2018 has seen some spectacular cyber heists in the crypto space. These ranged from the $534 million hack of crypto exchange Coincheck in January, $195 million hack of Bitgrail in February to the $40 million cyber fraud at crypto exchange Coinrail in June. The nature of cryptocurrency, together with an embryonic and ill-prepared crypto exchange sector has meant that it’s been a hackers paradise.
Losses of this magnitude are unsustainable and with that, solutions are beginning to emerge to deal with the problem. Cryptography software company, Sepior recently launched its Thresholdsig wallet security software for cryptocurrency exchanges and institutional traders. This is a promising development for the industry as its product is the first in the industry to be based on multiparty computation (MPC). In speaking with The Bitcoin Mag, Sepior CEO Ahmet Tuncay explained its product offering:
“The idea is that one key might exist in the client device, which might be an iPhone for example. Then another key might be the broker and a third key might be a trusted third party. As long as there are a number of signatories to a transaction, it must be secure and valid.”
Rather than using separate keys, MPC needs just one key with all parties possessing a part of the key – no one party possesses the whole key. Whilst this approach clearly has advantages in terms of security, it also assists in terms of privacy. Frank Wiener, Chief Marketing Officer with Sepior clarified:
“You get the improved privacy of a single signature whilst you still have the full security aspect of multiple approvers.”
Added to this is the fact that Sepior’s solution optimizes on-chain efficiency by keeping the multi-sig process within one single signature. As the block sizes are fixed in blockchain, you can’t get as many transactions on the same block. Multi-sig usually adds an overhead of up to 40% in terms of space allocation on the blockchain. However, Sepior’s use of MPC technology means that this overhead is negated.
Japan’s SBI Group recently announced an agreement to license Sepior’s Threshold-Sig Wallet Security technology and to jointly develop a proprietary wallet to secure the on-line contents and transactions on SBI’s virtual currencies exchange platform, VCTRADE.
Representative Director, CEO and President of SBI Holdings, Yoshitaka Kitao, commented on the announcement:
“After extensive investigation, our security research team determined threshold signatures based on multiparty computation (MPC) offered our desired level of security, performance, and scalability needed to manage transactions for our growing SBI Virtual Currencies customer base.”
The functionality of Sepior’s offering extends beyond securing funds on cryptocurrency exchanges. It also provides privacy control on permissioned blockchains. Distributed ledger technology is being used to store smart contracts and data on enterprise level blockchains with a view towards automating the execution of contracts.
Various stakeholders in the process can get the data they need from the blockchain, execute their contractual obligations and update the blockchain accordingly to reflect this with the distributed ledger showing a history of all steps of the transaction.
The issue that has emerged with this process is that enterprise level data is extremely sensitive. Not all stakeholders to a process need to have access to all of the data – they just need sufficient access to effect their contractual obligations. With this in mind, Sepior offer a solution – Sepior Threshold KMS – which provides privacy control so that different users who access these smart contracts on the blockchain have visibility only to the precise information they need to conduct their part of the transaction.
The underlying technology used is similar to that which the company uses to secure cryptocurrency exchange hot wallets but it has been optimized for this specific use case in terms of granular data access control on permissioned blockchains.
Hyperledger Fabric has become the go-to choice for many enterprises running permissioned blockchains. It provides for granular access control. However, the issue is one of scalability with an inordinate amount of virtual channels required.
The other approach which may be taken is through cryptographic segregation where parts of the master data is masked. The difficulty switches from that of infinite channels to managing multiple encryption keys. Traditionally, this would involve a hardware security module but Sepior is disrupting this methodology by use of a software based key management system. “We can provide a very granular upper object encryption strategy for a blockchain that will allow businesses to selectively obfuscate the data” explains Tuncay. Sepior’s solution is off-chain and thus, blockchain agnostic.
The long list of hacked cryptocurrency exchanges in recent times has been an embarrassment for the industry, threatening the credibility of crypto itself. There are so many aspects of cryptocurrency which need to be developed to make it a truly market ready proposition. Hopefully, solutions such as this one will at least consign exchange hacking to the past.