This technical article is written by Mark Hornsby, CTO at Trustology, and abridged by Techfellow. The full version will be available and produced directly from Trustology in the coming weeks.
Ethereum gears up to upgrade to ETH 2.0 later this year, a scalable proof-of-stake infrastructure. How will this affect custody solutions in the market today?
ETH 2.0 promises a far more secure, resilient, and scalable blockchain. Along with this upgrade, the Ethereum platform is also adopting the new Boneh-Lynn-Shacham (BLS) signature scheme, which intends to solve many of the limitations multi-signature wallets face through native cryptographic support – which is extremely important for blockchains looking to scale out and speed up.
One of the most common solutions currently used is the Elliptic Curve Digital Signature Algorithm (ECDSA). It’s everywhere; used multiple times a day, and is a tried-and-tested method used to verify identity or sign messages on blockchains, and the public keys are a fraction of the size they were with previous RSA technology. It’s also widely used beyond these applications – ever used Google? Of course you have - whenever you trigger a search an elliptic curve algorithm is most probably being used.
Utilising ECSDA, it’s necessary to assign a random number to each signature and transmission – the same random number must never be used twice or you risk exposing the private keys and data. This is where the problems lie, as implementers don’t often understand the need for the nonce (number used only once), or as it is otherwise known, the ‘k value’, to be used only once with that private key.
As its use is so prevalent, almost any HSM (hardware security module) purchased or hardware wallet is likely to provide support, which makes it attractive from a crypto custodian’s perspective. The challenge from there lies less in algorithm support, but rather support for the specific curve that Bitcoin, Ethereum, and other blockchains use.
From a multi-party computation (MPC) perspective, which has been in existence since the 1980s, there are algorithms to allow for MPC to be used to generate ECDSA based signatures, but this area of research and usage has recently been driven by the increased popularity of blockchain technology and cryptoassets. Hence, from this perspective it’s much more complex in terms of the cryptographic algorithms driving it.
So how is ETH 2.0 expected to affect and benefit the Ethereum blockchain and it’s custodians?
The upgrade will revamp Ethereum’s design and make the consensus switch to proof-of-stake (PoS), which is anticipated to be a genuine game-changer for the ecosystem, ultimately allowing investors to earn passive income via staking while securing the Ethereum, and making it cheaper and safer to use.
The BLS signature scheme has been around since 2004 and supports signature aggregation, enabling secure multi-sig capabilities with a much lower memory requirement. That is, given a collection of signatures, anyone can produce a short signature that authenticates the entire collection. It's so commonly used is because it is efficient from an implementation point of view, where the public keys are a fraction of the size they were with previous RSA technology. Applying this to thousands of transactions saves significant storage space, but still requires a lot of computing power to verify.
BLS signature aggregation is not completely water-tight, and risks being subject to a ‘rogue public-key attack’. One defence against this is Knowledge of the Secret Key (KOSK), which requires one to check and make sure the owner of the public key has a matching secret key. This can be done by asking the owner to sign a simple message proving ownership of the provided public key.
BLS is already being used by blockchains other than ETH 2.0, but it is unlikely to completely replace ECDSA as not every chain will likely adopt it. Bitcoin, for example, is looking to implement Schnorr signatures as well as ECDSA.
Most current custodial solutions are best suited for ECDSA, whether using multi-party computation (MPC), hardware security modules (HSMs), or cold storage solutions.
We’ll likely look back at cold storage as a thing of the past, as it’s expensive, slow, and non-scalable as it’s offline. The application of MPC to ECDSA has only been developed over the past few years, and currently has its drawbacks: its complexity to integrate, and it’s vulnerabilities with the protocols which may exist but have yet to be discovered – it’s not so tried-and-tested as ECDSA
Hardware solutions such as HSMs previously lacked support in providing implementation of signature schemes and curves like BLS to their hardware or secure software. Since the rise in popularity of blockchain and crypto however, this is beginning to change with increased institutional demand and adoption of cryptoassets.
Trustology is one of a handful of service providers using HSMs – but the devil is in the details. By re-signing transactions with their proprietary firmware running inside HSMs, they mitigate an important attack vector. Whilst the HSM may keep the wallet key safe, and even if other providers also use some form of end user hardware to authenticate transactions, hackers can still compromise the transaction if policy validation and re-signing is performed in software. It is this unique re-signing technology that enables Trustology to easily adapt to signature schemes like BLS but also to different blockchains and protocols.
It's this capability that has led Trustology to become one of the first crypto custody solutions providers to offer built-in ETH 2.0 staking support across mobile, web, or API integration for its clients. This is thanks to their fully stateless architecture they’ve developed, where their wallet keys are only ever created and used by their firmware inside HSMs. When not in use they’re encrypted, stored, and backed up in the cloud – meaning the HSMs are effectively stateless. With this in place they can operate a fast and resilient service, supporting an almost unlimited number of keys, and with clusters of cloud and HSM resources spread across multiple regions they’re ready for seamless failover and scale-out.
As secure as the upgrade to ETH 2.0 will be, none of the levels of encryption will be resistant to attacks in a quantum computing future. As quantum becomes more powerful, all these encryption schemes will be broken. New measures and algorithms will need to put into place, many of which are already being tested, but until that time comes it’s not clear whether the attack or the defence will become the dominant force.
Throughout this collaborative blog series by Techfellow and Trustology we’ll explore the innovations driving the DeFi industry, as well as the risks and the role of a custodian.