Sepior’s ThresholdSig wallet security is the new gold standard for cryptocurrency wallet security. Using the latest threshold cryptographic techniques, including multiparty computation (MPC), Sepior™ ThresholdSig delivers the highest online wallet security available, with the lowest costs and complexity.
Sepior™ ThresholdSig wallet security is available to cryptocurrency exchange providers and other providers of advanced wallet applications and services through technology licensing agreements with Sepior. Sepior will provide the key enabling software, toolkits, and licenses for you to implement wallet security services.
Crypto Wallet Client SDKs: Providing Threshold Key Management System (TKMS) libraries used by Java, Android (Java), and iOS (Swift) devices.
Crypto Wallet Service: providing TKMS service for exchange and custodial service providers.
ThresholdSig Wallet Security
Threshold signatures (ThresholdSig) implemented with MPC provide higher confidentiality, integrity, and availability than MultiSig, with the operational simplicity and blockchain efficiency benefits of a single key. Shares of a single key are distributed to multiple approving parties, rather than full keys as with MultiSig. Only t (a user defined threshold) of n (number of MPC configured parties) key shares are required to authorize a transaction, enabling secure transactions even if one or possibly more parties are unavailable. Distributed processing using MPC signs for the transaction, without ever producing a whole key on any device, at any time. The non-existence of a whole key mitigates the risk of theft, and the off-chain policy attributes of ThresholdSig yield tremendous operational benefits.
Maximum Security, and Maximum Transaction Density Too
ThresholdSig is very efficient in terms of blockchain transaction capacity. Historically, single signature transactions consumed the least amount of record space on fixed length cryptocurrency block, allowing for the highest number of transactions per block. Transactions signed for using MultiSig typically record multiple hashed private key addresses associated with multiple private keys. This can easily double the amount of record space consumed per MultiSig transaction, effectively reducing the number of transactions per block by up to half. This resulted in a tradeoff decision to either optimize for security, or optimize for transaction density. Fortunately, transactions signed for using Sepior ThresholdSig record only a single private key address to the blockchain, to provide the highest level of transaction density, while also providing the highest level of security. It’s kind of like having your cake and eating it too!
Institutional Grade Considerations
Anonymity and Irreversibility Elevate Security Stakes
The anonymous nature of bitcoins and the indelible ledger aspect of blockchains combine to create an environment where transactions cannot be reversed, even if they’re executed through fraud.
Therefore, security stakes for cryptocurrency exchanges and wallets are higher than any other form of online commerce.
Private Key Security is Paramount for Wallet Security
Cryptocurrency wallets use the combination of a public key and a private key to signoff the authorization of transactions.
The public key is shared with any party seeking to deposit funds into the wallet holders account.
The private key must be kept confidential and used only by the wallet holder, or an authorized custodial service provider, to sign off on the withdrawal of funds from the users account.
Security of the private key is paramount for sustaining security of the wallet and the associated bitcoins.
Over $1.6B in Losses and Rising
As of October 2018, bitcoins valued at more than $1.6B have been stolen from numerous exchanges and their associated customer wallets. In almost all cases, the theft was facilitated at least in part due to insufficient security of the private keys used to authorize the withdrawal of funds.
More effective wallet security is essential to achieving mainstream adoption with bank-backed exchanges.
Traditional Wallet Security – Choices of the Past
Traditional wallet security solutions use either a single key, or a multi-key signature scheme known as MultiSig for private keys.
The single signature scheme is typically limited to consumer grade wallets which are often provided free of charge and are suitable only for storing very small amounts of bitcoins, such that the losses are tolerable if the single key is stolen or lost.
For applications storing larger amounts of bitcoins, a multi-signature scheme is typically required to provide more checks and balances to mitigate the risk of theft.
A potential concern with multi-key signature schemes is the increased record space consumed on the fixed length blockchain, per transaction, resulting in fewer transactions per block when services become fully loaded.
MultiSig – The Former Benchmark For Wallet Security
Prior to the introduction of Sepior™ ThresholdSig, a single-key, multi-party, threshold-signature wallet security technology, MultiSig was considered the benchmark for crypto wallet security.
MultiSig uses multiple keys, allowing multiple parties to individually sign-off to collectively authorize an account withdrawal.
MultiSig is a dramatic improvement in security over single signature schemes, however it also has undesirable attributes:
increases the number of hashed signatures added to the blockchain, by at least 3 versus 1, reducing the number of transactions per block by up to 50% compared to single-key models,
increased key administration complexities associated with a unique key for each approver,
on-chain broadcasting of security policies and changes – specifying key holders,
the existence of full keys on approver devices which are subject to theft,
multiple on-chain key signatures materially increase mining workloads, elevating concerns over scale and sustainability.
ThresholdSig - The New Gold Standard for Wallet Security
Sepior™ ThresholdSig is resetting industry benchmarks for cryptocurrency wallet security, simplicity, flexibility, and mining efficiency. Key benefits include:
maximum security with multi-party approvers,
simplicity of business operation integration through the use of a single key,
up to 100% increase in transaction density per block (vs. MultiSig),
potential for lower miner transaction fees resulting from higher transaction density,
flexibility of a t (threshold) of n approval control,
decreased risks by eliminating on-chain broadcast of security policies and changes – keeping approvers anonymous,
greater administrative flexibility, through off-chain key and policy administration,
decreased potential for key theft by eliminating the need for a whole key on any device, at any time.
Sepior™ ThresholdSig achieves these new benchmarks in performance through patented techniques using secure, multiparty computation (MPC).
One Solution Supporting Both Wallet Providers and Subscribers
Sepior™ ThresholdSig is suitable for use by cryptocurrency exchanges and premium wallet providers to secure subscriber wallets, as well as the wallet they use to hold cryptocurrencies during the settlement process.
ThresholdSig Features & Benefits
Institutional-grade wallet security
Maximizing confidentiality, integrity, and availability of crypto assets.
Industry’s first threshold-signature wallet security
Security of multiple signature approvals with the on-chain efficiency of a single-signature.
Single-key transaction density yields preferential processing
High transaction density is attractive to miners and likely results in lower per transaction mining fees.
Maximizing transaction density enables better quality of service experience for happier end users.
Threshold approvals support – enabling (t of n) approval control for the real world
Approve transactions even if a device is unavailable or has been compromised.
Flexible off-chain policy changes – add / delete approvers, change policies without on-chain changes
Greater agility, providing flexibility on day to day operations, and navigate future regulations.
No on-chain broadcast of policies or changes
Increases privacy and reduces hacker knowledge.
Uses secure multiparty computation (MPC) - distributing key shares and computation across multiple devices to securely approve transactions
No whole key ever exists on any device, eliminating the potential for key theft.
Flexible key share recovery – MPC generation of new replacement shares through threshold (t of n) computation
Addressing real world issues, with operational simplicity.
Sepior™ ThresholdSig wallet security offers numerous benefits over MultiSig. Contact Sepior today to learn more about how to elevate your security, while reducing cost and complexity.