Dfns Labs and Cryptosat announce the Space Wallet: a New Era of Secure Transactions 🛰

Cryptosat is excited to report on the progress of our partnership with Dfns Labs (part of Dfns), resulting in the testing of what we called a Space Wallet. Space Wallet is a solution for protecting sensitive high-value transactions using an MPC protocol that uses satellites as co-signers.

Key-custody solutions use Multi-Party Compute (MPC) and, more specifically, Threshold Signature schemes to allow the sharing of a private key between multiple signers that need to collaborate to approve a transaction. While this solution prevents a single point of failure, it is only as secure as the wallets that store the key shards. Securing the APIs and writing bug-free software is one step in this direction, but that pushes attackers to employ more sophisticated attacks requiring physical access or administrative access to the node storing the keys. To provide an extremely high level of security, we want to completely eliminate any possibility of stealing the key share of at least one of the co-signers. Storing the key share in space puts it out of reach of even the most motivated attackers that are willing to employ sophisticated techniques enabled through physical access to extract it (cold boot, CPU and memory access pattern side-channel attacks, etc.).

Storing keys in space provides this kind of security since satellites in orbit are completely out of reach and tamper-proof, and an attempt to get close to a satellite can be easily identified (more on that in a previous post). Cryptosat builds crypto-satellites for exactly those kinds of use cases. We deployed a threshold signing scheme called Frost, originally designed by cryptographers Chelsea Komlo and Ian Goldberg and implemented by Dfns Labs in Rust, on our satellites. Cryptosat also provides an asynchronous API that enables users to request a crypto-satellite to generate a threshold signature share over a given message. Dfns Labs then used the API to generate signatures over actual Bitcoin transactions compatible with the Bitcoin blockchain.

Cryptosat ensures auditability, such that if a transaction is spoofed via ground infrastructure compromise, the incident will be logged by the satellite’s immutable transaction audit ledger, helping track the associated attacker information. Additionally, the satellite can enforce security policies such as taking additional measures to approve it if it is above a certain value, for example.