the new owner?
• How to keep all the required non-functional qualities: Resilience, Connectivity, Flexibility, Backward secrecy, Forward secrecy, Collusion resistance, Efficiency, and Scalability?