Blockdaemon Blog

Elevating MPC Wallet Security: Now Enhanced with Secure Enclave Support

Aug 21, 2023
By:
Frank
Wiener
&
The Blockdaemon Institutional Wallet™, as well as Blockdaemon’s threshold security module, recently rebranded as Builder Vault™ TSM, are now available for hosting in secure enclaves, such as those offered by AWS Nitro. 

What Are Secure Enclaves?

Secure enclaves, such as those offered by AWS Nitro, provide a safeguarded environment for users to operate, encompassing features such as Remote Attestation and Secret Injection.

An enclave is a capability within modern cloud computing platforms that allows users to create isolated execution environments within virtual instances. These instances offer on-demand, scalable computing capacity in the cloud.

Attestation serves as evidence that the enclave is a reliable entity, rooted in the code and configuration executing within that specific enclave. Secret Injection permits the secure transfer of confidential data into enclaves, ensuring that sensitive information remains shielded within this trusted execution realm.

Together, these advancements enhance the pinnacle of MPC wallet security technology.

Book a call for your very own demo of the Blockdaemon Wallet™, or read on to get a closer look at what’s new.

Here's why.

Benefits of Hosting in Secure Enclaves for Blockdaemon Customers

Secure enclaves enable MPC nodes used across Blockdaemon Institutional Wallet™ and Builder Vault™ to securely process sensitive data within a trusted execution environment (TEE), without risking exposure to the underlying operating system.

Remote attestation goes beyond by offering a security mechanism that validates the authenticity of a system's software and hardware setup. It creates a protected pathway for transferring confidential information, guarantees the usage of reliable software, and verifies the integrity of the hardware components to prevent any unauthorized modifications or breaches.

These security attributes mitigate the risks of running MPC nodes in environments that are outside of your exclusive control. They also combine with the already proven security features of Blockdaemon Institutional Wallet™ and Builder Vault™ to provide industry leading key protection and signing services.

How You Can Benefit from Blockdaemon Institutional Wallet™ & Builder Vault™

In essence, the Blockdaemon Institutional Wallet™ is an on-premises, multi-party computation (MPC) wallet, providing ultimate control for institutions, enabling them to store, manage, and transfer crypto assets with ease. Book a call for your very own demo of Blockdaemon Institutional Wallet™.

Powered by our customizable policy engine, Blockdaemon Institutional Wallet™ offers the flexibility needed to enforce company and regulatory policies while maintaining the highest level of security.

By using MPC at both the key layer and policy layer, combined with cryptographically enforced policies, the Blockdaemon Institutional Wallet™ is as close to cold storage as can be achieved while still offering the accessibility of online/hot wallets.

Builder Vault™ is a fully self-contained, digital asset key management and security system that can be used with any custody model, hosting model, or device. It supports a wide range of digital asset protocols and can handle high transaction volumes. Builder Vault™ enables secure key management, encryption, and digital signature services for bespoke digital asset wallets and custody platforms through seamless SDK integrations. 

Builder Vault™ is functionally similar to a virtual hardware security module (HSM), key management system (KMS), and multi-sig for multi-party approval enforcement, with the added benefits of superior security, compatibility, flexibility, and operational efficiency.

The Best MPC Solution Becomes Even Better

Multi-Party Computation (MPC) is the cornerstone of both Blockdaemon Institutional Wallet™ and Builder Vault™. The generation and use of private keys occur locally on distributed MPC nodes. These keys are divided into shares and ideally stored on separate virtual machines, containers, or mobile devices under various administrative domains.

While the proprietary advanced MPC protocols that underpin the Blockdaemon Institutional Wallet™ and Builder Vault™ deliver life-cycle security for private keys and transaction signatures, a deployment that is exclusively on a single public cloud service provider (CSP) requires that the CSP be trusted. This is because any individual CSP is vulnerable to attacks from insiders and collaborators who can work together to compromise a fully hosted system.

The reason for this is that any single CSP can be subject to malicious insiders and collaborators who can collectively compromise any fully hosted system. Executing the MPC software on the secure enclaves eliminates this vulnerability.

Get Started Today

Blockdaemon Institutional Wallet™ and Builder Vault™ are recognized as the world’s first secure multi-party computation MPC-based key management and protection system, securing the world’s first MPC wallet announced in 2018

Nearly five years later, no equivalent MPC key management alternative has emerged with a comparable level of security, flexibility, performance, and control. The option of secure enclaves raises the bar of differentiation even further.

Looking for a complete wallet, with industry leading security and policy controls? Get access to the sandbox for the Blockdaemon Institutional Wallet.

Share

Get Started with Blockdaemon Today!

Contact us to learn how we can help you power your blockchain business.
Unparalleled Security & Compliance
Seamless Integration & Scalability
Dedicated Customer Support