Digital Asset Security Just Got Better
Digital assets like Bitcoin, Ethereum, Ripple, Libra and others promise to revolutionize commerce and financial services globally. While the ultimate dominant digital assets offerings are yet to be determined, the one thing that’s certain is the need for more effective digital asset security. This is true regardless of if your transactions run on public or permissioned blockchains.
Conventional single-signature and multi-signature (MultiSig) security schemes have proven time and again to be woefully insufficient. Fortunately, a new multiparty transaction security scheme based on threshold cryptography is redefining how digital assets and the wallets which account for them are secured.
Sepior™ ThresholdSig is the industry’s first multiparty approval digital signature technology that uses threshold cryptography with multiparty computation (MPC) to secure digital asset transactions. By securing the transactions, which move assets from one wallet to another, Sepior ThresholdSig secures the wallet and all associated digital assets. And it does so with industry leading security, privacy, and on-chain efficiency to minimize costs and transaction latency.
It’s Simply More Secure, More Private, and More Efficient
For the past decade, Single Signatures were the default transaction security scheme and multiparty approvals using Multi Signatures (MultiSig) were used for more advanced transaction security. Sepior™ Threshold Signatures (ThresholdSig) with MPC provides the best attributes of each of those technologies and more, while:
* improving security,
The concept of having multiple parties collectively approve a transaction is not new. It's unquestionably more secure than a single signature, single approval model. While MultiSig introduces support for multiple approvers, each approver's signatures is recorded on-chain. And everytime there is a change of approvers, security policies, or a refresh of a key these changes are recorded on-chain for all to see.
This MultiSig attribute effectively broadcasts security policies to potential adversaries, which is never a good security strategy. It also results in substantially increased transaction sizes which make it financially impractical to support more than a 2 out of 3 approval model with MultiSig.
Sepior ThresholdSig changes all of that by moving security policies off-chain and recording a standard single signature with the transaction regardless of if 2, 3, 4 or more approvers actually approved the transaction. The result is increased security that is practical to achieve in the real-world.
* decentralizing trust
By eliminating the dependency to rely on a central party with administrative visibility and control over every approver's key share. ThresholdSig natively generates each key share on each approver's representative device, without ever providing the administrator with access to the share, and without ever combining shares to form a full key, and thus eliminates centralized control over the key.
* increasing privacy,
By moving the security policies off-chain the public record no provides the electronic breadcrumb trail which aids the reverse engineering of who puchased what.
* increasing scalability with performance,
Moving security policy management and enforcement off-chain improves both scalability and performance. The transaction appears on-chain as a highly efficient single signature regardless of the number of approvers, keeping transactions small. This in turn increases the number of transactions that can be packed into a fixed length block to maximize transaction throughput during peak periods.
Sepior's implementation of threshold signatures allows for asynchronous approvals, with sub-millisecond approval cycles for fast, high-throughput transactions.
* minimizing total lifecycle costs.
Threshold Signatures provide industry leading security with the lowest upfront and recurring costs to minimize total lifecycle costs. Sepior ThresholdSig can be implemented with virtually any digital asset, without requiring the procurement and maintenace of dedicated Hardware Security Modules (HSMs) which are highly recommended to store the private keys used with MultiSig. ThresholdSig is different. A private key is never generated or stored on any device, thus there is no private key to store in an HSM.
ThresholdSig also provides the ability to regenerate lost key shares used by individual approvers, so there's not technical requirement to store key shares for backup either.
Unlike MultiSig, ThresholdSig with multiparty approvals always records just one standard single signature with the transaction. The resulting smaller transaction size results in higher miner willingness to prioritize with lower transaction fees, for lower recurring costs.
And the ability to refresh key shares without requiring a transaction (as is required with MultiSig) means you can refresh key shares without transaction fees.
A comparison of features and benefits of available signature approval technologies illustrates why Threshold Signatures are simply a better approach.
Sepior ThresholdSig - The Best of the Best
Sepior has been leading real-world deployments of threshold cryptography based on multiparty computation (MPC) for years. Our founders have been working with and refining scalable, high-performance implementations of MPC since 2008. In 2014 they formed Sepior to focus on the application of MPC with threshold cryptography. In 2017 Sepior began optimizing the implementation of MPC for Threshold Signatures in close collaboration with SBI, one of largest and most technologically advanced financial services firms in the world. In 2018 we publicly introduced Sepior™ ThresholdSig as the industry’s first MPC-based threshold signature security platform. Today, Sepior ThresholdSig supports the scale of 10’s of millions of wallet users, with industry leading transaction speeds, native resilience for high services availability, and the highest level of security available for online transaction services.
