Wallet Keyring Structure
Twala uses multiple layers of encryption and smart contracts to manage private keys for improved security and convenience.
The Twala ID's Keyring structure is a security mechanism designed to protect the private keys associated with a user's Twala ID. The keyring is made up of three different keys: the Soul Key, the Action Keys, and the Claim Key.
The Soul and Action Keys are implemented using Elliptic Curve Digital Signature Algorithm (ECDSA), a popular encryption algorithm that provides high levels of security. The Claim Key, on the other hand, is implemented using Rivest–Shamir–Adleman (RSA), another widely-used encryption algorithm.
The Soul Key is the foundational key pair that enables the representation and management of a user's digital identity on a blockchain network. This key pair is used to generate, issue, and manage all of the credentials, assets, and signatures associated with the user's identity. In other words, the Soul Key serves as the root of trust for the user's identity on the blockchain, and is crucial for ensuring the integrity and security of the user's digital identity. Any activity related to the user's identity on the blockchain is authenticated and authorized using the private key associated with the Soul Key, which is securely stored and accessed only by the user.
The Action Keys serve as secondary keys for a user's digital identity, allowing for targeted and specialized use cases such as logging in to a specific digital bank, securing documents, or signing transactions for a particular smart contract. Users may choose to generate multiple Action Keys to enable different functionalities and use cases for their digital identity. These keys are securely stored and accessed by the user and are authenticated and authorized using the Soul Key. By using Action Keys, users can effectively manage their digital identity for specific purposes while maintaining the security and integrity of their overall identity on the blockchain.
The Claim Key is primarily used to secure and manage credentials. When credentials are issued by a third-party, the public key associated with the Claim Key is used to encrypt the metadata of the credentials, which are then stored on the InterPlanetary File System (IPFS) and Filecoin. The private key associated with the Claim Key is securely stored only on the user's device, ensuring that only the user has access to it. This private key is used to decrypt and access the credentials, enabling the user to manage and share them as needed. By using the Claim Key, users can maintain control and ownership of their credentials while ensuring their security and privacy on the blockchain.
The private keys associated with each of these keys are then encrypted and secured using the Advanced Encryption Standard (AES), a symmetric-key encryption algorithm that provides strong protection against attacks. Additionally, the user's wallet's mnemonic codes, which are generated using the BIP39 standard, are used as a backup mechanism for the private keys.
Finally, the entire keyring is anchored to a Keyholder Contract that implements the Ethereum Request for Comments (ERC) 725 standard. This contract is secured by the Twala Network, which provides additional layers of security to ensure that the user's private keys are protected from unauthorized access.
Updated over 1 year ago