Stealth-mode crypto custody specialist Shard X has claimed a breakthrough, being the first company to successfully run math-heavy, multi-party computation (MPC) on hardware security modules (HSMs).
So why does this alphabet soup of security tech matter?
In summary, HSMs are a battle-tested way to store private keys, particularly popular in consumer products like Ledger and Trezor. MPC, which breaks up cryptographic keys into shards and distributes them, is growing in popularity with custody tech providers like Fireblocks and Curv. But one challenge with MPC has been where to store key shards: The whole process was thought to be too computationally heavy to run on hardware.
Solving this problem is important because banks, which are gradually edging towards crypto custody, generally like and trust HSMs. So a combination of battle-tested, bank-grade HSMs, combined with cutting-edge MPC is probably the type of tech those institutions will be looking for, says Yaniv Neu-Ner, co-founder and CEO of Shard X.
Shard X has successfully run MPC tests with Entrust, a provider of nShield HSMs to major custodians, said Neu-Ner, and is now working on running MPC with a number of firms offering HSMs, such as Utimaco.
“Our big breakthrough is that we’ve managed to compress and optimize the MPC code so that it can run on bank-grade HSMs, something people in this space never thought was possible,” said Neu-Ner. “Now, you can take an MPC key fragment and store it on an HSM to make sure you don’t get breached.”
Wallet providers, custodians and exchanges all need bank-grade security for crypto-wallets and to secure and manage multi-million dollar assets across multiple blockchains, said John Grimm, VP strategy and business development at Entrust.
“ShardX has implemented multi-party computation (MPC) technology on Entrust nShield hardware security modules (HSMs) to ensure the integrity and secure processing of private key fragments that protect the blockchain, offering high assurance secure key management and a secure, safe and simple way to access digital currencies,” said Grimm via email.
There are a lot of smart people working on MPC, so how did nobody else solve this problem?
Neu-Ner said the credit goes to his team, which managed to combine equally strong math and engineering backgrounds, in particular his CTO Nikita Lesnikov.
“[Lesnikov] is just an exceptional mind,” said Neu-Ner. “He was the one who figured it out. I imagine now that we are announcing it, the competition will start working on the same challenge, and I think they will get there. But it’s a big breakthrough to be first.”
Shard X likes to take a back seat, licensing its software to custodians. In terms of how this breakthrough is being peer-reviewed, MPC code auditor Trail of Bits has been selected to continually audit the work.
For Neu-Ner, a combination of the best of both worlds is an essential step in the evolution of crypto custody.
“As this industry grows, there’s going to be more and more value at stake, and right now we are seeing exchanges getting hacked fairly regularly,” he said. “So I don’t think one technology will be enough. The future I see is that you combine multiple technologies to create the most secure custody solutions.”
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.