Liminal secures FSP license from FSRA in ADGM   Read more

Key Sharding’s Role in Digital Asset Security

Team Liminal

Share this article

As the scope of digital assets and blockchain continues to expand, scalability emerges as a widely discussed topic in envisioning their future.

Beyond the use case of cryptocurrencies, blockchain technology is now positioned to transform industries such as supply chains, fintech, real estate, and more. However, to realize its full potential, the infrastructure must address certain limitations that hinder its widespread adoption.

Among these challenges is the time-consuming nature of transaction processing, a significant hurdle to scalability. In response, startups, developers, and blockchain platforms like Ethereum have developed and tested sharding as a process to tackle this issue.

Unlock the potential of digital assets for your institution

Key takeaways

  • Sharding, a database partitioning technique, is under consideration by blockchain networks and is undergoing testing, particularly by Ethereum.
  • The growth in the number of users on blockchain networks can result in a slower network and significant latency issues. Techniques like sharding can solve this.

What is key sharding?

Key sharding, also known as Shamir’s Secret Sharing, is a method that involves breaking down a private key into distinct pieces or shards. Each shard becomes ineffective on its own, requiring the assembly of a sufficient number of shards to reconstruct the original key.

A predetermined number of shares must be combined using a specified algorithm or protocol to access the assets associated with a private key share.

Secure and manage your digital assets with Liminal

This technique has gained prominence amongst digital asset custodians, offering significant benefits in terms of data storage, performance optimization, and security enhancement. Multi-party computation (MPC) leverages key sharding to provide institutional clients with top-tier security standards. This involves requiring a specified number of key shares (e.g., 3 out of 5) to validate a transaction for signing.

Sharding and Security Considerations

A key challenge in the implementation of sharding pertains to security. While each shard operates independently, handling its data, concerns arise about the security implications of shard corruption—instances where one shard gains control over another, leading to the potential loss of information or data.

If we conceptualize each shard as a distinct blockchain network with its authenticated users and data, there exists a security vulnerability where a hacker, through a cyber attack, could seize control of a shard. Subsequently, the attacker might introduce false transactions or deploy malicious programs.

Ethereum, a leading blockchain company, is at the forefront of sharding experimentation to address latency and scalability issues. Ethereum’s strategy involves introducing 64 new shard chains post-” The Merge,” a phase where the Ethereum Mainnet integrates with the Beacon Chain proof-of-stake system. To mitigate the risk of shard attacks, Ethereum randomly assigns nodes to specific shards, constantly reassigning them at unpredictable intervals. This randomized approach makes it challenging for hackers to predict when and where to compromise a shard.

It’s crucial to emphasize that sharding is still in the early testing phase for blockchain networks. Consequently, various potential issues and challenges associated with its implementation are yet to be fully addressed.

What is Distributed Control Rights Management?

In particular, Distributed Control Rights Management (DCRM) technology ensures the complete security and confidentiality of private keys during the cross-chain mapping process. This marks a groundbreaking achievement, demonstrating the possibility of managing and controlling private keys in a distributed manner for the first time globally. To realize this function, numerous wallets employ sharding, homomorphic encryption, and zero-knowledge-proof technologies.

Presently, when digital assets are under the custody of individuals or exchanges, the corresponding keys controlling these assets are typically stored in a single centralized location. This single point of failure could be the user, a third-party wallet provider, a centralized exchange, or another custodian. Private keys are vulnerable to compromise through accidental loss, theft, hacking, phishing, and fraud. Such unfortunate incidents are everyday experiences for both early and seasoned adopters of cryptoassets.

Protected handling of private keys:

The authority over private keys translates to control over digital assets. A secure solution for private key custody should safeguard against exposing private keys throughout the generation, storage, or utilization of Locked-in digital assets.

Security considerations regarding private key sharding:

Maintaining the entire private key in a single location makes it susceptible to targeted attacks. Custody providers opt for sharding, breaking the private key into smaller pieces, and distributing them across multiple nodes to ensure private key security.

It is crucial that the private key isn’t initially generated as a whole and subsequently divided into shards; instead, it should be generated in a distributed manner from the outset.

When a sharded private key is employed to sign a transaction, nodes cannot assemble key shards, thereby preventing any compromise of the complete private key.

Secure Hardware Modules:

Hardware Security Modules (HSMs) are physical computing devices meticulously designed to provide a secure environment for storing and managing data. They offer tamper-evident, intrusion-resistant protection and management of cryptographic keys.

