A Comprehensive Survey of Cryptography Key Management in Decentralized Identity Ecosystem
摘要
Decentralized Identifiers (DIDs) empower individuals to manage identities independently, without relying on centralized authorities. A crucial aspect of DIDs is cryptographic key management, where key rotation ensures security and trust by mitigating risks like key compromise, expiration, and cryptographic weaknesses. This paper examines key rotation mechanisms in decentralized identity systems, addressing security, trust, usability, interoperability, and governance. It introduces a generalized key rotation framework applicable to various DID methods, covering key generation, DID document updates, authentication, propagation, verification, revocation, and history management. The study compares key rotation approaches in ledger-based, web-based, and event-based DID methods, highlighting their strengths and limitations. Additionally, it explores revocation mechanisms to prevent unauthorized key reuse and maintain system integrity. The findings emphasize the need for standardized, automated key rotation frameworks to enhance security, interoperability, and resilience in decentralized identity ecosystems.