Best Practices for Enterprise Crypto Account Management
Andreas Vogel and Kai Schmitz-Hofbauer
This is Part I of a three-part article series
Introduction
Web3 technology has the promise to take digitalization of business processes to a new level by being leveraged for cross-enterprise processes. A more in-depth discussion of these opportunities can be found here.
Distributed ledgers and smart contracts will, however, not disrupt existing enterprise systems such as ERP (Enterprise Resource Planning), SCM (Supply Chain Management), SRM (Supplier Relationship Management), CRM (Customer Relationship Management), etc. Instead they will interface these systems and enable transactions between them.
A critical prerequisite for participating in the Web3 are accounts on distributed ledgers and their management through wallets and other means.
In this article series we introduce and discuss the technology choices (Part I), introduce best practices (Part II) and explore relevant use cases (Part III).
Part I Accounts and Wallets
Accounts
In order to participate in the Web3 ecosystem, i.e. execute transactions on a blockchain, enterprises will need accounts for each blockchain they want to use. An account is made up of a cryptographic key pair: a public and private key. The private key is used to sign transactions, e. g. the transferal of funds, while the public key can be used to prove that a transaction is actually originated by the sender. The blockchain address is derived from the public key.
The private key is literally the key to your account and all the assets it holds. When you lose the key, you lose access to your assets. If someone gets access to your private key, they can access your assets, i.e. steal them.
Different types of wallets
A wallet is a software application simplifying the interaction with the blockchain. Wallets can manage multiple accounts and the assets in these accounts. You can also execute transactions from your wallet.
There are different types of wallets for different usage scenarios. Wallets can be custodial or non-custodial.
There is also a differentiation between hot and cold wallets. A hot wallet has a connection to the internet or to a device that has a connection while a cold wallet is by default disconnected. It need to be explicitly connected for executing transactions.
Custodial wallets
A custodial wallet is managed by an organization, the so-called custodian. The custodian stores and manages the private keys on their client’s behalf. In most countries, a custodian must hold a specific license to provide this service. Some custodians provide additional services, e. g. insurance against hacks. Popular custodians include Coinbase, Finoa, or Tangany.
Custodians offer different types of wallets. Two typical offerings are segregated wallets and omnibus wallets.
Segregated wallets
Segregated wallets provide separate accounts for client assets at all levels, including managing distinct private keys and distinct wallet addresses. Only segregated wallets offer the fullly transparent verifiability of a decentralized blockchain solution.
Omnibus wallets
In an omnibus wallet, crypto assets of multiple persons are being held in one account. The separation into different users and the management of these users takes place off-chain at a higher level software component.
Trading between users within the omnibus wallet is usually not executed on the blockchain, but only recorded in the internal ledger of the omnibus wallet. The internal ledger is in most cases not visible externally. This has the advantage of significantly reducing transaction fees. However, an omnibus wallet is a centralized solution on top of the decentralized blockchain layer rather than a truly decentralized Web3 approach.
Non-custodial wallets
End-user wallets
In the case of a self- or non-custodial wallet, the individual who owns the wallet is responsible for it. A wallet is secured by a seed phrase, typically a sequence of twelve words. With this seed phrase, you can create multiple instances of your wallet, let’s say one in your web browser on your laptop and a wallet app on your phone.
The burden of keeping the seed phrase safe and accessible, a non-trivial task, is with the owner. Substantial crypto fortunes have been lost because the owner didn’t have the seed phrase anymore or because it was stolen. It is also vulnerable to hardware or software failures. Typically, each wallet has its own individual password. You can also create new wallet instances, for example if you forget the password or you lose your phone. But you must provide the seed phrase to do so. This kind of security measures also limits the possibility of assigning administrative and usage privileges to more than one person.
Non-custodial wallets come in two flavors, soft and hard wallets. A soft wallet is a software solution in the form of a browser plug-in or a mobile app. Metamask is one of the most popular soft wallets. Hard wallets, hardware similar to an USB drive, can be disconnected from the internet and stored in a safe. Ledger is a popular hard wallet.
Wallet approaches for programmatically interaction with the blockchain
Transactions can be initiated from a human user using an user interface or programmatically via an API (Application Programming Interface). All major enterprise-ready custodial wallet providers offer an API for programmatic access and integration of the wallet.
Some applications need to interact with the blockchain directly — e. g. for minting an NFT or performing a token transfer. One option to implement this, could be that the application software uses the private key of the associated blockchain account to authorize the transaction. But this approach would be prone to hacker attacks. A much more secure solution would be to use a special kind of soft wallet. It is highly recommended to entrust the management of key material to an external process or service that is optimized for the secure key storage and secure execution of signatures.
Enterprise key management solutions have been created to address this. Solutions are available from the big hyperscalers as well as niche providers. One advantage of these solutions is that the private key never leaves the service and the required signatures are executed by the service itself in a secure environment. Very well suited for this kind of automation are the AWS key management services (KMS) or the Microsoft Azure key vault service. Both services support Ethereum compatible ECC keys and signatures (Elliptic Curve Cryptography). A detailed description of how to set up a corresponding Web3 solution based on AWS can be found here. Still one challenge is to properly manage the access to the key management service itself.
Social recovery wallets
Social recovery wallets counteract the single point of failure loss of the private key. There is still a single “signing key” for the approval of transactions. It is possible to define a certain odd number of guardians, which allow resetting the signing key by majority vote. Guardians can for example be persons with special trust positions like friends and relatives, paid third parties or hardware wallets. Social recovery wallets are usually based on a smart contract.
Multi-signature wallets vs. multi-party computation
Multi-signature wallets and multi-party computation are two different technologies that are often used for similar purposes, such as providing security and enabling collaboration.
Multi-signature wallets are a type of cryptocurrency wallet that uses multiple private keys to authorize a transaction. This means that multiple parties must sign the transaction using their private keys in order to spend the funds in the wallet. This can provide an added layer of security, since it means that an attacker would need to compromise multiple private keys in order to steal the funds.
Multi-party computation, on the other hand, is a type of cryptography that allows multiple parties to jointly compute a function over their inputs without revealing anything to each other except for the output of the function. This is achieved by using secure protocols that split the inputs and intermediate results into shares that are distributed among the parties, such that no individual party has access to the complete input or result.
One key difference between the two technologies is that multi-signature wallets are specifically designed for use with cryptocurrencies, whereas multi-party computation can be used for a wider range of applications. Additionally, multi-party computation allows for the computation of arbitrary functions, whereas multi-signature wallets are limited to signing transactions. Finally, while both technologies can be used to enable secure collaboration, multi-party computation provides stronger security guarantees, since it prevents individual parties from learning anything about each other’s inputs or intermediate results.
To be continued.
