listen to this article:
In honor of Women’s History Month and #HyperledgerWomen, we interviewed Unbound’s Director of Digital Asset Security & Blockchain, Rebecca Aspler to get her thoughts specifically on blockchain security.
RA: “Worldwide spending on blockchain solutions reached 2.7 billion USD in 2019, and is projected to reach 15.9 billion USD over the next 5 years. The potential value of blockchain technology – its ability to ease and strengthen record-keeping for every type of data and as an asset class – cannot be overstated. But there’s serious security considerations which early adopters must keep in mind, even when the blockchain keys are not being used as currency.”
Why is securing blockchain keys a challenge?
RA: “Blockchain-based decentralized ledger technology (DLT) has been hyped as ultra-secure, as it removes the single point of failure when it comes to recording data transfer or transactions between two parties.
Unfortunately, the way the technology is built has introduced another critical flaw: blockchain key security is more vulnerable than traditional cryptographic keys.
Blockchain transactions are permanent, due to the technology’s immutability principle — i.e. that transactions are final and recorded on the decentralized ledger for all to see (in the event of a public blockchain).
Practically speaking, this means that sensitive data stored on the blockchain is particularly vulnerable to theft. Once the data is accessed, the user can keep it – forever.”
What does this mean for enterprise blockchain?
RA: “Enterprises examining using blockchain technology to store sensitive data should consider placing additional safeguards on their blockchain keys.
For example, traditional cryptographic keys are often stored in Hardware Security Modules (HSMs), before being physically accessed by a qualified employee for data transfer.
HSMs, in themselves, are excellent for storing data. However, since blockchain keys are vulnerable to theft from fraudulent key usage – i.e. a malicious actor does not need to physically access the key, only see it once in order to steal the data – HSMs alone may not be enough to protect blockchain structures.
While the scope of this article addresses security, additional factors may come into play when considering HSMs for enterprise blockchain applications.
Among them: hardware can be difficult to maintain, upgrade, and scale, whereas blockchains are, by nature, a constantly-evolving system which requires flexibility and scalability.”
What can enterprises do to ensure the security of their blockchain systems?
RA: “Astute enterprises should consider additional safeguards for their blockchain keys. Multi-party approval – systems which require multiple approvers to verify the signature on a blockchain transaction – will be critical for constructing appropriate workflows for sensitive data.
Technically speaking, two options exist for building these workflows: multi-signature approval systems (“multi-sig”), and multi-party computation (MPC).
Multi-sig consists of an online address built directly into the decentralized ledger system which allows linkage to more than one private key. In simple terms, a multi-signature address is (usually a Bitcoin) address that is linked to more than one private key.
Practically speaking, signing a multi-sig transaction involves a quorum of m-of-n (typically 2 out of 3) dedicated signatories adding their signature to a proposed blockchain transaction; added signatories should, in theory, prevent fraud by providing additional verification for any given.
Multi-sig’s disadvantages are in its lack of flexibility – most systems support, at best, 3 out of 5 approvals – and the custom development work required for advanced blockchain systems.
From a security standpoint, there’s an additional concern: an experienced computer scientist can determine the identity of the approvers via the metadata and some sleuthing.
Multi-party computation (MPC) enables a distributed model of trust based on splitting data into multiple shares, which are then distributed across multiple entities. The model is entirely software-based but does not strictly need HSMs to operate nor to provide high levels (FIPS 140-2) levels of cryptographic key security.
In the case of blockchain transactions, MPC is used for securing the blockchain private keys and executing the sign operation using key shares held by multiple signers.
Because keys always remain split into multiple shares throughout their lifetime – starting from key generation and even while in use – it is possible to protect the keys without requiring dedicated hardware like an HSM, and to establish advanced approval quorums without the complexity and cost of multi-sig.”
On decentralized finance:
RA: “Multi-party approval is critical for the decentralized finance industry – which is based on two critical principles: trust and security.
As tokenized assets become mainstreamed, an appealing aspect of using blockchain for FIA is the democratized nature of it. After numerous financial recessions and bank bailouts, democratizing the process is increasingly seen as a way of buying back public trust in the financial system.
Blockchain-based assets are key here due to the blockchain keys constituting the asset. Consumer control over their keys gives end-users a sense of agency over their own finances, and multi-party approval is the lynchpin for enabling this system.
With an MPC-based system, blockchain private keys can be generated as split entities – with most or all parts being entrusted to the client. As such, the end-user/financial client holds the ultimate control over the transaction – and the institution, for its part, can keep tight security on those assets by choosing an HSM or HSM equivalent.”
Rebecca Aspler leads the blockchain product line at Unbound Security, driving innovation all the way from prototyping, market-fit validation, roadmap planning to periodical features prioritization and specification. Furthermore, staying informed of the overall market landscape, Rebecca analyzes the digital assets and enterprise blockchain ecosystem, its products, vendors, and threats.