SECUROSYS BLOG

Protecting the Crypto Stash with Multi-signature, Multi-party Computation and HSMs: Part I

Written by Tomas Forgac | Feb 05, 2020

We compared Multi-Signature, Multi-Party Computation, and Hardware Security Modules to find out which one would be the best at protecting crypto-currencies and assets while also meeting operational, business, and regulatory requirements. 

In this series of posts, we’ll explore the various facets of safeguarding cryptocurrencies and other crypto assets. While our main focus will be on security, we’ll also consider scaling, business and regulatory aspects.

We took a look at the different technologies and methods available for custodial platforms. These range from open-source cold-storage standards that use on-chain multi-signature schemes to Secure Multi-Party Computation, finally reaching the Hardware Security Modules created by both legacy manufacturers and Securosys.

And while the introduction of crypto currencies induced a paradigm change, a one-time misuse of a private key can lead to astronomical losses. What does this mean for the evolution of Hardware Security Modules built for legacy PKI applications?

These articles are primarily a result of our own research, which we conducted to find out whether our core business is still relevant to this rapidly growing industry. Though the main goal was to help us decide on our own strategy and a potential pivot therein, we believe it’s worth sharing the insights we gained and to collect feedback on our conclusions.

What are the vulnerabilities?

Rather than arbitrarily comparing solutions, we looked at various attack vectors and failure modes. On top of that, we analyzed how different approaches help custodians defend against and prevent such events. The types of vulnerabilities we analyzed are:

  • Physical access to the key material
  • Unauthorized operations with the keys that allow the attacker to sign asset withdrawal transactions
  • Randomization algorithm weakness, which could be exploited to compute what should be an unguessable key
  • Calculation of private key data from its respective public key (something currently prevented by design of the asymmetric cryptography, but is potentially feasible with future quantum computing)
  • Hardware failure leading to the loss of private key material

 In the following sections we will go over the protection schemes against the different vulnerabilities.

Attack Vectors

Gaining physical access to the key material is the most common attack vector, so that’s the one we’ll look at first.

Physical access

It’s enough to simply copy the data the private key consists of in order to sign a transaction that involves transferring cryptocurrency. That can be a serious issue, for example if a malicious external attacker gains privileged remote access to the filesystem, a hosting center administrator (ab-)uses their physical access to the data storage, or an employee copies the key to their private storage.

An offline approach with well-established operational procedures, such as the Glacier Protocol, provides adequate protection for an individual long-term holder. The user can store their key in a secure vault, encrypt it using a passphrase, use multi-signature and split the keys to multiple protected locations, or combine all three of these methods. However, this isn’t possible when a business application is involved – the application must have the ability to conduct transactions semi-autonomously. This means that the key must be accessible online immediately – or at least on a reasonably short notice. Of course, protecting the key by human passphrase input is impossible/ unfeasible for real-time transfers.

How can security be ensured for asset balances that need to be available online? Of course, the physical exposure of the key material still has to be limited. Additionally, the asset transactions can be subjected to multi-signature authorization. This splits the signature authority amongst multiple physically segregated systems. However, unless the physical storage of these systems is absolutely tamper-proof, the complexity of the attack merely grows linearly in proportion to the size of the required quorum. The physical security could theoretically be strengthened by hardware key devices. For this to work, though, they’d have to be kept safe, especially since they aren’t sufficiently tamper-proof either. Either way, they aren’t built to be highly reliable, and the redundancy they require introduces even more possibilities for their physical misuse.

Some solutions that are based on Secure Multi-Party Computation (SMPC) improve the multi-signature approach by shuffling the split key material both randomly and frequently. This would require the attacker to gain access to all parts of the key at the same time. However, given that these solutions are software-based and have to be online, thereby relying on unprotected forms of storage, a successful attack would only require linearly proportional amount of work and patience on the side of the attacker.

It is indisputable that, despite their shortcomings in other areas, this is where Hardware Security Modules triumph. They build on decades of the best practices to prevent attackers from getting physical access to the data they protect by using the following methods:

  • Preventing a business application from copying the key material itself: it is only allowed to request operations with the keys, which are then conducted within the device – only the result of the operation is returned.
  • Tamper-proof physical protection for the key storage: a set of sensors detect any attempt at gaining unauthorized access to the keys – in the event of an attack, they render the storage indecipherable.

What’s next

In the upcoming posts we’ll take a look at side-channel attacks, randomization weaknesses, quantum protection, and – most importantly – preventing unauthorized transactions. We will also explore protection against hardware failures along with business and regulatory considerations, while considering the trade-offs and trust involved in various approaches, and their respective developer experience.

 

You can find more information on the safeguarding of crypto assets here.