Autonomi
LearnBuildWho we ArePublicationsGet ANTStart a Node
  • Learn
  • Node
  • ANT Token
  • Developers
  • Autonomi Docs
  • Introduction
    • What is Autonomi?
      • The Internet's Crowd Storage Layer
      • Everything's Encrypted
      • Lifetime Storage; One Time Fee
      • Built From Everyday Devices
      • Private by Design
      • Blockchainless Data
      • Secure & Efficient
    • Background
    • A Self-Organizing System
    • Fundamental Principles
    • Key Features
  • How It Works
    • Overview
    • Fully Autonomous Data Network
      • A Serverless Web
      • Nodes
      • Clients
    • Network Architecture
      • Building on Kademlia
      • libp2p
      • Content-Addressable Storage
    • Encryption and Authentication
      • Self-Encryption
      • Multilayered encryption
      • Self-Authentication
      • Multisig Credentials
    • Network Economics
      • Key Properties
      • Token Supply
      • Gas Fee
      • Quote Calculations
    • Consensus Not Required
      • Stigmergy
      • Conflict-free Replicated Data Types
    • Data types
      • Chunks
      • Registers
    • Defence Against Cyberattacks
      • Beating Common Threats
  • Learn More
    • Team
    • Autonomi Foundation
    • FAQs
    • Glossary
    • References
Powered by GitBook

Get Involved

  • Start a Node
  • Discord
  • Forum

Follow Us

  • X
  • Reddit
  • LinkedIn
On this page
Export as PDF
  1. How It Works
  2. Encryption and Authentication

Multisig Credentials

PreviousSelf-AuthenticationNextNetwork Economics

Last updated 1 year ago

Boneh-Lynn-Shacham Distributed Key Generation (BLS-DKG) is used to help users handle their authentication credentials so they don't automatically lose their data if they lose their key.

Credentials are thus extremely important, but credential loss can be a serious problem on decentralized networks where there is no central authority to help recover or reset forgotten passwords. The temptation may be to choose simple credentials that are easy to remember, but these will likely be insecure (easily guessed or cracked) and prone to collisions—other people may choose the same ones and inadvertently stumble upon the user's private information.

Autonomi requires at least two separate credentials, generally referred to as 'access keys', with the option to add more. In combination, these access keys have sufficient entropy (randomness) to make collisions vanishingly unlikely.

Onboarding for the first time requires the user to choose a password (the first access key) from which a second access key is generated in the form of a passphrase (12 random words with a checksum), which the user writes down, perhaps keeping copies in a few safe places. With these two access keys, we have something you know (the password), and something you have (the passphrase), and in combination, we can generate a suitable amount of entropy to avoid collisions. This is the minimum requirement for creating your data store on the Network.

The user may also choose to create a third access key, a device key, on a trusted smartphone or computer, which is where BLS-DKG comes in, enabling a 2-of-3 key scheme, or even further to any k-of-n!

Now instead of requiring the passphrase, on this trusted device the user can just use the password and the device key—something you have—maybe utilising some inbuilt biometrics too, for an element of something you are.

Additional access keys can be created to provide more flexibility and resilience. A backup passphrase is one example, and additional devices can be set up too. Then if the user forgets the password or loses a device, a combination of another device and or passphrase will allow the password to be reset.

In this way, Autonomi caters for people with security needs ranging from the everyday to the extreme.