Secure Encryption Key Management Modules, Explained

What are cryptographic keys, and why should they be kept safe?

A cryptographic key is a string of data that is used to encrypt data (to the data secret), decrypt data (to perform the reverse operation), sign data (to ensure the data is authentic), or to verify a signature.

Encryption keys come in two forms: symmetric or asymmetric. In a symmetric algorithm, the key to encrypt and decrypt is the same, while in an asymmetric algorithm, the keys are different, with the encryption key being called the public key and the decryption key being called the private key.

For authenticating data, we often think of signing and verifying as an asymmetric algorithm.

If Alice wants to send a secret message to Bob using symmetric cryptography, she will generate a cipher — or key — to encrypt that data. Bob receives the encrypted message and can decrypt it once he has the key.

The problem is, how does Bob get the symmetric key to decrypt the message? Clearly this cannot just be sent out in the open, thus Bob needs a different technique to obtain the secret key. This is known as the key distribution problem.

In the mid 1970s, this problem was solved by the invention of the asymmetric form of cryptography mentioned above, which is often called public key cryptography. Using public key cryptography, Alice sends her message to Bob and encrypts it using his public key. Anyone can intercept the message, but only Bob can decrypt it using his private key.

In cryptocurrency, public keys are assigned to wallets, and a public key is valid if there is some cryptocurrency in the wallet.

For Alice to send Bitcoin (BTC) to Bob, she simply signs a transaction with the private key associated to the wallet from which she is spending it. The transaction says that the associated Bitcoin should be attributed to the wallet with Bob’s public key. The miners validating the transaction need to check that Alice’s wallet has enough Bitcoin in it, and that the signature is correct. They do not need to know who Alice or Bob actually is.

It is very important to keep private keys private.

If a malicious third party gains access to Alice’s private keys, they have full control over all of the currency in her wallet. Hackers expend much time and energy devising elaborate phishing scams designed to dupe users into revealing their private keys.

What is Multisig?

Multisig, also known as multisignature, involves using more than one public key to authorize a transaction.

Alice’s Bitcoin payment to Bob explained above could be considered as a “single-signature” transaction, as only Alice needs to use her private key. In a multisig transaction, multiple signatures are verified against a defined quorum structure.

For example, if Alice and Bob decide to open a business together they could apply multisig to their business wallet. The wallet corresponding to Alice and Bob’s joint account has two public keys. If they want to send a payment, both must use their private keys to authorize the transaction.

Multisig can also be set up with more complex configurations, often called N-out-of-M. This means that for any given transaction approval, N approvals out of M total approvers must be provided. So, a multisig setup could require that a majority of approvals is needed in order to verify and complete the transaction, such as 3-out-of-5 or 5-out-of-8.

Multisig is used as a way of enhancing account security. The idea is that, even if one set of private keys is lost or stolen, the funds are secure.

What is a hardware security module?

A hardware security module, or HSM, is a piece of specialized physical hardware designed to keep keys secure and carry out cryptographic operations.

HSMs are an additional layer of security for protecting private keys, and have traditionally been used in standard banking.

When you place your ATM card into a machine, it engages in a protocol with the HSMs that are inside the bank’s data center. The HSMs store all of the cryptographic keys needed to operate the bank and authenticate ATM cards.

A traditional bank has millions of secret keys that need to be managed, and each ATM or credit card will have its own symmetric key, or private key, as well as various other entities within the bank. This creates a huge key management headache for banks in creating keys when a new card is created, destroying keys when a card is revoked, rotating keys, and so on.

These functions are resolved through the bank’s HSM infrastructure. As a traditional bank is only as secure as the security around these cryptographic keys, the HSMs are designed to be resistant to intruders, including intruders working for the bank.

They are designed to be tamper-evident, providing evidence if someone tries to break into them, or they might even self-destruct upon detecting unusual activity such as someone trying to open the HSM.

To provide additional layers of security, HSMs are often housed deep within the secure data centers of the bank.

What is multiparty computation?

Multiparty computation, or MPC, allows different parties with their own private inputs to conduct a joint computation on their inputs. The parties learn the outcome of the computation, but each learns nothing about the other parties’ respective inputs.

An algorithm created by cryptographer Adi Shamir, called Shamir’s Secret Sharing, lies at the heart of multiparty computation. A

 

secret sharing scheme involves distributing pieces of one secret value (private key) across multiple network nodes or users. Only once a specified subset of the parties pool their pieces together can they retrieve the value.

On its own, this allows us to split data up securely over geographic locations. However, this concept can also apply to performing computational tasks on a secret shared value known as secure MPC.

Using protocols associated with the secret sharing scheme, the parties can perform any computational task on the shared data without needing to bring the associated parts back together.

The secure MPC concept can apply to any type of private data, whether it’s personal data, shared corporate data or a user’s private key.

