Understand how Safeheron solves the security custody of digital assets in one article

Author: 7OclockMedia

Introduction:

Since the birth of Bitcoin, there have been frequent security incidents involving asset theft, hacking attacks, and key loss. For ordinary users, in addition to the investment risks of digital assets, unregulated trading platforms, wallets, and public chain ecosystems also pose high security risks. Especially in recent years, with the development of DeFi, digital assets have experienced explosive growth in both price and trading volume, making asset security the biggest challenge for industry development. For institutions holding large amounts of funds, such as hedge funds, investment banks, and family offices, having a custody partner is essential for efficient asset management and security.

According to a Blockdata report, from January 2019 to January 2022, the scale of digital asset custody grew from $32 billion to $223 billion, an increase of about 7 times. This shows that the secure custody of assets has been a continuous concern for industry investors. Recently, Safeheron announced that as a global leader in MPC digital asset security custody technology services, it has officially joined the international corporate alliance MPC Alliance. Being recognized by the world's first and only secure multi-party computation corporate alliance is enough to demonstrate that Safeheron's product solutions are mature enough. Today, we will discuss how Safeheron addresses the security custody of digital assets from the following aspects.

1. Current status of digital asset security

2. Safeheron's solutions

3. Analysis of Safeheron's core technology

4. Custody market analysis

1. Current Status of Digital Asset Security

Digital assets are one of the fastest-growing industries in the past decade. According to relevant data from CoinGecko, the market value of digital assets was only about $10 billion in 2014, but by early 2022, it had grown to about $2.3 trillion, an increase of over 200 times in 8 years. However, compared to the trillion-dollar traditional finance market, the crypto industry is still in its infancy, and asset security issues remain a looming threat over the industry's development.

In August 2022, Solana experienced a large-scale theft incident, with over 10,000 Solana wallet addresses attacked, resulting in asset losses exceeding $6 million.

In April 2022, Jay Chou's BAYC #3738 NFT worth 3 million yuan was stolen.

In February 2022, OpenSea encountered a hacking incident. According to OpenSea CEO Devin Finzer, some users' NFTs were stolen, totaling a value of $1.7 million (approximately 10.78 million yuan).

……

Security risks in asset custody:

• Custody of funds by third parties leads to loss of control over assets/private keys.

• Private keys are exposed in environments vulnerable to hacking or internal malfeasance, such as databases and HSMs.

• In scenarios where multiple people manage assets, it is difficult to securely and efficiently delegate private keys to team members, such as traders and partners.

• Even if private key control is maintained, various attack vectors cannot be avoided.

Compliance challenges in asset custody:

• Single private key models cannot meet the compliance requirements of regulatory agencies and partner platforms.

• Audit logs and fund flows cannot be made transparent and verifiable, making it impossible to self-certify to investors and regulators.

As the industry develops rapidly, theft incidents continue, and hacker attacks are becoming increasingly rampant. The security of crypto assets faces more severe challenges. Asset custody service providers are continuously exploring better solutions to establish security mechanisms for clients with different needs.

2. Safeheron's Solutions

Safeheron is a digital asset security custody service provider based on MPC (Secure Multi-Party Computation) and TEE (Trusted Execution Environment) technologies. On August 19, it completed a $7 million Pre-A round of financing, co-led by Yunqi Partners and Web3Vision, with participation from PrimeBlock Ventures, Cobo Ventures, M77 Ventures, ShataCapital, Kryptos, Antalpha Ventures, Waterdrip Capital, 7 O'Clock Capital, and former co-founder of Sequoia Capital China, Zhang Fan.

Safeheron leverages its independently designed cutting-edge MPC cryptography and hardware isolation combined with multi-layer security technology to redefine custody services, allowing clients to part ways with single-point private key risks without losing control over their private keys, while obtaining the most difficult-to-penetrate security protections in the market: protection against hacking attacks and internal malfeasance.

How Safeheron works:

1. Distributed Private Key Sharding

Private keys never appear during their entire lifecycle of generation, usage, and storage, replaced by distributed private key shards instead of a single private key. This is the essence of key management based on MPC. The threshold signature of MPC physically separates the key from the system, which is fundamentally different from traditional systems in terms of security philosophy, thus avoiding the risks associated with private key exposure.

