Saved in:
Bibliographic Details
Main Author: Wang, Jian Sheng
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2511.20505
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866911471173107712
author Wang, Jian Sheng
author_facet Wang, Jian Sheng
contents Autonomous digital entities require deterministic identity mechanisms that avoid persistent storage of high-value master secrets, while supporting credential rotation and cryptographic agility across heterogeneous systems. Existing deterministic key hierarchies and centralized key management systems typically rely on long-lived root secrets, introducing structural single points of failure and complicating lifecycle management. We present ACE-GF (Atomic Cryptographic Entity Generative Framework), a seed-storage-free identity construction that enables deterministic and context-isolated key derivation without storing any master secret at rest. The construction reconstructs an identity root ephemerally in memory from a sealed artifact and authorization credentials, using misuse-resistant authenticated encryption together with standard key derivation primitives. Derived keys are generated via HKDF with explicit context encoding, ensuring cryptographic isolation across curves and application domains. This design naturally supports stateless credential rotation, authorization-bound revocation, and non-disruptive migration toward post-quantum cryptographic domains. Furthermore, the framework's parametric agility allows for optimization in resource-constrained environments, ensuring that deterministic identity reconstruction remains viable across a spectrum of hardware from high-performance servers to low-power IoT nodes without compromising the underlying security model. This work builds upon the conceptual framework introduced in MSCIKDF, which identified the core design goals for multi-curve, context-isolated, PQC-pluggable identity but did not provide a concrete construction. A formal protocol specification of ACE-GF has been submitted as an IETF Internet-Draft.
format Preprint
id arxiv_https___arxiv_org_abs_2511_20505
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle ACE-GF: A Generative Framework for Atomic Cryptographic Entities
Wang, Jian Sheng
Cryptography and Security
Autonomous digital entities require deterministic identity mechanisms that avoid persistent storage of high-value master secrets, while supporting credential rotation and cryptographic agility across heterogeneous systems. Existing deterministic key hierarchies and centralized key management systems typically rely on long-lived root secrets, introducing structural single points of failure and complicating lifecycle management. We present ACE-GF (Atomic Cryptographic Entity Generative Framework), a seed-storage-free identity construction that enables deterministic and context-isolated key derivation without storing any master secret at rest. The construction reconstructs an identity root ephemerally in memory from a sealed artifact and authorization credentials, using misuse-resistant authenticated encryption together with standard key derivation primitives. Derived keys are generated via HKDF with explicit context encoding, ensuring cryptographic isolation across curves and application domains. This design naturally supports stateless credential rotation, authorization-bound revocation, and non-disruptive migration toward post-quantum cryptographic domains. Furthermore, the framework's parametric agility allows for optimization in resource-constrained environments, ensuring that deterministic identity reconstruction remains viable across a spectrum of hardware from high-performance servers to low-power IoT nodes without compromising the underlying security model. This work builds upon the conceptual framework introduced in MSCIKDF, which identified the core design goals for multi-curve, context-isolated, PQC-pluggable identity but did not provide a concrete construction. A formal protocol specification of ACE-GF has been submitted as an IETF Internet-Draft.
title ACE-GF: A Generative Framework for Atomic Cryptographic Entities
topic Cryptography and Security
url https://arxiv.org/abs/2511.20505