There are nightmare scenarios floating around the blockchain industry regarding the possibility of the attacks that pose threats to all of the assets that are part of the technology (check “51%” in our glossary). The interest is high not only because those assets are in growing demand daily but because, unlike in traditional financial systems, the corrupt transactions can’t be reversed.
We are going briefly into what the aim of blockchain itself is, what the cryptography situation is and further on, we will introduce one of the solutions that is starting to gain momentum, which means CryptoAPIs is here to grasp it.
Simply put, the technology aims to make peer-to-peer transactions possible without the necessity of intermediaries, thus without the risk of being hacked. For the latter to become valid, the proclivity of enhancing crypto security’s credibility was essential in all blockchains: such as the bitcoin, ethereum, litecoin etc.
Dependence exists on a trusted third party with which privileged insights are halfway mutual and stored. You can trust the platform to the degree you can trust this third party. In the event that an insider poses threats, all credibility is put at risk.
There are two essential parts to the whole cryptography situation: a standardized algorithm and a secret key. It started gaining attention in 1970s, by applying asymmetric cryptography to the internet systems with 2 keys: public and private for encryption and digital signature, which meant the generation of:
Public and Private keys
Process of Decryption/Verification
Digital signature allows for the private key to create a unique “mark” that represents authenticity to the transaction made. In blockchain, these signatures go through validation and show a public statement by the private key. This underpins the meaning of a certain limit for the number of parties which may be hacked, conceivably going astray from the defined protocol, and still permit valid cryptographic tasks to continue.
Cryptography in Blockchain
In blockchain, there are two models of technology where this is applied:
Hardware security models:
Hardware/cold wallets such as: ledger and trezor with a reputation for their cryptocurrency storing security due to the fact that the keys are present only in the device. Still there are some vulnerabilities: ⚈ Just last year, researchers showed the possibility to hack this model. ⚈ In certain utilization cases, specialized servers implement a certain business logic, and if that is fulfilled, access to the model is conceded, becoming the gateway to the wallet. This poses the threat of the wallet being accessed and changed. ⚈ It has certain limitation set by government standards.
Exchanges prefer this model, but they have proven to be very vulnerable, which is the reason why some of them now provide insurances. These vulnerabilities/errors can either be technical or human.
Similarly, this separation can result based on the management of the blockchain assets, which still revolves around two types:
Self-managed: still hackable.
Third-party such as an HSM to securely store the private key, but that have ended up with hacker cases such as in Japan, Hong Kong, Canada, Malta.
Finally, the point is secure key management has huge importance in the security of the blockchain, which means 1/more entities possess total control over a distinct private key of their own and the points of failure centralize to a single support.
This is controversial to the whole concept of decentralization.
The preferred solution would provide the possibility to not have the power of the key in the users’ hands, rather for the option to set the account in the simplest way and later on have a wallet that is practical and interactive with blockchain.
Scope of technology used
This alternative solution includes 3 concepts:
Principles of distributed computation
Multi-Party Computation (MPC)
Multi-Party Computation (MPC)
MPC – Multi-Party Computing is a technology event where multiple non-trusting computers can conduct computation on their own unique fragments of a larger data set to collectively produce a desired common transaction. Certain elements represent MPC for being able to correctly put this into action:
None of the nodes of the blockchain has “knowledge” on the details of the others’ fragments
The private key’s value is created in a collective manner from all the participating nodes, not from one single computer
MPC serves in several startups such as Zengo, Unbound and Enigma.
Therefore, MPC enables this sharing in generating and computing the fragments of the private key, which allows to compute across the shares of the participating parties. Hence, it generates the digital signature or decrypts data without ever having to produce or recreate a whole key on any appliance at any time.
Moreover, the benefits are huge in comparison to the two widely used models in crypto security so far:
Eliminating the potential that one party becomes corrupted and misuses the key.
It eliminates the dependency on specialized secure hardware appliances.
Assures accurate and secure cryptographic operations even with widely distributed, potentially mistrustful devices or clouds.
It doesn’t require any special forms of physical security.
In a nutshell, it simply provides the much-needed certainty that our funds will be tact and secured.