For example, MPC technology creates two private key shards, 4 and 4. The original key theoretically is 8 = 4 + 4, but according to MPC theory, no one knows the original key. After one minute, the private key shards are refreshed to 1 and 7. If an attack occurs, the hacker must breach both points within one minute to obtain the correct key. However, if they obtain 4 in the first minute and 7 in the second minute, they still do not have the correct key.

2. Off-chain Multi-signature

Transitioning from traditional single private key management to multi-party private key shard management. Managers can obtain different private key shards and then use a set of MPC protocols to generate a valid signature directly without needing to piece the shards together, allowing the signature result to be placed on-chain, ensuring security and compliance while enabling efficient business operations.

3. TEE Hardware + MPC Cryptography

TEE provides an independent processing environment that offers security and integrity protection, allocating a separate isolated encrypted memory for sensitive data in hardware. All sensitive data calculations are performed in this memory, and other parts of the hardware cannot access the information in this isolated memory except through authorized interfaces, thus achieving privacy computing for sensitive data. With TEE technology, sensitive data can be protected from hacker network attacks and internal malfeasance.

Additionally, the independently designed MPC cutting-edge cryptography application algorithm library widely supports various mainstream blockchain consensus signature protocols. Since MPC is 100% decentralized, although the secret shares of data on each node participate in the MPC signature protocol, due to the privacy of MPC, the secret shares of data on each node will not leak, making MPC known as the holy grail of cryptography, fundamentally solving the single-point private key problem in blockchain.

4. Open-source and Verifiable Code

Safeheron has been open-sourced on GitHub, and the open-source code is continuously iterated and updated, allowing any developer to review and verify it, further standardizing security.

3. Analysis of Safeheron's Core Technology

Safeheron has developed Asia's first digital asset security custody solution based on privacy computing (MPC + TEE), aiming to eliminate the systemic risks of single-point private keys and centralized custody, providing enterprise-level asset governance control (based on multi-role and multi-dimensional transfer approval), helping clients reduce costs and increase efficiency with security as a premise.

Privacy Computing Protection: Based on MPC Technology, Independently Completing Secure Multi-Party Protocols for ECDSA, EdDSA, and More

MPC can be defined as a scenario where multiple participating entities hold secret inputs in a distributed network without a trusted third party and wish to jointly compute a function and obtain results, with the premise that each participating entity cannot learn any input information from other entities except its own. This technology provides significant security assurance for the private key signing involved in digital asset transactions, as the entire operation process is completed by decentralized nodes without leaking the private key to any individual.

MPC Value Manifestation

• Confidentiality of Original Values: MPC is an important branch of cryptography, and hackers cannot compute other parties' private data from the data held by some participants, thus avoiding the risk of theft.

• Unlocking Data Value: As long as they are participants, they can deterministically obtain output values. At the application level, MPC is expected to achieve disruptive breakthroughs in industries that prioritize privacy protection, allowing the use of data value without leaking the original data content, with application scenarios including digital assets, healthcare, and other privacy-sensitive industries.

Independently Completing MPC Multi-signature Protocols Corresponding to ECDSA, EdDSA, BLS, and Schnorr Algorithms

Implementing MPC multi-signature protocols is very challenging. ECDSA is a relatively general signature algorithm that combines elliptic curve cryptography (ECC) and the digital signature algorithm (DSA). Due to the high difficulty of researching ECDSA multi-party protocols, the MPC-ECDSA protocol took a long time to develop. With the growth of DeFi applications, the market's demand for MPC multi-signature protocols has been increasing, including but not limited to MPC-EdDSA, MPC-BLS, and MPC-Schnorr protocols. However, compared to ECDSA, although the MPC protocols corresponding to EdDSA, BLS, and Schnorr signature algorithms are somewhat easier, caution is still required during algorithm implementation to avoid many security pitfalls.