In the context of digital asset custody, HSMs can be employed to store a wallet’s private keys securely directly on the physical device. They serve as a means to access a digital asset wallet or to secure backups.

HSMs deliver a high level of security for sensitive information such as cryptographic keys or wallet private keys, ensuring compliance with security standards and regulations. These devices are intentionally disconnected from the Internet, allowing only the physical device holder to execute operations when necessary. This design prevents unauthorized access, requiring potential hackers or attackers to be physically close to the HSM to compromise an investor’s funds. Historically, HSMs have been utilized for payment and banking security, recognized under international security standards like the Federal Information Processing Standards (FIPS) by the National Institute of Standards and Technology (NIST).

Shards and Split Private Keys

Sharding divides the pre-BIP39 (the entropy used for generating the recovery phrase) version of private keys. Each fragment serves as a “share” of the private keys, with individual fragments being functionally useless on their own.

In a scenario with 3 shares, a reconstruction threshold of 2 out of 3 shards is required to rebuild the private key and gain access to the wallet. This approach enhances wallet and digital asset security by introducing a level of complexity for potential compromises.

Sharding private keys eliminates the risk associated with a single point of failure, offering an improvement over storing the complete recovery phrase as a whole.

Technically, the greater the number of shards or encrypted fragments, the more robust the security of the private key. For insights into how Ledger incorporates sharding in private keys, explore the secure distribution of shares in Ledger Recover.

Sharding as a solution

In the quest for a resolution, pioneering blockchain developers turned to contemporary database solutions for inspiration. Within the database storage realm, sharding, which involves dividing the data body into interconnected layers or shards, has established itself as an industry standard. By establishing links between these layers, accessing stored information becomes significantly faster, as queries follow a connected route rather than traversing the entire database bit by bit.

In the context of blockchain solutions, developers apply a similar concept by dividing the public ledger into shards distributed across numerous nodes in the network. Those seeking access to a specific segment of the ledger can efficiently do so by navigating a chosen path of nodes to locate the correct node housing the relevant information.

In sharded blockchains, the complete ledger can be assembled and examined through key sharding or Shamir’s Secret Sharing. Key sharding involves distributing the blockchain’s data and the corresponding access keys across the network’s nodes. To access all the data, a user on one node must connect with others on different nodes, holding access to the remaining shards of data. In a sharded blockchain, only a few distinct keys, such as 3 or 4, are needed for full access, even when dealing with thousands of keys.

Securing digital assets using HSM

Custody providers employ a comprehensive array of security measures and tools in their custody solutions, catering to various wallet types. Currently, custody providers provide crypto wallets and cold storage solutions.

For users of digital asset wallets, client funds are safeguarded through Hardware Security Modules (HSMs) and other hardware security devices. Hardware security devices isolated from the Internet are dedicated to securing access to computers, networks, and online services supporting public-key cryptography and authentication.

The wallet generation process is initiated via the HSM, incorporating an integrated Key Management Server (KMS). The KMS facilitates the encryption, wrapping, and storage of private keys. Upon a client’s transaction request, transaction authorizers receive notification and must approve or disapprove the transaction. Following the M/N consensus scheme, where N represents the total number, a designated number of hardware key holders must authorize the transaction signing. Once approved, the transaction is broadcasted to the blockchain and executed.

Clients opting for cold storage solutions benefit from protecting their private keys through a combination of HSMs, key sharding, and other hardware security devices. Cold wallets are initially generated for the client using HSM, and the private key is subsequently sharded, with each shard securely stored on separate hardware security devices. When a client intends to access their assets, Liminal custody’s dedicated operations team operates in an air-gapped environment to access the hardware security devices holding the key shards, facilitating the execution of the corresponding transaction.

Conclusion

As discussed above, key sharding is a strategy involving the distribution of private keys and transaction data across multiple shards. Each shard is tasked with storing and processing a specific portion of the overall data. The objective is to divide the data into smaller, more manageable segments, thereby distributing the computational workload. This approach aims to improve system efficiency and prevent any single entity from having complete control over the entire key.

Related Topics:

How Does Key Sharding Protect Your Assets?

What is a Crypto Hardware Wallet, and How does it work?

More on Crypto

In the fast-paced world of digital asset management, accuracy and completeness of transaction records are paramount….
October 28, 2024

Find out what is the Ideal Custody Solution for you