Published Feb 7, 2023
By Qredo Team
Qredo Network Moves to Trusted Execution Environments
Qredo Network is a blockchain custody protocol, and our goal at Qredo is to be the most resilient and secure crypto custody service operation in the world.
But we aren't only aiming for our custody protocol to be the most secure, we want it to be the most accessible, and distributed blockchain custody protocol in existence. This is part of our vision and firm commitment to providing decentralized solutions for self-custody.
That's why we have moved our validator nodes to trusted execution environments, or TEEs, on-cloud, as our first step to going multi-cloud, on our roadmap to decentralizing our validator nodes.
Our core technology: Decentralized multi-party computation
The strength of our security solution lies in our decentralized multi-party computation (dMPC), which takes place whenever a user or team of users sign a transaction.
These computations take place in a distributed manner, solving a core vulnerability with existing blockchain security the world over — the single point of failure present with private keys. Since our computation is distributed across multiple geographic locations, there's no single private key anywhere for hackers to home in on.
The danger with the increasingly numerous MPC solutions being offered across the crypto sphere is simply that they are not distributed. Therefore the real problem still remains, of centralized custodial systems presenting a counterparty risk. Indeed there have been occasions in the recent past where large amounts of stored funds within centralized MPC services were lost due to human error with handling sharded keys.
The Qredo custody protocol: Democratizing true blockchain security
We have many ambitions for our custody protocol, including enabling others to build and scale on top of it, but a central purpose for Qredo is democratizing access to the unparalleled blockchain security this protocol can provide.
Until recently, our validator nodes have been housed in tamper-proof Hardware Security Modules (HSMs) in six of the most secure data centers in the world located in financial capitals around the globe.
Along with a catalogue of other protective layers, the distribution of these secure nodes provides an incredible degree of protection for our users.
These have remained entirely secure throughout their existence, but running nodes ultimately controlled by Qredo was never our long-term plan.
We are aiming at nothing short of decentralization at Qredo. What we are building here is designed to be a core support securing operations across the wider blockchain ecosystem for decades to come.
This is why we are setting the bar high for ourselves from day one – why we are committed to using open source as well as providing API access for developers. This is also why we have moved our nodes on-cloud, into trusted execution environments.
Qredo Network’s move to trusted execution environments
During 2022 we rolled out an upgrade to our validator software that saw us move to cloud TEEs, in preparation for our first third-party validators to come later this year.
When Qredo first started, trusted execution environments were neither as widely available nor as proven as they are today.
At Qredo, we are able to select from the many emergent implementations of state-of-the-art TEE technology which are now reaching the market, and are far more sophisticated than they were just a few years ago; offerings such as SGX, AWS Nitro, and GCP confidential spaces. TEEs offer highly desirable properties whenever dealing with secure operations such as decrypting shards or performing sensitive algorithms.
Due to the rigorous conditions of their operation, within TEEs, your data and operations are protected from view by any third party, even from the operator itself, namely Qredo. This further supports a core component of our service offering - only you and your team ever have access to your digital assets.
In the interests of providing the greatest resilience possible, Qredo intends to be both multi-cloud in its provision, and also to support self-hosted implementations as well as specialized data center solutions alongside the cloud.
This all supports our commitment to provide you with secure crypto custody of your own digital assets. No one should have control of your digital assets – except you.
The path to decentralized blockchain security
In our ongoing work to harden the Qredo custody protocol and its operations and to prepare for its coming decentralization with the introduction of third-party validators, we have built our core software in such a way that the trust required for a third party is minimized at every stage along the way.
This will enable us to transition to a distributed network of third-party validators with very little friction.
Planned upgrade of dMPC software and infrastructure to cloud TEEs
In early February, we are also planning an upgrade to our dMPC software and infrastructure to run on cloud TEEs, which will complete Qredo Network's migration to cloud TEEs and give us horizontal scalability, faster performance and greater resilience.
This will further support us in our overarching goal to provide a blockchain security solution to the wider ecosystem, which is firmly decentralized – since one piece of the puzzle for achieving this lies in our plan for Qredo to go multi-cloud.
Resilience through decentralized blockchain security
In keeping with our goal of providing a truly decentralized service to the blockchain sector is our goal of removing any key reliance on any one provider – and this means going multi-party, multi-vendor, and with a multi-region decentralized network of validators.
We know that this is the way to make Qredo Network and the security of your custody of digital assets, as resilient as possible.
We have built out your ability to govern institutional access to Qredo Wallets with just the same values in mind. You can set customized policies over which team members can authorize transactions, helping to ensure backup in case one member is locked out; supporting the security of your access to and custody of your own digital assets.
At Qredo, we know that the secure decentralized self-custody of digital assets sits right at the heart of the revolution that is blockchain technology. The technology that is built in support of this will, in fact, represent the second revolution in blockchain, and one that is urgently needed.
That's why at Qredo, while we are certainly here for the long-term, we never stop building – because we are here working to secure the future of blockchain.