Blockchain Key Management:
A Great Challenge
Blockchain, with its application of the cryptographic distributed ledger architecture, is bringing exciting disruption across industries from cryptocurrency to supply chain management, real estate, asset tracking and more. However, we must not overlook the risk. For the first-time, private keys are directly tokenized into assets such as digital currencies, stocks, real estate & energy—and if the keys are lost or stolen, so are the assets.
However, traditional hardware-based key protection solutions used in high-trust use cases don’t work for well blockchain.
Among the many challenges:
Blockchain uses non-standard crypto (e.g. ECDSA secp256k1, Schnorr signatures) which most hardware solutions don’t support
Upgrading HW to support new cryptographic schemes requires lengthy developments and complex upgrades
Protection is now required not only for private keys but also for the seed (e.g. BIP 0032 HD wallets)
Multi-sig architectures require managing massive amounts of keys on the server side
Quorum authentication schemes used for ledger operations require approvers to hold keys in cumbersome, external hardware
Unbound Key Protection Built for the Present and Future Blockchain
Unbound offers a creative and unique solution for key security and key governance in blockchain. Freeing organizations from the burden of hardware, Unbound is a software-only key management platform that gives you hardware-level protection for transaction and ledger signing keys on public and private ledgers.
Strong seed and private key protection built directly into the app to secure wallets across all BYOD makes/models
Protects both the transaction signing keys and the ledger signing keys on private and public ledgers
Continuously expanded to support new blockchain cryptographic algorithms and quorum authentication schemes
Anywhere & Any Scale
Supports any environment including hybrid/cloud. Scales up indefinitely
Pure SW Solution
No hardware tokens, no HSMs – same level of trust, just without the hassle
In this example, a typical multi-sig transaction signing model is being used, where both the wallet key and the corresponding server side key are protected. The wallet key is protected using Unbound Crypto-of-Things (CoT) on the endpoint devices, while the server side key is protected using Unbound Key Control (UKC) on any public/private cloud, on-premises or hybrid cloud environment.
Unbound can be used to create a simplified and more secure single-sig model to protect transaction signing keys, where the wallet keys are guaranteed to never exist in the clear either on the wallet or on the CoT server. Compromising a key would require breaching both the endpoint and the server simultaneously.
Get an in-depth explanation of how Unbound uses MPC, a mathematically proven method to secure keys on any device.
How to Go Beyond BYOK with CYOK
Control Your Own Keys in the Cloud (CYOK) can ensure your sensitive assets remain secure even in the event of a breach.
Unbound Key Control
Learn how Unbound Key Control, the first secure-as-hardware key management system can protect your crypto keys anywhere.