CONTEXT: Blockchain security uses cryptographic keys to attest ownership, so it is critical to keep these secrets safe. Storing them in a central location, as in a hardware secure module (HSM), offers a target for attack and creates a single point of failure. RIDDLE&CODE Asset management solution never stores signing secrets. Our decentralized and agile architecture, with multiple hardware, is based on open standards, for both software and hardware, always to offer a best-of-breed solution, bringing the agility to develop new use-cases.
1. Trusted node prepares the raw transaction and sends to the signature devices
2. Signature devices sign transaction with their Shamir secret slice
3. Master signature device collects and decrypts signature, recovers the master secret, signs the transaction and sends it to the trusted node. The master secret gets zeroised
4. Trusted node receives the signed transaction and broadcasts it to the ledger
RIDDLE&CODE bank-grade security is achieved by never storing signing secrets in a central location.
RIDDLE&CODE decentralised multi-hardware wallet setup enables different kinds of multiparty signature and avoids the single point of failure found in centralised key management systems based on HSM. We follow the stringent security requirements of high-value transaction environments, and transactions are signed with quantum proof algorithms. Security is further enhanced by the use of hardened and secure radio channels. Physical objects can be used thanks to our secure tagging and chipping technology and cryptography follows pkcs#11 standard.
RIDDLE&CODE wallet solution is built with an open and standardized architecture. The complexity of cryptography continues to grow, requiring recurrent peer reviews and research. Indeed, closed systems can no longer deliver the needed trustworthiness.
Public designs for both code and hardware avoid any vendor lock-in and let customers always choose the best-of-breed components from their supplier and partner ecosystem. Customers can even fork their own developments where required.
RIDDLE&CODE solution is Swiss regulatory compliant through code review and process auditing by certified institutions and follows the FIPS 140-2 certification.
Our clients can develop new block-chain-enabled use-cases including non-fungible physical asset classes.
Organisations can adapt signing processes with new crypto algorithms in hardware wallets, to offer the greatest process agility. The number of signature devices required to sign a transaction can be configured - say from 3 to 4 out of 6 traders to sign off.
Controlled time-delay enables transaction co-signing in different time-zones. New token-based use cases enabled by crypto tagging of physical object.
RIDDLE&CODE asset management solution introduces a new level of security by never storing signing keys on any device, enabling new uses cases through co-signing and leverages open source standards to remain best-of-breed.
DISTRIBUTED SIGNING - USE CASE EXAMPLES
DISTRIBUTED SIGNING #1
BANK TO BANK MULTISIGNATURE
High value transactions get signed by three traders in the Switzerland headquarter and by the CFO, currently on a business trip, in Singapore.
DISTRIBUTED SIGNING #2
High value transactions get signed by two traders in the bank, the client gets notified and co-signs to complete the transaction.
1. Why does this solution represent a new level of security?
Traditional HSM solutions store signing keys on a central device. These hot (online) central devices represented the main vulnerability in most of the recent crypto hacks. Our solution avoids this single point of failure by introducing a decentralised architecture where keys are never stored on a single device.
2. Is the solution compliant with regulatory provisions?
Yes, the asset management solution is deployed at Swiss banks and has been accepted by Swiss regulatory bodies following a comprehensive audit by internationally certified auditors. RIDDLE&CODE asset management solution is in the process to attain European regulatory compliancy.
3. Can I only manage cryptocurrencies?
No, the solution is designed to support any form of digital tokens.
4. Which crypto currencies do you currently support?
Currently our solution supports all bitcoin related currencies, Ethereum and Ethereum tokens, IOU ledgers (like Ripple and Stellar) and graph-based ledger cryptocurrencies (e.g. IOTA, EOS ...)
5. Can only banks use the asset management solution?
At the moment the solution is a B2B product with a focus on banks, insurances, funds and exchanges etc.
However, the solution can be adopted by anyone, e.g. high net worth individuals or parties interested in applying true co-signing schemes to their asset management.
6. Can the solution interact with third party systems?
The product provides an industry standard Python RESTful API that enables interfacing and sharing any required data with external systems, e.g. core banking systems like AVALOQ, T24 etc.
7. Which pricing or business models apply?
The fee schedule comprises of a flat license fee (software, hardware, support). Final fee structures are a result of contract duration and level requirements.