Crypto Wallets are nowadays an almost integral part of the blockchain and crypto enthusiast’s life. And not only - basically every crypto-related business, SME or Enterprise, needs such a Wallet with the potential to manage multiple deposit addresses and is secure enough to transfer funds and assets risk-free for all day-to-day operations.
Most Crypto, or Digital Wallets are developed as a Product-as-a-service, which means they are provided as a service on a subscription base, rather than being available as a one-time buy software. Wallets-as-a-service, or WaaS for short, are designed to securely store funds and assets, and are a reliable tool for its user to broadcast transactions to and from them, much like a real Wallet, that you always keep in your pocket or purse.
As it may be noticeable, the main keyword used when discussing Digital Wallets, is precisely “security”. Many variations of Digital Wallets and Wallets-as-a-service exist, all developed by different providers and designed for different purposes, needs and preferences. What is most important about such a software though is to know how it signs transactions as this is the main security aspect.
The process of “signing a transaction” is a vital part of making modifications to the stored funds and assets. By providing proof of their authorization right over their Wallet, users can only then broadcast transactions. There are a few authorization methods that are most commonly known and used for Digital Wallet development - Single Signature, Multi Signature, and Threshold Signature Scheme.
How transaction signing works
When owners of a Digital Wallet want to broadcast funds to an outside source, they must first authenticate themselves as authorized to do so. This is most often done with private keys which the member(s)/node(s) use to sign the transaction. If approved it is then broadcasted and the private keys leave a “fingerprint” known as a signature.
Depending on the authorization method used there may be different policies that apply to the transaction signing - a minimum number of private keys, number of signatures generated, etc.
Single Signature, or Single-Sig, is one of the most used and simple transaction authentication methods. It requires only that single user’s (owner) private key. It is a very simple way to authenticate transaction requests and is usually used for personal and/or smaller Wallets. Individuals or private figures also chose Single-Sig Wallets because they are easier to navigate.
At the same time though Single-Sig Wallets are the easiest to compromise. Having only one signature for transaction signing brings all the dependency for security and privacy onto that one user, which is not enough as modern Internet times have proven it. SIngle-Sig Wallet do not possess any backup, escrow service, additional signing member, and rarely even have any disaster recovery functionalities. This type of Wallet may be the most common one, but it has less security, privacy or additional features.
Multi Signature, or Multi-Sig, is a method of authenticating transactions through multiple signatures, as the name suggests. It involves two or more members each with their own private key. With Multi-Sig Wallets there are also various rules in place that dictate e.g. the minimum signatures needed to sign the transactions - 3/5, 5/5, 5/8, etc. Multi-Sig is more preferred to Single-Sig and provides more security and less chance for malicious attacks. Even if a member and their key are compromised, it wouldn’t be enough to access the Wallet API and authorize transactions due to the custom policies for transaction signing.
Still, with Multi-Sig Wallets there are drawbacks, too. Such Wallets are very difficult to set up and data recovery from them is cumbersome. Moreover, after transactions are signed all members’ key signatures are recorded and visible in the transaction record which can be a potential problem for data leaking.
Threshold Signature Scheme
The Threshold Signature Scheme, or TSS, so far is the authorization method that provides the most advanced level of reliability possible while users sign and broadcast their transactions. The mechanism represents a distribution system of key shares to all signers/nodes involved.
This means that however many parties are involved in the transaction signing process, there is only one key which is distributed among all of them. Each signer basically holds a “key share” which if compromised, does not critically affect the Wallet’s processes or transaction authorizations, and does not threaten the integrity or security of said Wallet.
Moreover, TSS creates only one signature in the transactions record after signing. This assists with privacy and prevents data leaking.
Custodial vs. Non-Custodial vs. Co-Custodial Wallets
Digital Wallets and Wallets-as-a-Service can be also categorized as Custodial and Non-Custodial Wallets. This defines whether the private keys are kept by the owner of the Wallet or the provider.
Custodial Wallets represent third parties which hold the user’s private keys and basically have full control over the funds. With such Wallets owners only give permission for transactions and payments. These Wallets are usually not as preferred as non-custodial ones, but they do have their advantages. Custodial Wallets don’t have any transaction fees, their owners cannot misplace the private keys as they don’t hold them, and there is a higher backup possibility.
Still, the fact remains that the owners do not have any authority over their own funds and Wallet. They must at all times communicate with the provider to be able to operate with the Wallet. Custodial Wallets are also most often threatened by data breaches and need of KYC (as many don’t have ID verification).
Non-Custodial Wallets on the other hand provide full control over the Wallet and its funds to the user. This way they become their own bank, don’t require the assistance of the provider to make transactions, and hold their own private key. The private key itself can be either a mnemonic seed, which encapsulates the real private key in a 12-24 word value, or a raw private key, which represents the raw form of the actual alphanumeric string of the private key.
With non-custodial wallets users can operate easily, withdraw and broadcast transactions instantly, and there are no major drawbacks except the fact that users must be responsible for the quality security of their key. Overall, non-custodial wallets are more preferred to custodial ones.
There are also variations which mix the two types - custodial and non-custodial. They are referred to in different ways, sometimes semi-custodial, other times co-custodial, etc. Such Wallets possess qualities of both types. With custodial wallets the control is completely in the hands of the provider without almost any say of the user. While with non-custodial wallets users do have the entire control but do not have the provider's backup. The ideal Wallet would be a mix of the two, the user would have complete control over their Wallet and funds but will also have backup assistance from the provider.
What is MPC?
