The announcement last week of Fusion Foundation’s $6.4M cryptocurrency theft was not major in terms of the magnitude of the loss on market scale, but it’s an important reminder that even the best secured wallets are no more secure than the security of the keys that protect them. The resulting loss of more than 80% in market cap value, (now improved to 40%) is also a reminder of the consequences to shareholders when such events happen.Read More
A quorum policy is a policy which is used to ensure that different stakeholders approve of some transaction to remove the single point of failure which occurs when only one entity is needed to approve a transaction. Ironically, many ways of implementing such a policy will introduce a technical single point of failure in the very solution intended to remove the original point of failure. The solution is to have each approver provide their share of an approval signature using a cryptographic algorithm which natively generates the transaction signature only when the required number of approvals is satisfied.Read More
Blockchain initiatives such as VMware Blockchain™ are built on the concept of decentralized trust. Essential to the adoption of these platforms will be security. However, conventional security systems such as key management systems (KMS) operate with a centralized control model, in conflict with the paradigm of decentralized trust. Fortunately, Multiparty Computation (MPC) provides the ability to decentralize control over key operations and in doing so decentralize trust in security operations for complete realization of a decentralized-trust platform as a service.Read More
The stakes continue to rise for Digital Asset (DA) transaction security. Multiparty approval or using multiple approvers is one technique which dramatically increases transaction security. Many DA’s, such as Bitcoin, natively support Multiple Signatures (MultiSig) for multiparty approvals, but some DAs such as Tezos do not. Others like Binance can support MultiSig but only with the addition of special smart contracts or other work arounds which can add cost, complexity and inconsistency of operations and potential scaling issues. How can you achieve multiparty approval security without using MultiSig?Read More
Best practices for maximizing cryptographic security include using multiple parties to approve transactions and to refresh private keys periodically. Unfortunately, conventional private key refresh results in a change to the public key which is the account number where payments are received for digital assets such as Bitcoin. Fortunately, Threshold Signatures allow for multiparty approvals and key share refresh while maintaining static account addresses.Read More
The recent announcement of the CYBAVO VAULT™ is an important milestone in the industry’s migration toward more secure, multiparty computation (MPC) -based cryptocurrency wallets and expands the rapid adoption opportunities to a far wider range of users.
Some of the industry’s largest and most technologically advanced financial services firms are implementing MPC to maximize transaction security on their exchanges and custodial wallets. (See the blog An Introduction to Threshold Signature Wallets with MPC) However,Read More
Cryptography is a primary means of protecting digital information, typically through encryption. In modern cryptography, the algorithms are standardized and well known but the keys are secret. Many algorithms are so advanced that even the most powerful computers cannot defeat them. So, hackers focus on stealing the secret keys instead. Therefore, the effectiveness of protecting data through cryptography is primarily dependent on maintaining secrecy of the cryptographic keys.Read More
I was informally chatting with the security architect for a major financial services company earlier this week and he candidly asked “are threshold signatures really more secure than MultiSig or is it just a more effective way of achieving the same level of security?” As we continued the discussion I realized it was a really important question that I hadn’t addressed directly enough in our discussion about cryptocurrency wallet security.Read More
Cryptocurrencies are shifting from the obscure dark corners of the web to mainstream press, and soon mainstream institutional investors. Over recent months we’ve seen formal announcements of bank-backed cryptocurrency exchanges from SBI Holdings and Fidelity Investments. We’ve also seen clear signals of intent to offer institutional trading of cryptocurrencies from Goldman Sachs, Morgan Stanley, and JP Morgan. As cryptocurrencies become traded by institutional investors the stakes will increase and the security requirements for institutional-grade wallet security will rise. Is your exchange or hot wallet service ready to compete in this environment?Read More
As the popularity of cryptocurrency trading explodes, one of the biggest risk factors for existing and potential investors continues to be the large scale hacks of exchanges and digital wallets. Digital wallets are well-known across legacy applications such as e-payment and PKI, with cryptocurrencies now added to the list. Security is very important for all of these applications, but perhaps most for cryptocurrencies, because transactions are irrevocable when they’re used in conjunction with blockchain schemes.Read More
Security experts recently revealed two computer flaws called Meltdown and Spectre, serious vulnerabilities that threaten data by targeting modern microprocessors. This blog post discusses cryptographic protection called Multi-Party Computation (MPC), a way of mitigating the attack vectors by distributing vulnerable data onto different servers, a so-called "divide and conquer" strategy.Read More
Multiparty Computation (MPC) is a technology that allows you to compute on encrypted values. This might sound impossible at first – but in fact, using the right kind of cryptography, it is indeed possible. Using MPC a number of servers can jointly compute any function without learning the inputs to the function.
In this blog post, we give a brief introduction to MPC: how it works and what it is good for.Read More
In early March, Penneo – the digital signature platform used by Scandinavian businesses – rolled out a new feature for selected customers. The new feature allows customers to protect access to their documents stored in the Penneo managed archive using encryption keys, not controlled by Penneo, effectively separating the lock from the key.
Penneo customers who take advantage of this service will have 100% control over who has access to their documents.Read More
For cloud storage services the need for encryption is clear. Using Amazon S3 as the use case, this blog post considers the different choices available for your application when encrypting data stored at cloud storage providers.Read More
A recent survey of the nearly 300,000 professionals who are members of Linkedin’s Information Security Group showed that more than 90% of them have moderate or high levels of anxiety over the security of their data resident in public cloud services.Read More
Try our Java S3 Demo and start encryption data on Amazon S3 in just a few minutes.Read More
Everywhere I turn these days, I find plenty of bewildering bills and proposals related to privacy, security, and encryption from congressmen, senators, assemblymen and politicians of various colors who are in the business of introducing legislation in the U.S., EU, and other countries.Read More
This is a story about how I came to wish for a pure-cloud Key Management System (KMS), delivered in the form of a SaaS offering, for the strong encryption of unstructured data. In other words, a true Key Management as a Service (KMaaS) that could be decoupled entirely from expensive conventional Hardware Security Module (HSM) appliances, deliver cryptographic security (rather than password or trust based), and yet, scale at cloud economics.Read More