PlasmaChain Validators: Next-Level Security with HSMs
Amidst the barrage of buzzwords and blockchain jargon, the last thing we need is yet another acronym in the mix. 🤦
…but bear with me, this is an important one!
As more networks launch and security practices evolve to suit these new kinds of distributed infrastructure, Hardware Security Modules (HSMs) are becoming an increasingly common part of the conversation. And for good reason!
The success and integrity of a DPoS blockchain depends heavily on validator security.
We’ve talked at length about how validators perform critical network functions (e.g. verifying and processing transactions, maintaining network consensus, participating in governance), so extensive security measures are a must.
HSMs provide the vital infrastructure component to achieve true industrial-grade security by enabling one of the most fundamental pieces — keeping a validator’s private keys safe and sound.
We recently rolled out HSM support for PlasmaChain, so thought it a good time to shed some light on just what these HSMs are all about and why they’re a crucial component…
Before We Dive into HSMs, a Quick Recap on Why Private Keys Are Critical…
We’ve said it before, and we’ll say it again — protection of private keys is paramount!
They are the one and only thing that will allow you to access and control your assets.
How’s it all work? Well, a private key is used to generate a digital signature for each transaction, which proves it was sent by the true owner.
Your possession of the key is essentially used as a means to verify your identity and ownership rights. Without it, it is impossible to sign transactions from your account, which means you can’t retrieve or move your assets.
On the flip side, if someone else obtains your private key, they can unlock your account and then sign transactions on your behalf. 🙅
While blockchain technology as a whole has proven exceptionally resilient, key management remains a point of vulnerability.
No matter how secure a given blockchain is, poorly managed keys can potentially expose the system to exploits.
These days, most end users typically opt for more convenient key management solutions like software wallets (MetaMask, TrustWallet, Coinbase), hardware wallets (Ledger, Trezor), jotting their key on a piece of paper and tucking away in a safe place, etc…
However, for integral network participants like validators, adopting an off-the-shelf hosted wallet or scribbling your key on a notepad would be severely insufficient.
They require a far more thorough approach to security, and that’s where HSMs come in.
HSMs Are Specially Designed Devices for Next-Level Protection of One’s Private Keys.
So what exactly is an HSM? It’s a physical cryptographic device that allows you to securely generate, manage, and store digital keys.
HSMs typically take the form of a PCI card or an external device that can be plugged directly into a computer or network server.
They are capable of such advanced security because they are specialized hardware, wholly dedicated to safeguarding cryptographic operations. The entire key lifecycle is happening within the HSM itself — provisioning, managing, storing, and disposing.
Conversely, in consumer-grade wallets, key management is only a subset of a broader feature suite. Such solutions tend to incorporate a range of additional functionality (e.g. browser, chat, UI, etc.), which significantly broadens the threat vector and reduces overall security.
What Really Sets HSMs Apart? Breaking Down the Secret Sauce…
Digging a bit deeper, HSMs bring a distinctive set of advanced capabilities to the table:
- Cryptography – Cryptographic keys must be random, and typical computers are unable to generate truly random values as they are finite-state machines. HSMs have special hardware that uses a physical process to achieve a true source of randomness.
- Key Storage – Keys live within the HSM device itself, rather than on a hard drive, in the cloud, on a piece of paper, in a photo, etc.
- Accessibility – Devices employ tamper-proof casing and logic to wipe data upon any physical breach. Additionally, to strictly limit access to authorized administrators only, the HSMs will be situated in a physically secured data center following highly controlled protocols.
- Performance – Hardware is optimized around a narrow set of specialized tasks, so it can perform millions of digital signatures per second, many orders of magnitude more than any normal server. This also off-loads the burden of more processor-intensive computation from the server.
So what do all these cool capabilities mean for PlasmaChain?
Strict, industrial-grade security. 🔐
Improving Key Management for Validators Dramatically Strengthens the Security of PlasmaChain as a Whole.
The network is only as strong as the validators maintaining it, so sound key management practices are an absolute imperative!
PlasmaChain validators will embed HSMs within their server hardware configuration to ensure secure and total control of their private keys.
This will allow them to sign block transactions and votes through the HSM, which means every network participant gets the assurance that when a new block is produced or a vote cast — it is derived from an authenticated and valid source.
By using this type of hardware-based digital signature generation and verification, it becomes exponentially more difficult to steal a validator’s keys.
Even in a worst-case scenario where their machine is hacked, it would still be virtually impossible to compromise the keys on the HSM.
Prospective attackers would essentially need administrative rights or physical access to the HSM itself in order give it their best shot — the odds of which are incredibly slim.
Last week, we kicked things off with announcing a strong set of initial validators. Now, by layering in HSM support we are equipping those validators with the tools to enable the strongest possible security and performance for PlasmaChain.
HSM Support Is Now Live for PlasmaChain Validators!
To begin, we will be supporting devices that can do EDDSA encryption with the ED25519 algorithm. A few weeks back, we (quietly) released support for Yubico’s YubiHSM 2.
The YubiHSM 2 covers all of the essential bases — generates, writes, signs, decrypts, hashes, and wraps keys. It is relatively economical at around $500 while still supporting a wide array of encryption algorithms, including those used for Bitcoin/Ethereum signing.
Going forward, we will roll out additional support for PKCS11-enabled devices that can do EDDSA encryption.
For detailed instructions on how to set up and configure the HSM for PlasmaChain, check out the Loom SDK documentation.
Loom Network is a platform for building highly scalable DPoS sidechains to Ethereum, with a focus on large-scale games and social apps.
Want more info? Start here.
Fan of blockchain gaming? Check out Zombie Battleground, the world’s first desktop and mobile card game that runs fully on its own blockchain.
And if you enjoyed this article and want to stay in the loop, go ahead and sign up for our private mailing list.