What Makes a Secure Digital Asset Custodian — HSM vs MPC?
“Excellence in overcoming inherent risks and complexities of crypto asset safeguarding and administration is becoming a key selection criterion for clients choosing institutional investors and service providers.”
Alex Batlin, Founder and CEO, Trustology
We explore two solutions — HSM vs MPC — for institutional crypto assets custody and how each meets the demand for security and personal risk to the client. The long-term capital growth prospects of cryptocurrencies and digital assets have seen institutional adoption on the rise. Institutional investors and service providers in crypto markets are going to need greater scale, flexibility and added security measures to build, run and operate a successful digital assets business in real-time with low latency. However, security and risk mitigation practices in private key safekeeping for multi-user financial organisations are still a concern. Even new and innovative technology like MPC is not immune to failure with recent news on some clients losing their keys and millions in assets. Expertise, therefore, in the planning of risk controls and contingencies is of the utmost importance. Read on to understand what’s best for your institution.
Hardware security modules, HSMs, are dedicated computing devices designed for the safe storage and use of cryptographic keys. What makes them unique is the hardened nature of their operating system, libraries and the ability to wipe key material when they detect attempts to interfere with the device. They have been long trusted by banks and payment networks, managing trillions of payments worldwide for over 30 years now, indicating decades of in-field deployment experience. They are not, however, without their downsides; complex to configure and programme, hard to scale and with limited capacities, and they can often not be the first choice in the face of alternative solutions.
Multi-party computation, MPC, is another long-standing technology, having been utilised as early as the 1970s. Based on the ability to cooperatively compute the solution to a function while keeping each party’s inputs secret, these algorithms have increasingly found favour in the world of blockchain and crypto assets in the last 5 years. The cutting-edge mathematics that these algorithms are based on maybe intractable for most, but promise secure threshold key signing without any one party holding the entirety of the key (key sharding). Some MPC providers, for instance, furnish the underlying infrastructure needed to provide custody, but take on a ‘shared or collaborative’ approach with their clients where they are in part custodians themselves responsible for the backup and recovery of their key shard. Again, although this sounds great in theory, in practice they still come with challenges around ensuring that the key shards that each party holds are secure and resilient in the face of failure. Additionally, as the number of signatories increases, scalability becomes difficult.
Scalable HSM — A Higher Security Module That’s Safer, Faster and Easier for Institutions
Trustology is one of a handful of service providers using HSMs. But the devil is in the details. By re-signing transactions with our proprietary firmware running inside HSMs, we mitigate an important attack vector. Whilst the HSM may keep the wallet key safe, and even if other providers also use some form of end-user hardware to authenticate transactions, hackers can still compromise the transaction if policy validation and re-signing are performed in software. It is this unique re-signing technology that enables us to easily adapt to any signature schemes like BLS but also to different blockchains and protocols.
“Trustology’s digital asset management solutions have provided us with the comfort we need, particularly from a security and compliance perspective. The technical quality of their solutions, their favourable FCA positioning, and the collaborative disposition of their team all contribute to Trustology being an excellent enabler in a complex industry.
Ciaran MacDevette, Co-Founder, Bakari AG
To address the challenges of scale, Trustology began by making each HSM device stateless; each customer wallet is generated securely inside one of our HSMs by our bespoke firmware, but then the key material is wrapped and backed up to the cloud when not in use to ensure resilience. At the time of generating the wallet, we also attach a cryptographically signed policy that details the rules defining who can spend assets from the wallet and who can change the policy in the future. Each signing operation is treated atomically, with the wrapped key material and signed policy data being sent back to any of our HSMs along with data to authenticate the transaction. As long as at least one of our HSM devices is available then signing can proceed in less than one second.
The other facet of scaling is the limited storage on the HSM device. The above solution, where data is stored in the cloud, manages to mostly sidestep this issue, the only piece of data that each HSM stores in relation to a customer wallet is the current policy version number, preventing replaying of old policy data once it has been changed. These capabilities have allowed us to scale to tens of thousands of wallets, each having an almost infinite number of keys within them while maintaining our sub-second signing capability.
Each HSM only needs to be commissioned with a minimal set of keys, symmetric keys for wrapping key material and asymmetric keys for signing policies and ensuring provenance, and new devices can be provisioned within a few hours.
The policies associated with wallets define which combination of client keys can be used to authenticate a transaction. These client keys, which are used to verify customer authenticity and have no algorithmic relationship to the custodied key material, are stored inside the iOS device secure enclave or alternative secure key store services like AWS Key Management Service or Azure Key Vault. By leveraging these technologies we ensure hardware-based security across our entire service.
“Trustology’s commitment and unique approach to safeguarding assets, and enabling fast custody across chains and protocols without compromising on security or access make it the perfect custody partner for our burgeoning ecosystem.”
Lars Holst, Founder and CEO, GCEX
The Breakdown: Scalable HSM vs MPC
“Trustology has built a robust and reliable crypto custody and transfer platform that has allowed us to add an additional layer of security in safeguarding our crypto assets. The whole team is highly competent and has been very helpful and timely with any queries we have had.”
James Kilroe, Co-founder, Tendex GmbH
In today’s fast-paced, evolving crypto markets, it may be more prudent for institutions to diversify their custodian network to effectively manage security and risk. A combination of tried and trusted technologies with solid multi-party processes (multiple custodians) can ensure institutions get the best of both worlds.
Trustology has taken trusted HSM technology and scaled it for the blockchain age, ensuring resiliency and scalability for our customers’ signing needs, debunking the myth that HSM multi-sig solutions can no longer support the needs of institutional investors and service providers in crypto assets. Our solution can meet any complex quorum rules, is protocol and blockchain agnostic and ensures any policies or rules set is met with our bespoke resigning technology firmware. Custom integrations with MetaMask and WalletConnect enable secure access to any Ethereum based DeFi DApp today.
If you truly believe in “Not your keys, not your coin” then come and speak to us about having your own dedicated on-site HSMs backed by our infrastructure.
London-based Trustology is focussed on developing solutions to help institutional, corporate and private clients safeguard and administer crypto assets in a safer, faster and easier way on-chain, on-DeFi, and on-exchange. Founded in 2017 by Alex Batlin and a team of experts in global banking and financial technology, Trustology is backed by ConsenSys, a global blockchain company, and Two Sigma Ventures, an early-stage venture capital fund of Two Sigma.
Securely trade, lend, borrow or hedge with DeFi and TrustVault custody
Trustology partners with OTC broker GCEX