Digital asset custodians, exchanges, brokers, institutional investors, and other organizations require an institutional-grade digital asset wallet that provides advanced levels of security and controls. They often require more flexible and advanced levels of policy controls, complete control over how and where their wallet infrastructure is hosted, and the ability to comply with any applicable regulation, license, and insurance mandates. This article reviews these market requirements and describes how the recently introduced Blockdaemon Wallet satisfies those requirements and more.
Book a call for your very own demo of the Blockdaemon Wallet™, or read on to get a closer look at what’s new.
Advanced Digital Asset Wallet Policies for Financial Institutions and Crypto-Natives
Organizations dealing in large amounts of cryptocurrencies, NFTs and other digital assets require advanced levels of control over how those assets are transferred to another party. Many organizations require a combination of nested and overlapping policies, with different flows depending on the asset type, value, or other criteria.
Digital Asset Policy Wallet Controls – Quorums
For certain wallet applications and transactions, it may be appropriate to require multiple parties to approve a transaction before it is submitted to the blockchain for execution. This policy may be as simple as a two-party approval scheme where both a requestor and an approver must approve, or it could be a more advanced quorum model where at least two parties of the three members of group A and at least three parties of the five members of group C must approve.
Flexible quorum support can be a powerful construct for ensuring that transactions are only executed when a required number of parties have approved, and allows for the reality that certain approvers may be unavailable and allow for real-time operations.
Digital Asset Policy Wallet Controls – Checklists
Certain wallets may be used as gateways between other wallets to provide layers of security and control. For example, a cold wallet, which is offline, may only be authorized to transfer digital assets to only a whitelist of pre-approved warm wallet addresses. An attempt to transfer assets directly to any other wallet would be blocked by the checklist policies.
Similarly, the warm wallets may only be allowed to transfer digital assets to a defined list of hot or cold wallets. Such a model would require an adversary to penetrate and defeat the whitelist security controls of two layers of wallets (warm and cold), notwithstanding additional air-gap measures, before assets in cold-storage could be stolen.
Digital Asset Policy Wallet Controls – Conditional Controls
It can be very useful to have conditional controls, with “If, then, else” parameters that enforce other policies. An example might be to allow for some minimal number of approvers from Group A to authorize a transaction if the value is below a certain value, but require either a larger number of approvers from Group A or also require a quorum of Group B approvers when the transaction value is above a certain level.
Digital Asset Policy Wallet Controls – Operational Controls
Service providers may also wish to put operational controls such as rate limits on the number of trades that a specific wallet may execute over a specified period of time, or throttling to prevent wallets from running beyond the capacity of other subsystems within the broader ecosystem. Such controls can also protect against threats where excessively large numbers of low value transactions that are not subject to conditional policy controls, protecting against the risk of a slow but potentially detrimental bleed down of digital assets.
An institutional-grade wallet supporting advanced policies such as quorums, checklists, conditional controls, and operational controls provides the increased level of security and control to effectively manage large numbers of potentially high-value transactions with speed and confidence.
Self-Hosting Policy Wallets for Complete Control
Many companies enter the digital asset market using widely available Wallet-as-a-Service (WaaS) offerings, which are hosted by the wallet provider. These hosted wallet services are a convenient way to get started, however, regulators, major customers, insurers, and major shareholders prefer to see these wallets hosted by the service provider. Self-hosting gives the digital asset service provider complete control over their wallet’s performance, availability, roadmap, capacity expansions, geographic expansions, custody models, MPC security models and more.
As a result, major custody providers, exchanges, brokers, and financial institutions will increasingly require the freedom to procure their wallet software and run it on-premises, in private clouds, and even public clouds under their control.
Digital Asset Policy Wallet – Advanced Security
While flexible policies and hosting capabilities are increasingly critical, the first priority of any digital asset wallet is to protect the wallet and private keys from theft or misuse, which can result in stolen digital assets. The latest advancements in wallet security use multiparty computation (MPC) to protect both the private keys and the policies that ultimately control them.
Digital Asset Policy Wallets - Key Protection Using Multiparty Computation (MPC)
Multiparty Computation (MPC) has emerged as the key management and protection technology of choice for digital assets. MPC natively generates and uses private keys to generate transaction approval signatures in the form of distributed key shares, which are stored and used by different parties. This MPC wallet model eliminates the existence of a complete key on a single machine or known by any single party. As a result, no single party can be hacked or compromised in any way to access a complete private key.
MPC also natively supports the ability to cryptographically enforce multiple party approval schemes, requiring 2 out of 3, or 3 out of 5 approvers similar to what was previously possible using MultiSig. A major MPC benefit over MultiSig is that MPC provides multiparty approvals using cryptography that runs off-chain, while producing a standard single signature. As a result, MPC is universally supported by all blockchains and digital asset protocols – without the cost, complexity, or security vulnerability of smart contracts.
Digital Asset Policy Wallets – Increased Security, Flexibility, and Performance with Advanced MPC™
Advanced MPC™ builds upon the proven benefits of MPC and introduces purpose-built protocols that have been application optimized for securing private keys and digital assets. Advanced MPC is available in a variety of MPC schemes, and can be hosted on virtually any environment including clouds, virtual machines, web browsers, and mobile phones. It supports functions like pre-processing and off-line signing to deliver industry-leading throughput, and the flexibility to use in on-line (hot or warm wallets) or off-line (cold wallet) applications.
Digital Asset Policy Wallets – Cryptographically Binding Policies with Key Shares
While MPC is highly useful at preventing private key theft or misuse, the risk of blind signing is still a concern. The same risk exists when a key is stored and used in a Hardware Security Module (HSM). The key may not be stolen, but if the HSM or MPC system is told that the required policies have been satisfied, it will use the private key or shares to generate a signature.
One way to eliminate blind signing risk is to use MPC to cryptographically bind policies with MPC key shares. This can ensure that the policy criteria being used by one party is consistent with the policy criteria of all other signing parties, for a What You See Is What You Sign (WYSIWYS) signature generation model.
Blockdaemon Wallet
Blockdaemon has been providing Advanced MPC key management and protection technology to companies developing their own digital asset wallets and custody solutions since 2018. Blockdaemon introduced the Blockdaemon Wallet in June of 2022 for companies that prefer to source a complete wallet rather than just the MPC key management technology.
The Blockdaemon Wallet is an institutional-grade policy wallet supporting both custody and non-custody applications. It is a universal wallet that supports multiple asset types and supports all of the features and functional elements described above, and more. For more information on this topic, feel free to book a call with the Blockdaemon team today.
%252C%2520Shadow%253DTRUE.svg)
