Key Management Regime — SII Glossary

Definition

The composition of cryptographic, procedural, and governance controls under which the private keys authorizing transfers, issuances, redemptions, and administrative actions on a settlement system are generated, stored, used, rotated, and recovered. A Key Management Regime determines who can move value, under what conditions, and what happens if a key is compromised, lost, or contested.

Notes

Cryptographic standards for key management are mature. NIST SP 800-57 prescribes the lifecycle of cryptographic keys;¹ FIPS 140-3 establishes validation requirements for the cryptographic modules in which keys are held.² The standards bodies have done the work at the module and lifecycle layer.

What the standards do not prescribe is the governance regime under which a settlement system's keys are held. NYDFS guidance for virtual currency custodians begins to fill this gap by requiring segregation, sub-custody approval, and operational controls,³ but the requirement applies to a single custodian, not to a multi-party settlement system. A Key Management Regime, in the SII sense, is the system-level composition: the policies, the multi-party authorizations, the recovery procedures across institutions, and the failover conditions under which custody of the keys can pass without interrupting the settlement guarantee. It is the governance layer the cryptographic standards presume.

References

↩ National Institute of Standards and Technology, Special Publication 800-57 Part 1, Recommendation for Key Management: Part 1 — General (Revision 5, May 2020). csrc.nist.gov
↩ National Institute of Standards and Technology, Federal Information Processing Standard 140-3, Security Requirements for Cryptographic Modules (March 22, 2019). csrc.nist.gov
↩ New York State Department of Financial Services, Industry Letter on Custodial Structures for Customer Protection in the Event of Insolvency (and related virtual-currency custody guidance). dfs.ny.gov

Definition

Notes

See also

References