Blockdaemon Blog

When Multisig or Even MPC Alone Is Not Sufficient

Daemon News
Jul 19, 2024
By:
Frank
Wiener
&
Periodic hacks of crypto exchange, token issuers and other institutions show that (multisig) wallets may not protect against advanced threats. Multi-party computation (MPC) wallets face similar issues, as decentralized key protection alone is insufficient. Blockdaemon recommends a multi-layered defense, as used by the Blockdaemon Institutional Wallet, to maximize digital asset security while maintaining accessibility and operational efficiency.

Decentralized Keys 

Single key, single signature wallets are simple and highly vulnerable to key theft or misuse. Compromising a single system or a malicious user with access can transfer all of an organization’s assets without recourse.

\Replacing a single centralized key with MPC or multisig eliminates a single point of failure when implemented correctly. However, as we’ve seen in hacks over recent years, having multiple keys or even key shares is not sufficient to assure security. Care must be taken to assure the key shares, or multiple keys, are stored in secure environments, with different administrative access to avoid a single point of failure.

Decentralized Administrative Access

Generating and storing MPC key shares or multisig keys in different locations under varied administrative access greatly improves security. A common admin with access to all key materials introduces a single point of failure. Hacking a single admin’s credentials or malicious actions should never grant access to all key materials.

In practice, it’s important to separate the administration of hosting environments from access to the key materials. This can be useful in smaller organizations with more limited IT team resources.

Secure Enclaves 

Storing distributed key materials in secure enclaves like AWS Nitro further prevents administrators from having direct access to the hosting infrastructure, further improving security. This also reduces the risk of access by external malicious parties, adding another security layer.

Institutional Wallet supports automated deployment in secure clouds such as AWS and Azure, enabling secure hosting without requiring cloud security expertise.

Cryptographically Enforced Policies

Traditional secure enclaves like Hardware Security Modules (HSMs) offer secure physical storage for digital materials. However, once accessed by an authorized user or hacker, most HSMs cannot enforce policies requiring predefined approvers. Therefore, secure enclaves alone are insufficient.

MPC-based wallets like Blockdaemon Institutional Wallet ensure key materials and policies co-reside on common machines and are cryptographically enforced. As a result, key shares can only be used after satisfying all policies. Storing key shares and policies in secure enclaves with cryptographic enforcement eliminates blind signing and improves security.

Biometrically Authenticated Users

While multi-factor authentication is recommended, adding biometric authentication for critical users adds another layer of security.


Biometric authentications like face ID or fingerprints have advanced with mobile devices and can integrate into systems like the Institutional Wallet to verify credentials and user authenticity.

Summary

Institutions should evaluate highly secure wallet systems with multiple layers of advanced security to protect their digital assets.


Interested to learn more? Visit https://www.blockdaemon.com/wallet/institutional-wallet and request access to our wallet sandbox to experience advanced security yourself.

Share

Get Started with Blockdaemon Today!

Contact us to learn how we can help you power your blockchain business.
Unparalleled Security & Compliance
Seamless Integration & Scalability
Dedicated Customer Support
Let's build together! →
Wallet
Institutional Wallet
Builder Vault
Nodes & APIs
Chain Watch
Verify
Wallet Transact
RPC API
Dedicated Nodes
DeFi API
Staking
Public Validators
White-Label Validators
Liquid Staking
Staking API
Liquid Staking
Protocols
Aleo
Algorand
Aptos
Arbitrum
Astar
Audius
Avalanche
Axelar
BNB Chain
BSN
All Protocols
Company
Foundations
About Us
Careers
Partnership Program
Expertise
Security
Infrastructure
Buzz
Blog
Resources
Newsletter
Press
Press Kit
documentation
REST APIs
NFT API
Institutional Wallet
Builder Vault
RPC API
DeFi API
All Documentation
Support
FAQs
Contact Support
Connect with blockdaemon
Terms & Conditions
Cookie Policy
Privacy Policy
Newsletter

Sign up for our newsletter to receive the latest news and product updates.

Thanks! Look out for our next Newsletter!
Oops! Something went wrong while submitting the form.