The traditional demonstrative example is to consider two or more hospitals that wish to conduct a statistical analysis of their patients. With MPC, they can obtain the resulting statistics without ever having to reveal the details of their own patients to the other hospitals.

The same idea can be applied to private keys associated with cryptography. In the hospital example, instead of combining sets of (patient) data, the data (single private key) is instead split into multiple pieces of data, which is then stored in separate locations. These locations can then use MPC to compute any computation using the private key, for example a signature, without the private key needing to be reconstructed.

For example, a Bitcoin private key could be split into pieces, with each piece encrypted separately. Each piece is distributed to a network node. The network can perform computations on the data while keeping the underlying data encrypted and, therefore, private.

The concept of MPC has been around for decades. However, practical use cases have only emerged over more recent years. Now, the technology is finally gaining traction, having been featured in various Gartner Hype Cycles since 2017. MPC is already in use by some of the world’s leading banks and technology firms, protecting assets worth billions of dollars.

Comparing multisig, HSM and MPC in cryptocurrencies

Multisig, HSM and MPC all aim to enhance security and privacy. However, each comes with its own specific benefits and challenges.

In multisig, we obtain additional security by using multiple keys to produce the same task that would normally be done via a single key. Therefore, it offers the key benefit of enhanced approval requirements, meaning that the risks associated with depending on a single user are eliminated. It also enhances compliance with regulatory requirements for segregation of responsibilities.

However, multisig has many limitations. For example, it is not supported by all cryptocurrencies, and replacing users in a multisig setup can be difficult, as can changing the quorum. Replacing users is likely to involve transferring funds out of the account so that the changes can be implemented. This is cumbersome for larger organizations and companies with a high employee turnover.

Perhaps the most critical limitation is that multisig does not offer any private key protection in and of itself. This is why many organizations choose an HSM.

With HSMs, they obtain additional security by using secure hardware to store the keys.

However, they aren’t infallible: In 2019, researchers from wallet provider Ledger were able to hack a well-known HSM. Another challenge is that general-purpose HSM hardware does not address the issue of fraudulent key use by internal employees, only that of theft. They are also very expensive to set up and maintain.

Cryptocurrency exchanges tend to rely on a combination of multisig and hardware such as hard wallets or HSM. However, transferring funds between cold storage wallets using multisig can significantly slow transaction speeds, resulting in operational inefficiencies.

Unlike multisig and HSMs, MPCs allow for geographic separation and independent controls in each location to secure the cryptographic data.

A secure MPC comprises a rare combination of distribution and distributed computation, along with encryption. As such, it offers considerable opportunities for improving data privacy and security. Although the technology has made significant strides over recent years, it still requires significant expertise to deploy on one’s own.

Who requires secure key management practices?

Any business handling large sums of money and high transaction volumes of digital assets needs secure key management practices.

In the crypto space, this includes native custodians such as Coinbase Custody, BitGo or Gemini. It also includes traditional institutions such as Fidelity or ICE’s Bakkt that have branched out into the digital asset space. 

Crypto exchanges also require secure key management practices. Although the exchange industry is maturing, there were still a record 12 major hacks in 2019 alone.

Key management providers, examples

While many exchanges or custodians still operate a multisig cold wallet approach, there are now several key management providers on the market.

Unbound Tech is the first to offer a virtual HSM, called Crypto Asset Security Platform, or CASP, using secure MPC. It distributes private keys and transaction approval, validation and signing, among multiple approvers — including offline participation and bots. The company is backed by investors including Citi and Goldman Sachs. CASP is also the first MPC-based virtual HSM to receive FIPS 140-2 Level 2 accreditation, the benchmark for validating the effectiveness of cryptographic hardware. Unbound Tech provides services to custodians and exchanges, including Liquid, along with several Fortune 500 clients.

Curv is another provider using MPC for transaction signing and publishing to the blockchain. Its policy engine allows flexible and advanced approval policies according to customer requirements. Encryption keys are split between the Curv service and the client. 

BitGo is perhaps one of the best-known operators in the institutional wallet space. The company provides custody and liquidity solutions for over 100 coins, combining hot and cold wallets, policy management and multisig capabilities.

Finally, wallet provider Ledger also offers a solution called Ledger Vault to institutional clients. Vault enables secure transactions and protects keys in HSMs running Vault’s purpose-built operational system. The platform supports multi-authorization schemes and addresses whitelists for transactions.

The views, thoughts and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.

Nigel Smart is a professor of the COSIC group at the KU Leuven. He is a world-renowned expert in applied cryptography and was vice president of the International Association for Cryptologic Research and a fellow of the IACR. He co-founded Unbound Tech in 2014 with Prof. Yehuda Lindell and Guy Pe’er.