In blockchain systems, cryptographic keys are the foundation of trust. They authorize transactions, control access, and secure digital assets. But managing these keys safely, without losing or exposing them, is one of the most challenging aspects of blockchain security.
Earlier this year, BSSC held a webinar that explored four new standards recently published by the group. One of them, the Key Management Standard, addresses this very issue. The following post summarizes comments made by Mark Nesbitt, Head of Security at Turnkey, about this new standard.
The Key Management Standard from BSSC was created to provide clear, actionable guidance for securely managing blockchain cryptographic keys, which we define as any private key that can cause a state change on a blockchain. In other words, any key that can move assets or modify blockchain data falls within scope. This definition aims to align with how most practitioners intuitively think about keys, while also setting a precise technical boundary.
Avoiding the Two Key Risks: Theft and Destruction
The term “key loss” can sound straightforward, but it can be ambiguous. In practice, loss occurs in two distinct ways: theft (when a key is stolen or compromised) and destruction (when a key is lost or becomes unrecoverable).
Both are equally catastrophic. And measures to prevent one can often increase the risk of the other. For example, distributing key backups can reduce the chance of destruction but increase the risk of theft. The Key Management Standard helps organizations navigate this delicate balance, offering practical guidance to mitigate both threats.
Key Management Lifecycle
The Key Management Standard is divided into two main parts
Each stage has its own unique risks and operational considerations. The document walks readers through these phases in detail, offering a structured framework for secure key management across the entire lifecycle.
Applying Trusted Principles to Blockchain
Key management is not a new concept in information security, but blockchain presents unique challenges. The goal of this standard is to complement, not replace, existing industry and government key management frameworks, such as NIST or ISO standards, while providing blockchain-specific guidance.
By tailoring recommendations to keys that directly affect blockchain state, the standard bridges the gap between traditional cryptography practices and decentralized technologies.
A Baseline for Iteration
The initial release of the standard focuses on creating a simple, actionable baseline, something that most organizations can adopt to raise the floor of blockchain security. But this is just the beginning.
Community feedback and iteration are central to the process. By sharing the standard openly, the team hopes to refine and expand it based on real-world input and emerging technologies.
What’s Next: MPC and Quantum Readiness
Two areas already identified for deeper exploration are:
Blockchain-specific key management guidance brings important advantages. It allows for targeted, actionable advice, such as handling transactions in mempools or understanding how hashed public keys translate into blockchain addresses. By focusing on the nuances of blockchain, this standard aims to provide clarity, consistency, and a stronger security foundation for the ecosystem.
As the technology and threat landscape evolve, so will the guidance. The release of the Key Management Standard marks a major step toward a safer, more resilient blockchain future. A future built on secure, well-managed keys.
Want to help shape the future of the standard? Learn more about BSSC membership and how you can get involved.
