Crypto Wallet Security
Sepior’s ThresholdSig secure wallet and transaction technology is the new gold standard for cryptocurrency wallet security. Using the latest threshold cryptographic techniques, including multiparty computation (MPC), Sepior™ ThresholdSig delivers the highest online wallet security available, with the lowest upfront and lifecycle costs, and the lowest operational complexity.
Sepior™ ThresholdSig wallet security is available to cryptocurrency exchange providers and other providers of institutional grade wallet applications and services through technology licensing agreements. Sepior will provide the key enabling software, toolkits, and licenses for you to implement wallet security services.
Crypto Wallet Client SDKs: Providing Threshold Key Management System (TKMS) libraries used by Java, Android (Java), and iOS (Swift) devices
Crypto Wallet Service: providing TKMS service for exchange and custodial service providers
ThresholdSig - Setting New Standards For Wallet Security
Threshold signatures (ThresholdSig) implemented with MPC provides higher security, privacy, and availability than MultiSig, with the operational simplicity and blockchain efficiency benefits of a single signature. Shares of a single key are generated on the devices of multiple approving parties, rather than generating then distributing multiple keys as with MultiSig. Only m (a user defined threshold) of n (number of MPC configured parties) key shares are required to authorize a transaction, enabling secure transactions even if one or possibly more parties are unavailable. Distributed processing using MPC signs for the transaction, without ever producing a whole key on any device, at any time. The non-existence of a whole key mitigates the risk of theft, and the off-chain policy attributes of ThresholdSig yield tremendous operational benefits.
Maximum Security, With Minimum Transaction Fees
ThresholdSig is very efficient in terms of blockchain transaction capacity. Single signature transactions record one signature, historically resulting in the least amount of on-chain recorded data per transaction. This single signature attribute supported the highest number of transactions per fixed length block. Transactions signed for using MultiSig record multiple signatures associated with multiple private keys, typically two or three keys instead of one. Even with compression optimization schemes, the recording of multiple signatures increases the amount of total data recorded per MultiSig transaction by 20% to 60% or more. This reduces the number of transaction per fixed length block. As a result, miners typically charge higher transaction fees for MultiSig signed transactions. This resulted in a tradeoff decision to either optimize for security, or optimize for transaction density and lower costs. Fortunately, transactions signed for using Sepior ThresholdSig record only a single private key address to the blockchain, to provide the highest level of transaction density available, while also providing the highest level of security. It’s kind of like having your cake and eating it too!
Cryptocurrency Wallet Security Considerations
Anonymity and Irreversibility Elevate Security Stakes
The anonymous nature of bitcoins and the indelible ledger aspect of blockchains combine to create an environment where transactions cannot be reversed, even if they’re executed through fraud.
Therefore, security stakes for cryptocurrency exchanges and wallets are higher than any other form of online commerce.
Private Key Security is Paramount for Wallet Security
Cryptocurrency wallets use the combination of a public key and a private key to sign-off the authorization of transactions.
The public key is shared with any party seeking to deposit funds into the wallet account.
The private key must be kept confidential and used only by the wallet owner, or an authorized custodial service provider, to sign-off for the withdrawal of funds from the owner’s account.
Security of the private key is paramount for sustaining security of the wallet and the associated bitcoins.
Over $1.6B in Losses and Rising
As of October 2018, bitcoins valued at more than $1.6B have been stolen from numerous exchanges and their associated customer wallets. In almost all cases, the theft was facilitated at least in part due to insufficient security of the private keys used to authorize the withdrawal of funds.
More effective wallet security is essential to achieving mainstream adoption with bank-backed exchanges.
Traditional Wallet Security – Choices of the Past
Traditional wallet security solutions use either a single key, or a multi-key signature scheme known as MultiSig for private keys.
The single signature scheme is typically limited to consumer grade wallets which are often provided free of charge and are suitable only for storing very small amounts of bitcoins, such that the losses are tolerable if the single key is stolen or lost.
For applications routinely storing larger amounts of bitcoins, a multi-signature scheme is typically used to provide more checks and balances to mitigate the risk of theft.
MultiSig – The Former Benchmark For Wallet Security
Prior to the introduction of Sepior™ ThresholdSig, a single-key, multi-party, threshold-signature wallet security technology, MultiSig was considered the benchmark for cryptocurrency wallet security.
MultiSig uses multiple keys, allowing multiple parties to individually sign-off to collectively authorize an account withdrawal.
MultiSig is a dramatic improvement in security over single signature schemes, however it also has multiple undesirable attributes:
increases the number of hashed signatures added to the blockchain, by at least 2 versus 1, potentially reducing the number of transactions per block by 20% to 40% or more compared to single signatures models,
increased key administration complexities associated with a unique key for each approver,
on-chain broadcasting of security policies and changes – specifying key holders,
the existence of full keys on approver devices which are subject to theft.
ThresholdSig - The New Gold Standard for Wallet Security
Sepior™ ThresholdSig is setting new industry benchmarks for cryptocurrency wallet security, simplicity, flexibility, and blockchain efficiency. Key benefits include:
maximum security with multi-party approvers,
on-chain operational efficiency of a single approver,
up to 40% or more increase in transaction density per block (vs. MultiSig),
lower miner transaction fees (consistent with single signature transactions),
flexibility of a m (threshold) of n approval control,
decreased risks by eliminating on-chain broadcast of security policies and changes – keeping approvers wallet owners anonymous,
greater administrative flexibility, through off-chain key and policy administration,
decreased potential for key theft by eliminating the existence of a whole key on any device, at any time.
Sepior™ ThresholdSig achieves these new benchmarks in performance through patented Threshold Cryptography techniques using secure, multiparty computation (MPC).
One Solution Supporting Both Wallet Providers and Subscribers
Sepior™ ThresholdSig is suitable for use by cryptocurrency exchanges and premium wallet providers to secure subscriber wallets, as well as the wallet they use to hold cryptocurrencies during the settlement process.
ThresholdSig Features & Benefits
Institutional-grade cryptocurrency secure wallet and transaction technology
Maximizing security, privacy, and availability of digital assets.
Industry’s first threshold-signature wallet security
Security of multiple approvers with the on-chain efficiency of a single-signature.
Single-key transaction density yields preferential processing
High transaction density is attractive to miners, resulting in lower transaction mining fees.
Maximizing transaction density enables more transactions per block, benefitting users, exchanges, and miners.
Threshold approvals support – enabling (m of n) approval control for the real world
Approve transactions even if a device is unavailable or has been compromised.
Flexible off-chain policy changes – add / delete approvers, change policies without on-chain changes
Greater agility, providing flexibility on day to day operations, and navigation of future regulations.
No need to create and distribute new keys when adding, changing, or reducing the number of approvers.
No need to change published account numbers which are linked to public keys due to the ability to accommodate changes without mandating a change to the key
No on-chain broadcast of policies or changes
Increases privacy and reduces hacker knowledge.
Uses Threshold Cryptography with secure multiparty computation (MPC) - distributing key shares and computation across multiple devices to securely approve transactions
No whole key ever exists on any device, minimizing the potential for key theft.
Flexible key share recovery – MPC generation of new replacement shares through threshold computation
Addressing real world issues, with operational simplicity.
Sepior™ ThresholdSig SWAT offers numerous benefits over MultiSig and single signatures. Contact Sepior today to learn more about how to elevate your security, while reducing cost and complexity.