Revolutionary Private Key Security And Lifecycle Management!
Sepior™ ThresholdSig with MPC provides full lifecycle management of the private key which secures each digital asset wallet. Beyond generating and managing the lifecycle of keys ThresholdSig provides a revolutionary new approach to creating and securing keys in the form of random key shares. And it dose so without ever creating a whole key at any point in the entire key lifecycle.
Standard single signature and multi-signature security schemes use conventional private keys which are subject to theft or misuse. Once a key is stolen it can be easily used to forge a digital signature to steal digital assets.
Sepior ThresholdSig is fundamentally different. It natively generates a random share of a private key on the device of each approving party. The individual key shares provide no information to determine the identity of the private key, so an adversary can’t simply steal a key share and use it to forge a signature.
Sepior ThresholdSig supports “m of n” approval models at the key security layer. It supports up to n=20 potential approving parties and a required minimum of up to m=20 approving parties. Increasing the number of required parties has no effect on the transaction size or fees, because it’s always recorded as a single signature.
With Sepior ThresholdSig performance optimizations, each party’s share is processed by MPC in less than a millisecond, resulting in imperceptible transaction latency. Of course other factors influence overall latency, so thoughtful consideration should be given to how many parties to require for signature authorization.
When each party approves a transaction, their share of a key is processed using MPC to collectively generate a single authorization signature. This approach provides the multiparty approval benefits of MultiSig, with the on-chain efficiency of a standard single signature, and increased security with multiple parties. Furthermore, unlike MultiSig, none of the security policies or changes are recorded on-chain, obscuring critical security insights from would-be hackers. The net result is the highest on-chain efficiency, with the highest transaction security available in the industry.
A summary of other critical attributes of Sepior ThresholdSig include:
* full lifecycle key management,
Sepior ThresholdSig provides full key lifecycle management including key share generation, key share refresh, and more.
* regeneration of lost key shares,
If one party loses their device of their key share, MPC operating with the remaining key shares can regenerate the lost share, or new shares for all approvers. Thresholds can be specified to define the minimum number of shares required to regenerate a lost share as well as policies to ensure that shares can only be regenerated with proper approvals.
* key share refresh without transactions or address change,
A virtually unlimited number of combination of key shares can be used to computationally represent a private key. As a result, Sepior ThresholdSig can generate new key shares to routinely change out the shares as frequently as desired. Unlike other key refresh approaches, Sepior ThresholdSig does not require a transaction with each key share refresh, and it allows businesses to publish a static account address to simplify accounting and customer billing.
* secure operations - even when an approver is compromised,
ThresholdSig is designed to detect compromised approver devices and maintain secure signature approvals even if one or possibly more devices are affected.
* flexible quorum support for m of n approvers.
Similar to MultiSig, ThresholdSig supports m or n quorum approval schemes at the MPC signature generation layer. Additionally, quorums can be defined at the business operations layer to add even further quorum flexibility. Unlike MultiSig, ThresholdSig generates and records just one ECDSA signature regardless of the number of approvers, with up to 20 approvers at the MPC layer.
Additional quorum flexibility can be added by the walllet developer to allow one or a quorum of approvers to represent a single approver at the MPC signature generation layer. This yields virtually unlimited implementation flexibility.
Maximize Your Wallet Security Today
Sepior™ ThresholdSig wallet security is available to cryptocurrency exchange providers and other providers of institutional grade wallet applications and services through technology licensing agreements. Sepior will provide the enabling software, toolkits, and licenses for you to customize your implementation of threshold signature wallet security services with your personalized wallet.
Crypto Wallet Client SDKs: Providing Threshold Key Management System (TKMS) libraries used by Java, Android (Java), and iOS (Swift) devices
Crypto Wallet Service: providing TKMS service for exchange and custodial service providers
Looking For A Simple Turn-Key Threshold Signature Wallet Solution?
Sepior™ ThresholdSig is highly customizable and can be adapted to virtually any wallet or signature application. But sometimes you simply want a turnkey wallet that is already developed and has all of the features of complete wallet solution that can be rapidly private labeled with your own logo and rolled out to your customers. No problem.
Sepior does not offer a turn-key wallet solution directly to our customers, but we have multiple ThresholdSig technology customers who already have or will soon offer their own white label turn-key ThresholdSig wallets that you can brand and rapidly offer to your customers.
To learn more about ThresholdSig turn-key wallet solutions, Contact Us