Wivity Root of Provenance verified its first NFT signing key last Thursday during a key creation ceremony. This ceremony was a two-for-one. Assessor Greg Gogates audited CCCsf.org’s capabilities to verify the creation of NFT signing keys. At the same time, CCC was able to witness artist Heesoo Kwon create her NFT signing key on a Ledger Nano S. Here’s how it went down.
September 27, 2021: CCC starts learning about Wivity’s NFT signing key verification process.
September 29, 2021: CCC creates its Ethereum account on a hardware wallet. CCC will use this to register NFT signing keys on the blockchain.
October 4, 2021: Greg Gogates (accredited assessor with decades of experience in cybersecurity and lab audits) signs on to become the first authorized assessor. He won’t be the last. He starts learning about the NFT signing key verification process as well.
October 6, 2021: Greg creates his account on a hardware wallet. He will use this account to register organizations like CCC that want to verify NFT signing keys on the blockchain.
Heesoo arrives at CCC offices with her laptop. CCC’s exhibition manager Yuanyuan Zhu and Greg start the web conference.
Artist (Heesoo Kwan), verifier (CCC), and assessor (Greg Gogates virtual) at the ceremony
Heesoo writes the name she would like associated with the soon-to-be-created NFT signing key and gives it to Yuanyuan. Yuanyuan verifies the name- looking at two forms of ID. It also helps that CCC has been working with Heesoo for a while. Her art is currently on display at the CCC gallery.
Identification and key security verification
CCC gives Heesoo a hardware wallet. Heesoo can’t bring her own hardware wallet because this introduces a supply chain attack risk- there’s no way for CCC to verify that she didn’t buy the wallet from a compromised supplier. CCC ordered the wallet directly from the manufacturer.
CCC witnesses Heesoo follow the instructions to create an Ethereum account on the wallet and get it ready for signing NFTs, helping along the way and explaining the purpose of the wallet, wallet PIN, and seed phrase backup paper. CCC creates distance when Heesoo creates the PIN and writes down the seed phrase since these are the only account creation steps that require privacy. Only Heesoo should know the wallet PIN and what’s on the backup. CCC verifies that Heesoo has a safe place to store the backup.
CCC witnesses Heesoo copy the address of the newly created hardware wallet account into an email to CCC. CCC will use the name and this address to register the NFT signing key on the blockchain. This is important because CCC needs to verify that the address that will be registered is actually the address of the key created in the hardware wallet. All this time Greg is observing CCC conduct the ceremony and asks questions when appropriate. Yuanyuan passes the assessment.
Preparing the new NFT signing key for minting
After the ceremony we took this picture in front of Heesoo’s installation at CCC to commemorate the first NFT signing key verified by Wivity Root of Provenance.
We call this event a “ceremony” because the process is inspired by the cybersecurity ceremonies that the Internet has relied on for decades. For example, these same ceremonies are used for auditing the creation of “root certificates” that form the backbone of the HTTPS protocol. In cybersecurity, “root” loosely means “origin”. All SSL certificates originate from root certificates. Now you know why we call our service Root of Provenance. It verifies the origins of NFTs on the blockchain.
Congratulations CCC and Heesoo Kwon- you are NFT trailblazers!