Safeheron has independently implemented various protocols such as MPC-ECDSA, MPC-Ed25519, MPC-BLS, and MPC-Schnorr, with the advantage that the signature generation occurs through off-chain MPC protocols, enhancing security and avoiding the risk of contracts being attacked by hackers.

According to BlockBeats, Safeheron has officially reached a strategic cooperation with MetaMask to jointly enter the enterprise-level MPC multi-signature security field. MetaMask will use its MPC technology to provide multi-factor authentication, which will first be integrated into the MetaMask Snaps system, allowing developers to extend MetaMask's functionality for their decentralized applications.

Hardware-based Privacy Computing Technology: TEE (Trusted Execution Environment)

TEE is a hardware-based privacy computing technology that, compared to MPC multi-party secure computing, guarantees security from the software layer and achieves isolation of the computing environment from the external environment. To reduce reliance on trust in system software, many researchers have attempted to provide a trusted execution environment (TEE), which can be divided into two types: non-privileged TEE and privileged TEE.

Safeheron adopts a non-privileged TEE: SGX, which provides the same security features as Intel SGX, resisting privileged host software attacks and lightweight physical attacks. Safeheron's trusted RSA key sharding service uses SGX encryption computing technology provided by Intel CPU hardware, executing the entire process of generating keys and shards in the trusted execution environment, ensuring that RSA keys are usable and only visible to the hardware encryption chip, thus solving the potential security issues of centralized RSA key generation.

Implementing RSA Threshold Signatures Based on TEE

Threshold signatures are a distributed multi-party signing protocol that includes distributed key generation, signing, and verification algorithms. Each participant only holds a portion of the private key shard, and the remaining shards are not disclosed. To perform a transaction signature, at least two users' signature data must be combined to construct a valid signature.

TSS-RSA is a threshold signature algorithm based on RSA developed in C++. Compared to traditional threshold signatures, its advantages include:

• Based on the RSA hard problem.

• Signature sharing generation and verification are completely non-interactive.

• The content size of a single private key shard signature is smaller.

This solution ensures that the generation and distribution of private key shards are secure and verifiable throughout the process, thus eliminating the security risks of private key leakage. It is reported that Safeheron will soon open-source the entire trusted RSA key sharding service, ensuring system security and trustworthiness through complete transparency, contributing to blockchain security.

4. Market Analysis

Digital asset custody is a very important service in the blockchain industry. Currently, there are three main types of custody services:

• Ordinary custody, similar to traditional services, such as Bitgo.

• Exchange custody, such as Binance and Coinbase, which also support custody services.

• Self-custody, a more encrypted native approach that does not directly hold private keys and assets for clients but helps clients securely manage private keys through multi-party computation technologies, such as Safeheron, Fireblock, and Gnosis Safe.

Next, we will analyze Safeheron's advantages through comparative analysis:

As a digital asset custody provider, in addition to ensuring security, it also needs to provide support for efficiency and multi-faceted security guarantees. Although Safeheron was not established long ago, it has prepared comprehensive asset custody solutions for the current DeFi, GameFi, NFT, OTC, and other sectors to respond to the rapidly changing industry.

Conclusion:

Looking back at the development changes in digital asset custody over the past decade, from pure asset safekeeping to building infrastructure to meet regulatory and compliance requirements, and now providing access to on-chain services, interoperability between multiple chains, and assisting institutions or investors in integrating digital assets into their businesses, we can see that the industry's development demands are becoming increasingly refined, and the requirements are becoming more standardized and professional. Custody service providers must continuously iterate underlying technologies to ensure asset security while providing reasonable solutions to issues in different fields.

The accelerated development of the industry presents enormous but ever-changing business opportunities for crypto asset custody providers. Safeheron is expected to ensure asset security in more applications and circulation scenarios through MPC + TEE technology. In addition to asset custody services, as a foundational service, it aims to connect with other ecosystems, such as DeFi and lending, allowing clients to secure their assets while obtaining more value-added services, which is the direction Safeheron is continuously striving for.

In this regard, we believe that as the market continues to iterate and develop, we will welcome a new era of chains, forming a more prosperous new pattern for the crypto industry!