Michael J. Casey is Chairman of the CoinDesk Advisory Board and Senior Advisor for Blockchain Research at MIT’s Digital Currency Initiative.
The following article was originally published in CoinDesk Weekly, a personalized newsletter delivered every Sunday exclusively to our subscribers.
Advances in cryptography are converging to help developers bring blockchain applications closer to the fundamental decentralization principles upon which this technology is based.
Inventions such as atomic exchanges, zk-SNARKS and Lightning-based smart contracts enable developers to realize the dream of true peer-to-peer transactions in which no party, or outside intermediary, can act maliciously. Witness the growing number of non-custodial and decentralized exchange services (DEX) for trading crypto assets.
That’s exciting. But it also highlights another big issue that has held back the widespread adoption of cryptocurrency and blockchain technology: secure key management.
For too long, the most reliable means of protecting the private keys that give the holder control over an underlying crypto asset have been too clumsy, insufficiently versatile, or difficult to implement on a large scale. User experience has been sacrificed in exchange for security.
Now, great advancements in another hugely important area of ââcryptography – secure multi-party computing, or MPC – point to a potential holy grail situation in terms of usability and security in a decentralized system.
A keyless wallet
Progress in this area was marked last week by Tel Aviv-based KZen Public announcement of the specifications of its new ZenGo wallet. ZenGo uses MPC, as well as other sophisticated cryptographic tools such as zero knowledge proofs and threshold cryptography, to share signing responsibility for a particular cryptocurrency address among a group of otherwise untrusted entities.
The beauty of the KZen model is that security is no longer dependent on one or more entities maintaining full control over a separate private key of their own – the central point of vulnerability in the management of cryptocurrencies until now. Instead, the key is collectively derived from individual fragments that are generated separately by multiple untrusted computers.
The model is based on the genius of MPC cryptography.
With this approach, multiple untrusted computers can each perform calculations on their own unique fragments of a larger data set to collectively produce a common desired result without one node knowing the details of each other’s fragments.
The private key that executes the transaction is therefore a collectively generated value; at no time is a single vulnerable computer responsible for a real key. (The KZen site includes a useful explanation on how it all works.)
KZen is not the only MPC solution provider for blockchain key management. Unbound, another Israeli company, is attacking the enterprise market with its MPC solutions for crypto security.
Unbound is prolific (if blatantly pro-MPC) the blog offers different angles on the same argument.
He repeatedly explains why MPC is superior to the two preferred approaches to cryptographic security at the moment: hardware security modules (HSMs), on which hardware wallets such as Ledger and Trezor are built, and multi-signature technologies (multisig ), which are favored by exchanges.
If we are to believe KZen and Unbound, MPC solutions solve both the hot versus cold trade-off in key management and the dilemma of self-managed care versus managed care.
Cold wallets, in which the keys are stored in a completely offline environment beyond the reach of attackers, are quite secure as long as they remain in that offline state. (Although you really don’t want to lose that piece of paper that you printed your private key on.)
But getting them into a transactional online environment is too much of a challenge when you want to use those keys to send money. This might not be a problem if you are just a HODLer who rarely trades, but it is a serious limitation to the prospects for blockchain technology to transform global global commerce.
On the other hand, hot wallets have so far been notoriously vulnerable.
Whether it’s the relentless “SIM-jack” attacks on the phones of people who empty both hosted (third-party custody) wallets and self-service holdings on phones, the horror stories of retailers abound. And, of course, we all know the stories of detention swap hacks – from Japan, To Hong Kong, To Canada, To Malta.
At the same time, the solution that regulated institutional investors are currently looking for – that depositories and exchanges are building like Fort Knox “military” custody solutions – inherently contain a compromise.
Not only does this approach fail to resolve dependency on a third party, but there are serious doubts as to whether such a solution can be forever safe from hackers, who are constantly improving their methods. to bypass firewalls. At the best of times, constant computer upgrades turn into a huge waste of money.
Alternative to HSM and multisig
None of this is to say that existing security technologies are unnecessary.
Hardware devices from Ledger and Trezor – a more nimble form of cold wallet – are widely used by people who are not comfortable with external third-party custody and online self-custody wallets on the Internet. device. And, separately, multi-signature solutions (multisig), in which a m-of-m quorum of keys are required to execute a transaction, have been shown to be robust enough to be used by most exchanges.
But in both cases, vulnerabilities were exposed. And to a large extent, these risks boil down to the fact that no matter how sophisticated the surrounding security model is, the most important keys are always found at single points of failure.
Just last week researchers demonstrated how they could hack into a remote hardware security module. The irony: the researchers were from Ledger, which relies on HSM to secure its customers’ keys.
Multisig models arguably offer protections against such attacks, as a breach requires simultaneous control of multiple keys held in separate locations, but the point is that multisig solutions have also failed due to technical and human vulnerabilities (e.g. inside jobs).
In addition, both solutions are inherently limited by the need to customize them according to particular specifications or registers. Crypto developer Christopher Allen pointed out last week , for example, that HSMs are particularly constrained by the fact that they are defined by government standards.
And in each case, the ledger-specific design of the underlying crypto means there is no support for the type of multi-asset wallets that will be needed in a decentralized, interoperable world of cross-chain transactions. .
In contrast, KZen boasts that its keyless wallet will be a multi-ledger app from day one.
Challenges and opportunities
To be sure, MPC remains to be proven in a practical sense.
For a time, the heavy resources required to perform these networked computing functions made it a difficult and expensive concept to integrate into real environments. But rapid technical improvements in recent years have made this sophisticated technology a viable option for all kinds of distributed computing environments where trust is an issue.
And key management isn’t its only application for blockchains either. MPC technology plays a vital role in the work of MIT-founded startup Enigma on “Secret contracts” as part of its extensive plan to build the “privacy layer for the decentralized web.
(Aside: Enigma CEO and founder Guy Zyskind is also an Israeli. Israel has fostered a remarkable concentration of crypto expertise in this space.)
It would be unwise to assume that MPC, or any other technology for that matter, will provide a perfect and completely foolproof solution to security problems. It is still true that the greatest security threats arise when human beings complacently believe that security is not a threat.
However, if you squint your eyes hard enough and think about how this technology’s prospects for better key management can be married to Enigma’s vision of an MPC-based secret contract layer and walking more. broad towards decentralized and interoperable asset exchanges, a compelling vision of the real blockchain-based peer-to-peer commerce is beginning to emerge.
At the very least, you need to watch this space.
Image of keys via Shutterstock