Multi-party computation, or MPC, is a cryptographic protocol that allows two or more parties to process joint and parallel computations without risking data leaking. Each party is usually represented by its own node and sometimes a third-party node acts as an escrow. Additionally, no member can view the data of the other parties involved. Basically, with MPC data is analysed without ever sharing it.
MPC can be safely and easily applied to Digital Wallets and Wallets-as-a-Service. It usually comes hand-in-hand with the Threshold Signature Scheme, since it works with many members/signers and it again generates one single signature after a transaction is complete. After that the MPC layer will distribute that signature among all members so that the integrity and accuracy of the transaction is ensured.
MPC is flexible and blockchain agnostic, it can easily be onboarded with new cryptocurrencies, and uses the standardized cryptographic signature algorithm ECDSA. The MPC functionality is not affected by any code modifications, hard forks or the emergence of new blockchains or crypto coins and tokens. It is scalable and flexible for all of your devices - mobile, desktop, and server.
What is the problem with Digital Wallets and WaaS?
Everything so far sounds good, doesn’t it? Many options for Digital Wallets exist. Still, despite all efforts, most Wallets face problems of various natures.
- Some companies decide to rely on Single-Sig only without applying any additional security;
- Others decide to use Multi-Sig, which can also have issues and limitations, such as difficulty when setting up a Multi-sig address and Wallet, as it requires technical knowledge. Moreover Multi-Sig Wallets lack flexibility and integration capabilities;
- Some Wallets are designed as fully custodial, which is an unpreferred option for most clients, as they would rather have control over their own funds. Then other Wallets are completely non-custodial which is a step in the opposite direction and hides risks such as user error resulting in a lost key. Then there is no support or way to assist;
- Some Wallets integrate only MPC, but the provider hosts all of the nodes. This is a potential issue for data breaches and not secure at all in cases of technical/nodes failure.
Moreover, most Wallets’ biggest drawback most often seems to be their strongest feature. Confused? You should be. It turns out that the complex architecture of most security functionalities and authorization methods applied, render the Wallet unusable and hard to navigate. And everyone in the software engineering world knows that an unfriendly UI/UX will make the customers decide to just not use it.
What do Digital Wallets and WaaS need?
Digital Wallets and Wallets-as-a-Service need to find that golden mean among security, usability and backup. The ideal Digital Wallet should possess the following features:
- Be a Co-Custodial - most customers want to have complete authority over their assets and Wallet, while at the same time have a backup option for e.g. lost keys with the provider. This can only be done with a hybrid custodial Wallet, or a co-custodial Wallet, i.e. a mix between custodial and non-custodial.
- Have a more advanced and secure way to sign transactions - Single-Sig is not an ideal way to sign transactions in your Wallet; a method with more safety measures and better authentication process is required to ensure that the transaction is true and risk-free, such is TSS right now.
- Have a backup ot escrow service - customers will always feel more secure and stress-free about their digital assets if the Wallet they used had a backup option or escrow service.
- Have additional security functionalities - to protect from most Internet attacks, hacking attempts, spoofing, etc., additional safety features must be in place to protect from all types of security threats, such as man-in-the-middle-attacks, which are one of the most common types of attacks over Digital Wallets and WaaS.
- Have multiple approvers - using an approving system of many members seems to work far better than Single-Sig where only one is at place.
- Have distributed nodes and keys - so far the best option for Digital Wallets is to have nodes distributed in different locations and a distributed key system, rather than separate signing keys. For this purpose, MPC + TSS work the best.
- Be user-friendly and have high usability quality - this is a tricky one as most Wallets which have high security seem to lack good usability and are difficult to operate. This problem can nowadays be solved with some development time and MPC+TSS.
- Be blockchain agnostic - a Wallet which is hard to integrate or cannot at all or easily onboard new cryptocurrencies is not what the general or enterprise customer wants. The Digital Wallet must possess blockchain agnostic properties and not be affected by code modifications, hard forks or the emergence of new blockchains or crypto coins and tokens. So far MPC provides this flexibility, which also leads to good scalability.
Crypto APIs 2.0 WaaS?
In our last article we hinted about a new product that we are planning to develop and add to Crypto APIs 2.0. This product is our very own Wallet-as-a-Service.
This article is not just for informative purposes but is also a reflection of our long research of finding the best mix of features and functionalities that would produce a desired and high-quality software product.
We designed our Wallet-as-a-Service to feature:
- Multi Distributed nodes - three nodes participating in generating the Wallet, with a 2/3 signing scheme. Node 1 is hosted and controlled by the client, Node 2 is a dedicated node hosted by Crypto APIs, Node 3 is hosted and controlled by an escrow service provider. The three nodes communicate with each other either when the Wallet is being created for the first time or in case of an emergency to refresh the keys.
- MPC+TSS - Multi-Party Computation in partnership with Sepior, along with Threshold Signature Scheme provide for an easily operable Wallet, with a key distribution system among (by default) three different signing members, blockchain agnostic properties, and no data-leaking.
- Escrow service - Crypto APIs has partnered with an escrow service provider to ensure escrow security service and a backup functionality for Crypto APIs 2.0 WaaS.
- Co-Custodial - a Digital Wallet that is completely owned, managed and controlled by its user but possesses custodial qualities which can come in handy when a user/human error occurs.
- More safety features - a settlement layer, security audits, functionalities against spoofing and man-in-the-middle attacks, AML, anti-transaction-fraud, KYT, address rotations, Governance layer, custom limits and rules, and more. 🧐
We strived to create the best, most secure and at the same time most easily usable version of a WaaS possible for all blockchain and crypto enthusiasts and businesses. We partnered with the best to provide an escrow and backup service and applied the finest mechanisms for transaction signing there currently are.