Published Mar 15, 2021
By Sonny Azeez, Qredo Community Manager
Crypto can be quite the Jekyll and Hyde affair.
One minute, you are on an unfettered quest through a boundless universe, empowering everything around you. The next minute, everything wants to overpower you. That unwieldy wallet interface suddenly acting up as you are about to transact. This gas fee spiking up as you are about to send. That weird typo in your wallet update which may or may not be indicative of something malicious. Your phone freezing up.
With all these uncertainties continually nagging at the fore of the minds, it's no wonder crypto custody often feels like an edgy stroll through the Shogun of Harlem's backyard.
Snake in the Monkey Shadow
Stealing the keys to a stranger's house is one thing; knowing what those keys unlock and the value of the items inside is a different issue entirely.
On the blockchain, however, there is rarely any room for doubt. Most blockchain explorers will let you see where everything and anything is - and its current market value. You could even claim those addresses as yours without providing any proof. The only barrier between you and those assets is where the private key resides, but when the owner considers cloud storage as their primary storage medium, you may as well be stealing candy from a baby.
Private key management remains the biggest source of concern for crypto-asset custodians; a centralized kink in what should have been a perfectly decentralized armour. The Multi-signature (Multisig) wallet adds an additional layer of security through their multi-signatory requirements for funds interaction. However, its steep learning curve, technical requirements, and dependence on third-party service providers continue to be limiting factors.
First Line of Defense: MPC
Ultimately, users would prefer to custody their own assets without sacrificing security or settlement time. Qredo's unique implementation of Multi-party computation (MPC) for decentralized asset custodianship and cross-chain liquidity is a groundbreaking step in the right direction. With MPC enabling parties to jointly compute outputs without knowing the inputs of the other party, public wallet addresses can be created without requiring a private key. A threshold signature scheme further removes the possibility of any vulnerability resulting from private key disclosure to any malicious actors.
Second Line of Defense: Multi-User Authority
At the core of it though, you are still living in a glass house with no blinds.
Or are you?
On the Qredo network, users can customize their custodian groups, set up trusted parties and rules governing fund transfer. They can also customize roles for different members. What this means is that a trader has no business looking up your corporate treasury. Roles are not transferable.
There are two main groups on the network:
The Principal manages fund creation for assets and assigns a custodian policy for the fund. This policy is a digitally signed document assigning governance to Custodians for fund interactions.
Approvers are actors who are prepared to act as overseers of assets within a fund on the network. They work together to generate digital signatures over messages confirming transfer approval, atomic swap or settlement of a crypto asset belonging to the fund.
Third Line of Defense: Qredo Blockchain
For every asset on Qredo blockchain, the MPC protocol generates multiple independent secrets that are distributed to nodes on a fast-finality blockchain. Creating any transaction is dependent on the nodes and they are responsible for committing new blocks on the blockchain. These validators participate in the consensus protocol by broadcasting votes which contain cryptographic signatures signed by the validators.
Through consensus, you can pass the ownership of assets to other owners. Any asset protected by the protocol can exchange its rights with participants on the network. Rights can be exchanged indefinitely and instantly between participants. Complex transfer rules can also be built on the protocol.
Fourth Line of Defense: Global Node Distribution
Qredo nodes are globally distributed across six Tier 4 data centres in New York, Chicago, London, Hong Kong, Singapore and Tokyo. These are the same data centres Tier 1 banks use. Inter-Node and MPC communication takes place over a private secure network.
Fifth Line of Defense: Tamper-Resistant Hardware
MPC nodes are hosted in tamper-proof hardware and their secrets encrypted. Any attempt to tamper with the box will result in the device failing. Each node has its Block Signing Key store in a Yubikey, making it impossible to extract the signing keys. The devices hosting validator nodes are walled off from external interaction.
Sixth Line of Defense: Test and Audit
Qredo network has been independently audited by the NCC Group and Quantstamp. NCC Group is a global security leader working with public sector institutions and well known Fortune 500 and FTSE 350 companies. Quantstamp is one of the leading audit firms in the blockchain space, specializing in mission-critical features and scaling.
The protocol has also been peer-reviewed by world-renowned and heavy-duty cryptographer Dr. Michael Scott. Dr. Scott is the former Head of Computing at Dublin University and the originator of the miracle library, fork of the milago library. The MPC code is part of this library.
Blockchain security firm, Zokyo, pen-tested the network.
Seventh Line of Defense: Insurance
When it's all said and done, a chain is only as strong as its weakest link. The weakest link in this trillion-dollar industry is often insurance, which is why Qredo has insurance against malicious intent and theft from Lloyds of London, underwritten by Sompo. With the ability to customize your insurance plan, there’s an option to suit all.
Choki Motobu once said, “Nothing is more harmful to the world than a martial art that is not effective in actual self-defense”.
But with Qredo, you become a master of a Key Fu - a school of crypto self-defense that protects you at every step on the blockchain.
Cryptocurrency is changing the face of global finance, but that doesn't mean you have to jump at every shadow.