Published Mar 25, 2021
By Brian Spector, Chief Product and Technology Officer at Qredo
Blockchain is hailed as a cybersecurity revolution; transforming databases into decentralized trust engines that provide the perfect mechanism for peer-to-peer transfers — all without the need to trust a third party.
Yet the keys to this engine are not trustless. The strings of cryptographic code that spark the ignition — controlling transfers and deposits on the blockchain — are vulnerable to theft and loss.
Until now, these keys have typically been stored in databases, or shunted offline in hardware and paper crypto wallets; all arrangements that sacrifice accessibility and fine-grained control for the sake of very limited security.
Qredo introduces a new paradigm: decentralized custody for decentralized assets.
The security risk of centralized storage methods is well-documented. Private keys have been prised from hot crypto wallets with malware, bamboozled by internal employees, and hacked in endless different ways in an endless game of hide and seek (one that hackers are winning with $1.9 bn looted in 2020).
Less well-documented is the impact that storing private keys in this way has on liquidity. Following Satoshi's vision of self-sovereignty often means squirrelling away private keys in hardware crypto wallets, much like the plunder of pirates buried beneath the sand, where assets are subject to withdrawal delays and can't be readily deployed in the digital asset ecosystem.
Blockchain offers a way to provide robust security with no compromise to accessibility — ideal for safeguarding private keys.
This security is achieved by eliminating single points of failure. Each blockchain entry is received by nodes that must agree on the accuracy of the data before it is mined into the chain, creating a publicly auditable transparent record that is replicated by each node on the network. To compromise this decentralized record and falsify transactions, a potential hacker would need to simultaneously breach the majority of the nodes.
Nakamoto conceptualized the original blockchain in 2008 to solve the double spend problem and create bitcoin. Qredo takes the same principle and applies it to digital asset custody.
How it works
To decentralize private keys, Qredo uses the cryptographic breakthrough of multi-party computation (MPC), implemented using a Threshold Signature Scheme (TSS).
Shares of the cryptographic key are contained in the MPC nodes, which are distributed on the network. Together, the nodes generate a digital signature to sign transactions without ever producing a private key.
This is standard practice, but — in most MPC implementations — the private key shares are created and stored in multiple virtual machines, or vulnerable hardware enclaves like Intel SGX. These nodes are typically controlled by the same organization, leaving assets exposed to rogue employees, conspiring cloud providers, or other colluding partners that might decide to do a runner with the funds.
With Qredo, the MPC nodes are distributed between security-hardened tier 4 data centers distributed across global financial hubs, and controlled by the Qredochain.
The Qredochain is a Layer 2 network that provides an immutable registry of assets and activity. Each custodial operation — each transaction, each signature, and each change to wallet custodial policies — is mined into the blockchain. In this way, the network becomes the vault.
In Qredo V1, all MPC nodes are controlled by the Qredo team. This control will be gradually relinquished to the community in a secure step-by-step process leading to the fully decentralized promised land.
Why decentralized custody
In an ironic twist, decentralizing private keys helps knock down the hurdles that are preventing the biggest players of centralized finance from entering the digital asset market:
No private keys. In decentralized custody, signatures are securely mined through a consensus-driven MPC process, removing the critical attack vector of private keys.
Liquidity. As a Layer 2 network, ownership can be transferred instantly on Qredo instead of via slow and expensive underlying chains. This enables fast, low-fee settlement between venues on the Network, allowing traders to make multiple plays on different venues from one single pool of collateral in the Qredo Wallet.
Compliance. All transaction activity is recorded on-chain in immutable audit trails for easy reporting. Sender and recipient identities can be included for easy compliance with the Travel Rule.
Governance. This can scale to meet organizational needs through the appointment of unlimited transaction signers, with extended governance rights over assets wherever they are deployed; on trading platforms, DeFi protocols, or sitting in custody.
Visibility. All account balances and transaction data can be viewed in real-time from a single interface.
Integration. Qredo’s open source protocol facilitates user innovation and connection to their existing technology systems via an API.
To learn more about how Qredo decentralizes digital asset custody, download our yellow paper