Cryptocurrency Wallet Security

As the popularity of cryptocurrency trading explodes around the globe, one of the biggest risk factors for existing and potential investors continues to be the large scale hacks of exchanges. Digital wallets are used by cryptocurrency owners and exchanges to store digital assets. Digital wallets are well-known across legacy applications such as e-payment and PKI, with cryptocurrencies now added to the list. Security is very important for all of these applications, but perhaps most for cryptocurrencies, because transactions are irrevocable when they’re used in conjunction with blockchain schemes.

There is a widespread belief that keeping your private keys in one single wallet leaves them vulnerable to many attacks. This problem is even bigger if we consider custodial wallets (e.g. wallets where your broker holds your private keys) as there are many examples of custodial operations with poor security or even malicious behavior. In either case, Multi-Sig (multi-signature) wallets have been proposed as the best-practice option. An M-N Multi-Sig wallet essentially has N different private keys (and associated public keys) controlled by N different entities, and to perform a valid transaction, at least M of these keys must be used to sign the transaction.

However, Multi-Sig wallets come with a number of practical problems such as changing who has control over the keys, restoring lost keys, and the size (and thus value) of transactions. In other words, complexity and life-cycle management of the multiple keys required to authorize cryptocurrency transactions are the Achilles heel of Multi-Sig wallets.

The answer to all of these problems is to use threshold signatures instead. A threshold signature is a (t,n) Multiparty Computation (link) protocol with properties similar to Multi-Sig. However, instead of using N keys, a single private key (with one corresponding public key/address) is split into n sharesso that at least “t” of these shares must be used to make a signature with the private key. This can be done with any party holding a key share learning absolutely nothing about the other shares.

The benefit of such a threshold signature is that to the outside world it looks completely like a normal signature with a single key, so no information is leaked about the policy for who may have keys. Further, through re-sharing, a key may be re-shared amongst a new set of entities (without changing the public key) in the case of, say, key loss or a trusted employee leaving an organization. Finally, since we only require a single signature, transactions are no more complex nor slower than traditional transactions.

Essentially threshold signature is the serious big brother of Multi-Sig as a wallet based on threshold cryptography offers a superior set of security and business properties compared to that of both traditional and Multi-Sig based custodial wallets.

Sepior’s Threshold Wallet Toolkit offers custodians such as exchanges the opportunity to augment their solution with state-of-the-art cryptography and take advantage of the many benefits of threshold cryptography. 

Our toolkit is easy to integrate into existing solutions and supports a variety of client and server side platforms. Contact us to learn how we can help you create a commercial-grade cryptocurrency secure wallet based on threshold signatures.

Jakob Illeborg Pagter