Digital transformation and digital industrialization have become increasingly important to economic growth. According to the latest report released by the China Academy of Information and Communications Technology (CAICT), the volume of China’s digital economy reached 31 trillion RMB, or 34.8 percent of its GDP, in 2018, up over 20% from the previous year.
With the continuous development of blockchain, further adoption of the technology is expected, leading to an increase in business investment in digital assets. To prepare for this, enterprises need to be more efficient and proficient in managing their own digital assets. Blockchain, after all, has ushered in incredible transparency and audibility. Enterprises also need to be aware of the risks associated, especially SPOF (single point of failure).
With recent incidents in the world of crypto exchanges, it’s imperative that the industry looks to a Solution that offers an off-chain threshold for multi-signatures. This drive for a Solution has been a focus for VeChain.
The Role of Blockchain in Digital Asset Management and the Risk of SPOF
Blockchain is currently a tool that is being leveraged to reduce risks associated with existing digital asset management. While it has many key benefits, it can also be an Achilles heel, giving rise to the possibility of SPOF (single point of failure).
When there are private keys used to manage digital assets, they are typically controlled by keyholders, which could mean a single individual. There is no centralized body supervising the process. If the single user loses access to that private key, recovering the assets could be impossible.
There is no better example of such a colossal loss as the case of QuadrigaCX, a once healthy cryptocurrency exchange founded in Canada. Gerry Cotten, the CEO of QuadrigaCX, was the sole holder of all the digital assets, valued at $145 million. The assets were held in cold wallets, secured by digital security keys for protection from hacking and theft. Only Cotton had access to the wallets and corresponding keys.
Because of this, his unexpected death in 2018 created a chaotic situation. According to a filing in the Nova Scotia Supreme Court, the firm has been unable to locate or access the funds since Cotton’s death on December 9, 2018. Because of this, the company filed for creditor protection on February 1st.
At the time of the creditor protection filing, the company only has $286,000 in cash but owes over $195 million to its users. So, why can’t anyone access the digital assets?
Cotton’s widow Jennifer Robertson has stated in an affidavit that the computer where her husband worked is encrypted and she or no other party has the password. A cybersecurity expert was hired to “hack” the computer to no avail.
As of April 9, QuadrigaCX has officially filed for bankruptcy. This bankruptcy filing was in response to the recommendation of Ernst & Young, which had previously been attempting to restructure the company.
This real-life example of SPOF should be a wake-up call to the industry about sole access to wallets and private keys. It also identifies a weakness and challenge in the use of blockchain to manage digital assets.
To address this risk, VeChain has developed VeKey Based Threshold Signature Turnkey Solution.
VeChain’s VeKey Based Threshold Signature Turnkey Solution — The Solution to Eliminating the Risk of SPOF with Off-Chain Multi-Signatures
The unfortunate example of QuadrigaCX is not an isolated incident. At any moment, other exchanges could face a similar fate unless they have a better way to manage SPOF risk.
VeChain has just launched its Solution that satisfies enterprises’ demands of internal risk control while also reducing the possibility of SPOF — VeKey Based Threshold Signature Turnkey Solution.
The off-chain Threshold Signature Solution debuted at the 2019 VeChain Summit held on April 18, 2019, at Fort Mason Festival Pavilion. Designed for VeChain ecosystem members and the developers focused on providing secure private key management services, VeKey Based Threshold Signature Turnkey Solution combines secure hardware and software in one single Solution in an effort to support enterprises’ management of digital assets. The chips are constructed integrating independent secure coprocessor and multiple chip security technologies to ensure a shielded operating and storage environment for confidential data. Featuring hardware-based encryption, memory access control unit, attacks detection, random number generator, and SPA/DPA anti-attack, CG4Q series chips provide robust bank-level security protection and superb performance sufficient to meet the enterprise clients’ demands of security and are much more secure than current leading hardware wallet options.
VeChain is excited to bring the Solution as a turnkey package to market. The launch of this new tool is in line with our commitment to remain focused on building an open ecosystem and improving Solutions for optimal security, compliance, and efficacy. VeChain’s vision is to empower the real economy and facilitate digital transformation. We will stay true to our mission and continue our journey with partners, enterprises, and developers in the ecosystem, enabling them to stay ahead of the changing market.
How VeKey Based Threshold Signature Turnkey Solution Works to Deliver Unparalleled Security without Compromising Access
VeChain’s VeKey Hardware
VeKey Based Threshold Signature Turnkey Solution is an easy-to-use, certified Solution for the secure storage of private keys and the management of digital signatures and identities. For the purpose of increasing its security and availability, VeChain designed VeKey, a security identity hardware, for the Solution, it features multiple complementary security layers, including:
- Compulsory double authentication (biometric identification via fingerprint + PIN)
- Software-based security mechanism
- Back-end verification
- Hardware Secure Element
To provide the highest level of security and the best Solution on the market, VeChain equipped VeKey with CG4Q series chips developed by Datang Microelectronics, a holding subsidiary of public listed company Datang Telecom Technology Co., Ltd (stock ticker 600198)，whose asset totaled over 8.7 billion RMB and generated over 4.3 billion RMB revenue in 2017. The chips are constructed integrating independent secure coprocessor and multiple chip security technologies to ensure a shielded operating and storage environment for confidential data. Featuring hardware-based encryption, memory access control unit, attacks detection, random number generator, and SPA/DPA anti-attack, CG4Q series chips provide robust bank-level security protection and superb performance sufficient to meet the enterprise clients’ demands of security.
With the above-mentioned hardware and software-based security measures in place, this Solution ensures the security of the private keys and enable secure identification of the private key holders.
Through the Solution, private keys can be broken down into multiple encrypted parts and stored in separate VeKey devices. Enterprise users can predefine the number of VeKeys needed to recover the private key. In this way, no single VeKey holder will have absolute control over the assets, thus avoiding misappropriation.
The solution can also be used to avoid economic damages caused by the loss of private keys, as it can always be recovered so long as the enterprise can provide the predefined number of VeKeys.
More importantly, the Solution supports asynchronous operation, with which the VeKey holders are enabled to review the transaction applications from anywhere, at any time. In the event any VeKey holder wants to initiate a transaction, they would need only to log into the system and submit an application for review，the transaction will be signed and broadcasted to the blockchain when it is approved by the predefined number of VeKey holders. With this process, a remote threshold multi-signature can be achieved, thus increasing transaction efficiency and security.
Last but not least, this solution is available as a turnkey package for the enterprises and developers to deploy independently and conduct custom development in accordance with their own management models and business demands should they be authorized with the Turnkey Solution provided by VeChain. VeKey Based Threshold Signature Turnkey Solution is the choice for enterprises to integrate with their business systems in terms of business expansion and scaling. Learn more about VeKey based threshold signature turnkey solution and how your business can implement this solution by contacting us at firstname.lastname@example.org. There is currently not a set retail launch date. As enterprises and SMEs implement the solution, a modified version for retail use will be released.
In the coming month, VeChain will introduce a series of tech deep dive into the security features, application scenarios, and strengths of VeKey Based Threshold Signature Turnkey Solution, please stay tuned!