This is the final post in a series about the various facets of safeguarding crypto assets. In previous posts, we mainly looked at the criteria for establishing security in custody operations. In this text we’ll explore broader aspects of custody architecture and will see if we were able to answer the question posed in the first part of this blog series.
We compared Multi-Signature, Multi-Party Computation, and Hardware Security Modules in their ability to protect cryptocurrencies and assets and in meeting operational, business, and regulatory requirements.
One element that the purveyors of custodian platforms must consider is how they’re required to manage their customer holdings. This depends on interpretations of what constitutes ownership and custodianship of the assets. Of course, that can also change with various legislations, different business models, and the expectations of potential customers.
To meet these demands, the platform must allow the separation of the key’s ownership and control of the asset. Depending on the customer or jurisdiction, it might be necessary to store the key material on a device or other, similar premises owned and controlled by the custodian – without permitting them to use the key. In other cases, it’ll be necessary for the custodian to have full control of an asset that is still legally owned by the customer.
Offline, paper-based solutions aren’t very flexible, and don’t offer these various modes. The plaintext, unencrypted version of a private key – or its representation on a QR code – gives full control to the custodian. A passphrase-encrypted private key, or an HD wallet with a passphrase added to its mnemonic seed, allows the separation of the medium’s custodianship from the control of the asset it links to. However, this comes with overheads – the customer would have to become part of the key creation ceremony to make the process feasible. At the same time, the customer would be at risk of losing the access completely by their own mistake.
Where supported, Multisig offers additional flexibility – depending on how the quorum requirements are designed – but comes with the complex compatibility and scaling challenges described in the previous posts.
Multi-Party Computation is not too different from multisig when considering the options it provides, but it has the advantage of universality of its application. This, of course, results in a much lower operational overhead.
Legacy HSMs provide very little flexibility in this arrangement. Whoever is the administrator typically has full control over the private key operations, though they technically can’t get their hands on the key material itself
Securosys HSMs have a Smart Key Attributes capability to provide the highest level of flexibility. It’s unlike SMPC, where the key is physically split into multiple shares and thus no one can technically be considered its custodian. With Securosys HSMs, the key material in the device is deliberately held by a single party – the HSM operator. At the same time, Securosys SKA will cede complete control of the asset to the customer, a 3rd party, or any combination thereof.
Our analysis clearly shows that Securosys HSMs have the right design, implementation, and operations to be a superior solution for crypto asset safeguarding. Yet nothing comes without trade-offs, of which we found three main groups.
There are open-source versions of both multisig and SMPC approaches. This removes the factor of trust, which must be granted with proprietary solutions, from their software layer. Furthermore, they can be run on various types of hardware, which gives the operators the ability to choose their most trusted combination of hardware components. However, there is one clear issue: open-source does not guarantee security! The most glaring examples of vulnerabilities can be found in open-source software such as Heartbleed in OpenSSL, as well as in mass-produced hardware like Intel architecture’s Spectre, Meltdown and Plundervolt.
HSMs, with their proprietary design and closed-source software, are on the other end of the spectrum. One could definitely argue that the economic and business incentives of their producers (including Securosys) protect against intentional or accidental vulnerabilities – just like open source does. In the end, it’s up to the evaluator to decide which factors they value the most. Securosys allows customers to fully audit the software code, the design, and the manufacturing process. In addition to that, the company is located in Switzerland. This means that Securosys has the highest jurisdictional guarantee of support against any compulsion to lower security design and operational standards.
Open-source multisig and SMPC implementations tend to be free. This, of course, makes top-of-the-line HSMs much more expensive. With production costs in the range of thousands of dollars, it can be uneconomical for many startups.
This is why Securosys offers the affordable HSM-as-a-service option. It’s perfect for those who want to take advantage of a top-shelf HSM’s security features while limiting their expenditures. With our Remote Partition Administration feature, it doesn’t require any trust in our service management in order to keep the access to the key material strictly controlled and private.
Legacy HSMs aren’t known to be easy to use. Many operators and developers find them lacking in regard to the user experience. On the other hand, the software-only implementations of the above-mentioned cryptocurrency safekeeping technologies are purposefully built for simplicity and ease of use. This, of course, is a delight for administrators and developers.
As for Securosys – we understand that our real competition isn’t legacy HSMs with their lackluster UX. Our cutting-edge software solutions are specifically designed to continuously improve the developer experience. This is done by natively supporting many blockchain- and cryptocurrency-specific requirements such as BIP32, by simplifying both administrator and application programming interfaces, and by providing clear documentation and tutorials. To experience more, feel free to join our development program.
We started this analysis to find out if our product is still relevant for cryptocurrency applications. We already knew that our main competitors aren’t legacy HSM manufacturers who don’t really pay attention to this specific market, but rather innovative ‘trustless’ solutions like multisig and SMPC. Our evaluation led us to the understanding that our blockchain-focused HSM is best suited to secure crypto assets, especially when compared to other solutions on the market. Knowing that this is a rapidly evolving field, we’ll reaffirm our desire to continue the improvement of the developer experience. Constant innovation is, after all, the key to remaining competitive.
Any comments or feedback on this material are more than welcome. If you noticed something that should be corrected, please reach out to productmanagement@securosys.com .
To learn more about the products we offer for early stage startups, large crypto enterprises or anything in between, please reach out to info@securosys.com .
You can find more information on the safeguarding of crypto assets here.