Key-Audit Chain (KAC): A Resilient and Reliable Key Management Framework for DID-Based Decentralized Environments

Key-Audit Chain (KAC): A Resilient and Reliable Key Management Framework for DID-Based Decentralized Environments

This paper proposes an integrated authentication framework to enhance trust, key security, and auditability in Self-Sovereign Identity (SSI) environments. Existing SSI systems face structural limitations: users must manage private keys directly, and there is a lack of mechanisms to verify the state...

Full description

Saved in:
Bibliographic Details
Main Authors: Jihwan Kim, Younho Lee, Daeseon Choi
Format: Article
Language:English
Published: IEEE 2025-01-01
Series:IEEE Access
Subjects:
Self-Sovereign Identity (SSI)
threshold signature
distributed identity (DID)
verifiable credential and verifiable presentation
Online Access:https://ieeexplore.ieee.org/document/11122458/
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:This paper proposes an integrated authentication framework to enhance trust, key security, and auditability in Self-Sovereign Identity (SSI) environments. Existing SSI systems face structural limitations: users must manage private keys directly, and there is a lack of mechanisms to verify the state of Verifiable Credentials (VCs) and trace the submission history of Verifiable Presentations (VPs). These gaps lead to difficulties in detecting forgery and ensuring authentication integrity. To address these challenges, this study introduces a FROST (Flexible Round-Optimized Schnorr Threshold Signature)-based threshold signature scheme combined with a Trusted Third Party (TTP) that performs key status verification and metadata auditing. The user wallet automatically queries the status of each selected VC via the issuer’s registry and excludes any revoked or expired credentials from VP generation. When a proof signature is created, related metadata such as signature hashes and device cluster IDs are submitted to the TTP for integrity checks and real-time anomaly detection. The proposed framework is implemented atop the WACI (Wallet and Credential Interaction) protocol and supports interoperability across decentralized systems. Experiments evaluated end-to-end processing time, audit logging performance, and key recovery efficiency. As a result, the system maintained high levels of security and trust while achieving an average response time of less than one second, demonstrating comparable or improved performance compared to related studies on recent SSI-based frameworks such as FutureDID, Kim et al.’s work, and Bisht et al’s work proving its suitability for practical deployment.
ISSN:2169-3536

Similar Items