Regardless of if you are upgrading or replacing an existing digital asset wallet or just now entering the market, the range of wallet choices and technology can be overwhelming. This article provides a simplified construct of where these wallets fit in the overall digital asset eco-system, and important considerations to consider regardless of if you plan to buy or build your wallet and/or custody platform.
Book a call for your very own demo of the Blockdaemon Wallet™, or read on to get a closer look at what’s new.
Understanding the Digital Asset Ecosystem
A highly simplified construct for the digital asset ecosystem consists of:
- Digital assets and related services at the top layer
- Wallet services layer, providing account level operations and services
- Cryptographic services layer, providing signature generation services, key management and protection
- Blockchain at the base layer, providing an immutable public ledger where ownership of each digital asset is recorded.
Transfer of digital assets is facilitated using a cryptographic public-private key pair. The public key identifies the wallet address or account where assets are to be sent to and transferred from. The private key must be kept secret at all costs as it is used to generate a unique, verifiable digital signature, which is required before assets can be transferred out of the account.
Anyone with the private key can generate the digital signature, so protecting the key from theft or misuse is essential to protecting the associated digital assets. The cryptographic services layer is where secure Multi-Party Computation (MPC) has emerged as the technology of choice for institutional-grade wallets and custody platforms securing digital assets.
The Wallet Service Layer
The Blockdaemon Wallet service layer provides account level functionality, operations and services, such as:
- Applications used to access wallet functions (web browsers, mobile apps, etc.)
- One or multiple OS types, depending on the device types to be supported
- User interface
- Plug-ins to interface with and support services provided at higher layers
- Authentication, Authorization and Accounting (AAA) services
- Compliance (AML, KYC…)
- Policies defining how many parties and who must authorize signing, before the signature can be generated.
Wallets rely on a cryptographic services layer to generate the public-private key pair and generate the approval signature that is required to execute a withdrawal from the account. This cryptographic services layer provides operations and services such as:
- Specification of a specific MPC threshold scheme (2 of 2, 2 of 3, or other m of n scheme)
- Ciphers used to generate specific signature types (typically ECDSA or EdDSA, and others)
- MPC node generation and management
- Key share generation and management services
- Partial signature generation when the wallet layer policies are satisfied for each of the key share signing parties
- Full signature generation, when all of the cryptographic services layer policies are satisfied.
Build or Buy: What's the Decision Point?
The first decision is will you build or buy your institutional wallet or service? If you want to buy, you’ll have multiple options, ranging from licensing an off-the-shelf or custom-built wallet which you host and manage yourself, to a wallet as a service, where a third party hosts the wallet and the entire MPC framework for you.
If you choose to build your own wallet you have more choices, starting with the MPC cryptography layer:
- Acquire: There have been at least 4 acquisitions of MPC technology teams and IP in the past year. But the limited number of acquisition targets and costs make this an impractical option for most companies.
- Develop: Building your own MPC technology provides you with 100% control, but the difficulty of hiring a dedicated team of cryptographers, that are experts in MPC, and the time to develop, test, and verify efficacy is too impractical for most companies.
- Open source: Allows you to leverage schemes contributed by others, but the lack of application optimized performance, accountability and control makes it an unacceptable option for critical applications.
- Licensing MPC Tech: Allows you to procure well-established MPC algorithms, libraries, and software stacks from established vendors, with purpose-built, application optimized designs, which are already established and proven.
Next, you’ll need a wallet services layer. Once again, you have options:
- Acquire: Acquiring a wallet vendor provides you with complete control – but you’ll need to determine if the skills and level of fit and optimization justify an acquisition
- Develop: Many larger companies will develop their own, giving them complete control to integrate with and optimize for their internal operations and product vision
- Open source: Options may exist, the question is how optimized is it for your application and do you have a sufficient level of control when issues arise.
- License or commission custom development: Contracting with a third-party organization that specializes in developing wallets, with the appropriate functionality, user-interface, and providing you the accountability you need will be a great option for most companies.
Considerations for MPC
Since the cryptography layer is so fundamental to your key security, it’s important to have well-defined criteria for evaluating the MPC technology and your vendor. Some critical MPC considerations include:
- What type of MPC model do they support (2 of 2, 2 of 3, 3 of 5…)
- Can you switch from one threshold scheme to another, if so how easily?
- Who developed the core MPC technology? Was it a group of PhD candidates, or even established cryptographers with little or no real-world experience in working with MPC, or are they industry veterans who’ve studied and worked with the technology for years, published papers, and are widely known and highly respected as experts in the MPC field?
- Has the technology been validated by independent and credible third parties? Has it been widely deployed and for how long?
- Where are the MPC nodes hosted? What device types are supported? Will they run natively in a cloud, on mobile devices? Will they support both online and air-gapped operational models?
- What custody models does it support? Will those models allow you to fully meet your regulatory and compliance requirements?
- What about the policy enforcement that occurs at the wallet layer? How is that protected? After all, if the keys are secure, but the policies can be easily hacked and changed, they can issue commands to the MPC nodes to sign the transaction.
- What digital asset types are supported? Is there support for multiple assets? Who controls the roadmap?
- What’s the performance of the MPC layer and wallet layer? MPC transaction latency can vary from milliseconds to seconds or even tens of seconds.
- How many transactions per second can be supported? Performance varies from 10’s or hundreds, to thousands or more than ten thousand transactions per second.
- How are key recovery services provided? How automated and secure are those services? And what about recovery from catastrophic disasters?
What happens if your wallet or MPC technology provider exits the market for any reason – be it acquisition or insolvency? These are really important questions and considerations. And they should really be asked regardless of if you plan to subscribe to a wallet as a service, license an off-the-shelf ready to go wallet, or license MPC technology and develop your own wallet.
Blockdaemon is the leading MPC digital asset technology wallet platform and technology provider. Blockdaemon introduced the world’s first MPC-based wallet in 2018. Since then, we’ve continued working with major exchanges, custodians, banks and wallet platform providers to build their own institutional-grade wallets and custody solutions which they completely control.
We can help you develop your own wallet, provide you with a platform that you can easily adapt to your application, or introduce you to one of our high-performance MPC Wallet and/or custody service, solution or platform providers.
Contact our sales team for more information.
%252C%2520Shadow%253DTRUE.svg)
.png)
