Sepior ThresholdSig
Wallet Security

Sepior’s ThresholdSig wallet security is the new gold standard for cryptocurrency wallet security. Using the latest threshold cryptographic techniques, including multiparty computation (MPC), Sepior™ ThresholdSig delivers the highest online wallet security available, with the lowest costs and complexity.

Sepior™ ThresholdSig wallet security is available to cryptocurrency exchange providers and other providers of advanced wallet applications and services through technology licensing agreements with Sepior. Sepior will provide the key enabling software, toolkits, and licenses for you to implement wallet security services.

  • Crypto Wallet Client SDKs: Providing Threshold Key Management System (TKMS) libraries used by Java, Android (Java), and iOS (Swift) devices

  • Crypto Wallet Service: providing TKMS service for exchange and custodial service providers


ThresholdSig - Setting New Standards For Wallet Security

Threshold signatures (ThresholdSig) implemented with MPC provide higher confidentiality, integrity, and availability than MultiSig, with the operational simplicity and blockchain efficiency benefits of a single key. Shares of a single key are distributed to multiple approving parties, rather than full keys as with MultiSig. Only t (a user defined threshold) of n (number of MPC configured parties) key shares are required to authorize a transaction, enabling secure transactions even if one or possibly more parties are unavailable. Distributed processing using MPC signs for the transaction, without ever producing a whole key on any device, at any time. The non-existence of a whole key mitigates the risk of theft, and the off-chain policy attributes of ThresholdSig yield tremendous operational benefits.

Maximum Security, and Maximum Transaction Density Too

ThresholdSig is very efficient in terms of blockchain transaction capacity. Historically, single signature transactions used one hashed private key address, resulting in the least amount of on-chain recorded data per transaction. This single address attribute supported the highest number of transactions per fixed length block. Transactions signed for using MultiSig typically record multiple hashed private key addresses associated with multiple private keys, typically three keys instead of one. Even with optimization schemes, the recording of multiple signatures can easily double the amount of total data recorded per MultiSig transaction, effectively reducing the number of transactions per block by up to half. This resulted in a tradeoff decision to either optimize for security, or optimize for transaction density. Fortunately, transactions signed for using Sepior ThresholdSig record only a single private key address to the blockchain, to provide the highest level of transaction density, while also providing the highest level of security. It’s kind of like having your cake and eating it too!


Cryptocurrency Wallet Security Considerations

Anonymity and Irreversibility Elevate Security Stakes

  • The anonymous nature of bitcoins and the indelible ledger aspect of blockchains combine to create an environment where transactions cannot be reversed, even if they’re executed through fraud.

  • Therefore, security stakes for cryptocurrency exchanges and wallets are higher than any other form of online commerce.

Private Key Security is Paramount for Wallet Security

  • Cryptocurrency wallets use the combination of a public key and a private key to sign-off the authorization of transactions.

  • The public key is shared with any party seeking to deposit funds into the wallet account.

  • The private key must be kept confidential and used only by the wallet owner, or an authorized custodial service provider, to sign-off for the withdrawal of funds from the owner’s account.

  • Security of the private key is paramount for sustaining security of the wallet and the associated bitcoins.

Over $1.6B in Losses and Rising

  • As of October 2018, bitcoins valued at more than $1.6B have been stolen from numerous exchanges and their associated customer wallets. In almost all cases, the theft was facilitated at least in part due to insufficient security of the private keys used to authorize the withdrawal of funds.

  • More effective wallet security is essential to achieving mainstream adoption with bank-backed exchanges.

Traditional Wallet Security – Choices of the Past

  • Traditional wallet security solutions use either a single key, or a multi-key signature scheme known as MultiSig for private keys.

  • The single signature scheme is typically limited to consumer grade wallets which are often provided free of charge and are suitable only for storing very small amounts of bitcoins, such that the losses are tolerable if the single key is stolen or lost.

  • For applications routinely storing larger amounts of bitcoins, a multi-signature scheme is typically used to provide more checks and balances to mitigate the risk of theft.

MultiSig – The Former Benchmark For Wallet Security

  • Prior to the introduction of Sepior™ ThresholdSig, a single-key, multi-party, threshold-signature wallet security technology, MultiSig was considered the benchmark for cryptocurrency wallet security.

  • MultiSig uses multiple keys, allowing multiple parties to individually sign-off to collectively authorize an account withdrawal.

  • MultiSig is a dramatic improvement in security over single signature schemes, however it also has multiple undesirable attributes:

    • increases the number of hashed signatures added to the blockchain, by at least 3 versus 1, potentially reducing the number of transactions per block by up to 50% compared to single-key models,

    • increased key administration complexities associated with a unique key for each approver,

    • on-chain broadcasting of security policies and changes – specifying key holders,

    • the existence of full keys on approver devices which are subject to theft.

ThresholdSig - The New Gold Standard for Wallet Security

  • Sepior™ ThresholdSig is resetting industry benchmarks for cryptocurrency wallet security, simplicity, flexibility, and blockchain efficiency. Key benefits include:

    • maximum security with multi-party approvers,

    • simplicity of business operation integration through the use of a single key,

    • up to 100% increase in transaction density per block (vs. MultiSig),

    • potential for lower miner transaction fees resulting from higher transaction density,

    • flexibility of a t (threshold) of n approval control,

    • decreased risks by eliminating on-chain broadcast of security policies and changes – keeping approvers anonymous,

    • greater administrative flexibility, through off-chain key and policy administration,

    • decreased potential for key theft by eliminating the existence of a whole key on any device, at any time.

  • Sepior™ ThresholdSig achieves these new benchmarks in performance through patented techniques using secure, multiparty computation (MPC).

One Solution Supporting Both Wallet Providers and Subscribers

  • Sepior™ ThresholdSig is suitable for use by cryptocurrency exchanges and premium wallet providers to secure subscriber wallets, as well as the wallet they use to hold cryptocurrencies during the settlement process.


ThresholdSig Features & Benefits

Institutional-grade cryptocurrency wallet security

  • Maximizing confidentiality, integrity, and availability of crypto assets.

Industry’s first threshold-signature wallet security

  • Security of multiple signature approvals with the on-chain efficiency of a single-signature.

Single-key transaction density yields preferential processing

  • High transaction density is attractive to miners and likely to reduce per transaction mining fees.

  • Maximizing transaction density enables more transactions per block, satisfying end users, exchanges, and miners.

Threshold approvals support – enabling (t of n) approval control for the real world

  • Approve transactions even if a device is unavailable or has been compromised.

Flexible off-chain policy changes – add / delete approvers, change policies without on-chain changes

  • Greater agility, providing flexibility on day to day operations, and navigation of future regulations.

  • No need to create and distribute new keys or key shares to existing share holders when adding, changing, or reducing the number of approvers.

No on-chain broadcast of policies or changes

  • Increases privacy and reduces hacker knowledge.

Uses secure multiparty computation (MPC) - distributing key shares and computation across multiple devices to securely approve transactions

  • No whole key ever exists on any device, eliminating the potential for key theft.

Flexible key share recovery – MPC generation of new replacement shares through threshold (t of n) computation

  • Addressing real world issues, with operational simplicity.

Sepior™ ThresholdSig wallet security offers numerous benefits over MultiSig and single signatures. Contact Sepior today to learn more about how to elevate your security, while reducing cost and complexity.