Qredo's dMPC Shield against Private Key Exposure

Published Oct 4, 2023
By Qredo Team

The crypto space, while offering an array of opportunities for financial independence and innovation, also harbors security lapses which can lead to catastrophic losses.

A problem as old as crypto: Vulnerabilities in key storage

Two recent incidents highlight the stark vulnerabilities tied to conventional key storage methods.

The CoinEx hack

On September 19, 2023, CoinEx, a Hong Kong-based cryptocurrency exchange, reported a staggering loss of $70 million due to compromised private keys. The hackers managed to gain access to the exchange’s hot wallets, making away with a significant amount of tokens. Despite the fact that CoinEx did of course attempt to actively work towards addressing the security breach and compensating affected users, the incident underscored the inherent flaws in traditional centralized custodial systems.

The OracleSwap debacle

In another grim episode, OracleSwap, a decentralized exchange (DEX) protocol on the Songbird and Flare Networks, had its operations suspended due to the compromise of its private keys. This debacle arose from inadvertently exposing private keys whilst making its code open source, a laudable move intended to foster transparency and community engagement but unfortunately in this case one that involved a fatal human error, so it appears. The situation escalated to a point where delegates on OracleSwap were advised to shift to other FTSO operators to prevent potential exploitation by malicious actors. 

 These incidents are symptomatic of a larger issue plaguing the crypto domain: the geographical and local vulnerabilities associated with key storage. The traditional approach of centralized key storage or even centralized multi-party computation (MPC) solutions still presents a glaring single point of failure. Whether it's the risk of external hacking as seen in CoinEx's case or internal human errors leading to private key exposure as with OracleSwap, the stakes are undeniably high.

Qredo's solution: dMPC, a new dawn in crypto security

Qredo presents a unique and powerful solution that fundamentally addresses the core issue at hand. Indeed, as the ecosystem continues to develop, this core infrastructure will be ever more crucial.

By leveraging a unique implementation of distributed multi-party computation (dMPC), Qredo all but eliminates the single points of failure associated with traditional private key management.

Unlike conventional setups where a centralized entity holds the keys or control is vested in a few, Qredo’s dMPC distributes the computational efforts required for transaction signing across multiple nodes. This distribution ensures that there's no single private key anywhere for hackers to target, nor a centralized database unlike many other MPC providers, which can be compromised due to human error or malicious insider activities. 

Moreover, Qredo’s protocol extends beyond securing assets, to fostering interoperability among different blockchains. This holistic approach not only enhances security but also propels the DeFi ecosystem closer to the decentralized future we envision.

The stark contrast between the calamitous outcomes of the CoinEx and OracleSwap incidents and the robust, distributed security infrastructure offered by Qredo paints a very clear technical picture, underlining the urgent need for a shift in how we manage and secure digital assets in this developing DeFi ecosystem.

No single points of failure: No coin left behind

In the realm of crypto custody, Qredo works as a vanguard with its secure approach centered around distributed multi-party computation (dMPC). The core essence of Qredo's mission lies in its undeterred commitment to decentralization.

Here’s a deeper dive into the various facets of Qredo's innovative solution: 

  • Distributed control through dMPC: The cornerstone of Qredo's security paradigm is its dMPC technology. This architecture ensures that the computational efforts required for signing a transaction are distributed across multiple nodes. In doing so, Qredo effectively mitigates the core vulnerability associated with having a single point of failure in traditional private key management solutions; from hot wallets to cold wallets, to custodian offerings. 

  • Migration to Trusted Execution Environments (TEEs): In a significant leap towards enhanced security, Qredo transitioned its validator nodes to Trusted Execution Environments (TEEs) on-cloud, marking the first step towards achieving multi-cloud decentralization. Utilizing state-of-the-art TEE technology, Qredo ensures that operational data remains shielded from third-party view, including Qredo itself, amplifying the privacy and security of users’ digital assets. This not only aligns with Qredo's ethos of decentralization but also enhances the performance, scalability, and resilience of Qredo Network. 

  • Avoidance of custodians: The dMPC technology heralds a new era where the necessity for custodians is obviated. Unlike traditional setups where assets are held by third parties, Qredo ensures assets remain under the control of the users. 

  • Interoperability: Beyond security, Qredo's dMPC facilitates interoperability among different blockchains. This is a significant stride towards a cohesive DeFi ecosystem where assets and data can flow seamlessly across different blockchains, thus opening up a realm of possibilities for decentralized applications and financial products. 

  • Customizable governance over Qredo wallets: Qredo empowers users with the ability to customize institutional access to Qredo Wallets. By enabling users to set personalized policies for transaction authorization, Qredo enhances not only the security but also the flexibility of digital asset management. 

Qredo's trajectory is clear: to provide a secure, on-chain self-custody solution for digital assets, embodying and championing the purpose of the ongoing blockchain technology revolution. 

Mapping it out: How distributed storage changes everything

As the narrative of crypto security continues to unfold, the deficiencies of traditional key storage mechanisms are ever more glaringly apparent. The centralized model, in its various manifestations, has shown time and again to be a weak link in the blockchain.  However, with Qredo’s innovative approach, the gameboard of crypto security is being redesigned. Here’s a detailed exploration. 

The dMPC advantage

Qredo’s dMPC technology is a quantum leap from the conventional. By distributing the computational efforts required for transaction signing across multiple nodes, Qredo effectively decentralizes the storage and management of private keys. This is a calculated dispersion that ensures no single entity has control or access to the entire key. 

Enhanced accessibility and usability

Besides bolstering security, the Qredo platform significantly enhances the accessibility and usability of crypto assets. Qredo provides a balanced blend of security and convenience, making it easier for both institutional and retail investors to manage their crypto portfolios without compromising on security. 

Secure asset transfers

The distributed nature of dMPC also ensures that asset transfers are secure, swift, and seamless. By eliminating central authority, the delays, lack of control and potential vulnerabilities associated with centralized custodians are eradicated. 

Community governance

Qredo's pathway towards a decentralized architecture is evidenced by its firm commitment to community governance. This allows for a collective decision-making process, ensuring that the power dynamics are evenly distributed and not concentrated in the hands of a few.

Future-proofing crypto security

 As the crypto space evolves, so does the sophistication of the threats. Qredo’s forward-thinking approach with dMPC lays a strong foundation capable of adapting to emerging challenges. This distributed framework is designed not just to neutralize the threats of today but with a vision to combat the security challenges of tomorrow. 

Encouraging uptake of the DeFi ecosystem

By addressing fundamental security concerns through distributed on-chain custody, Qredo is playing a pivotal role in enabling global uptake and driving the broad adoption and growth of the DeFi ecosystem. 

The transition from traditional key storage mechanisms to distributed storage via dMPC is more than a shift; it’s a great stride towards redefining crypto security.  

As Qredo continues on, the ripple effects of this innovative approach are bound to be felt across the DeFi landscape, conveying the crypto community closer to a more secure, decentralized future. 

Create a Qredo Accounr