Secrets are fundamental in software development. You need to control the who, what, where and when of how sensitive data is managed. This is true for the largest corporations and smallest startups. If your data is compromised, shortly your enterprise will be too. As Gandalf barks in fear to Frodo, ‘keep it secret, keep it safe!’. The alternative is not worth thinking about.
Traditionally, secrets are managed centrally. Services like AWS KMS, Vault and HashiCorp act as custodian and distribute secrets on demand. That may be all well and good for old-school enterprises operating under strict hierarchical structures. Yet as consciousness around power and the vitality of the decentralized web emerges, developers seek better control of their infrastructure. Refashioning secret management methods to enshrine these principles of decentralization at every step is essential.
The new internet needs new architectures that support the growth of the decentralized web. If you’re a dApp developer whose application relies on centralized database systems and secret management for your app to function - then your dApp isn’t really decentralized at all. You’ve merely parked the problem somewhere else, and the attack vectors, exploits, and custodial abrogation remain the same.
Many developers building dApps know and are pained by this already, but there aren’t effective solutions. For now, compromises are made - because they have to be.
Through Source Network, those compromises are finally banished. The Orbis Secrets Management Engine creates a framework that upholds decentralized principles at every step. It creates a robust, fully distributed secrets management system that - in conjunction with DefraDB - provides the scaffolding for applications to exist in a purely decentralized manner, thus birthing the open, free, permissionless internet, and casting the Sauronic powers of centralization into the fires.
How does it work? The backend may be complex, but the frontend is efficient and user-friendly.
How the Orbis Secrets Management Engine Works
Through Orbis, any group of actors create Secret Rings. This group of actors works in a similar way as a group using threshold signatures to protect, for example, a blockchain bridge. No single actor knows the whole key, and a threshold of signatures is required to process transactions or, in this case, share secrets. Actors can be anyone: developers, infrastructure providers, government institutions. Anyone who needs to work together and share data to deliver their services or product.
Once a Secret Ring is defined, nodes collaboratively generate a shared keypair via a DKG (Distributed Key Generation) algorithm which is maintained by a PSS (Proactive Secret Sharing) algorithm. DKG is how each node in a Secret Ring only knows a ‘part’ of the key.
PSS is a protective auxiliary algorithm that continuously updates how the keys are cut. Over time, decentralized keys generated through DKG become increasingly vulnerable to attack. You can’t trust anyone forever. The PSS algorithm regularly recuts each individual’s key, without changing the nature of the lock, whilst reaffirming their right to possess it.
In this way, if previously trusted actors leave the Secret Ring and become ill-willed Nazguls, they cannot undermine it through collusion. Moreover, PSS means who and who isn’t in the Secret Ring can be dynamically redefined over time - which is essential for all actors as operations grow and who or what can access the secret changes over time.
This rotating protection is further abstracted through another layer of protection, PRE (Proxy Re-Encryption). When the Orbis Engine receives a request to access a stored secret, it doesn’t just blurt it out directly, but instead re-encrypts the plaintext data behind a secondary cipher. This cipher can only be encoded when everyone in the Secret Ring agrees to encode it. This means that should the threshold be met, the secrets can be safely transferred to the intended recipient, without even the secret ring operators accessing the plaintext.
In Orbis, Secret Ring nodes are required to be always on to ensure the sanctity of the underlying data. Secret Rings are Byzantine Fault Tolerant though so that, should nodes go offline, the Secret Ring itself still functions, and ongoing secret-access remains viable. Access to secrets among teams is defined through policy authentication, as in traditional management systems.
The difference is, in Source Network, policies are managed by the SourceHub - a further decentralization layer that ensures access-control is distributed in a decentralized manner. When we said our system is decentralized at every step of the way - we meant it. When users create secrets, they attach policies. Policies connect to our Relationship-Based Access Control system which utilizes Distributed Identifiers (DIDs) and verifiable cryptography to ensure guaranteed access to secrets.
DIDs are useful because, in the case of multi-device access (essential for fast, efficient access systems), multiple keypairs can sign for a single DID. Efficiency is further compounded through our Zero Knowledge Key Management System (ZK-KMS). Laboriously storing, managing, and using private keys to gain access to secrets creates operational drag that is detrimental to global adoption of decentralized systems.
Some tradeoff is expected, of course, but too much and the goal of decentralized secret sharing becomes untenable. Source’s ZK-KMS collates secret access for a user through a single account. The account uses Zk-proofs to determine access to a secret, and the proofs themselves are managed by its own Secret Ring.
There is nothing to stop Secret Rings becoming stacked upon one another. In fact, it’s desirable. The more nested a secret, the safer it is. Secrets can be split into multiple share, and each of those shares can be independently stored by different Secret Rings, further distributing the ultimate security of any given data and, due to SourceHub’s fast throughput, at near-zero cost to efficiency and friction, ensuring the smooth operations of their decentralized applications.
The Secret to a Decentralized Web
Secret management and access control is the central underpinning to all databases, and indeed the essence of cryptography itself. You need to know who to trust. Ownership of data relies upon these protective mechanisms that have for so long been in the vice-like grip of centralized actors, who themselves are prone to going Peter Pettigrew on you, whether by accident or - of course - on purpose. A ground-up decentralized approach to secret management is what the new internet has been crying out for and, with Source’s Orbis, it now has one.