Distributed keys needed for multi-signature custody

Safety through multi-signatures

Published Date: January 28, 2019

Our community has voiced an interest in better understanding how we use multi-sig for our transactions and we wanted to pull back the curtain a bit to share how SALT prioritizes the security of crypto assets. So how does SALT execute on best-in-class security when it comes to crypto transactions? By building and leveraging a team with expertise in cyber security, accounting, and IT architecture.

To start with, what is multi-sig? Multi-signature (multi-sig) refers to the requirement that more than one key is present to authorize an action. The concept applies to physical or digital keys and has been around far longer than crypto.

While the Bitcoin protocol inherently has built-in multi-sig capabilities that can be easily seen on the chain, Ethereum does not expressly define how multi-sig should be implemented. Ethereum implements multi-sig through smart contracts designed by individual parties. In SALT’s opinion, these remain largely untested and need to accumulate a history of safety, prior to adoption. Our Ethereum transactions are not based on a multi-sig contract, but on a multi-sig process and technology internally.

How does this happen?

When the ETH key is created it is sharded into M of N parts, using a mathematical process that allows it to be rebuilt, and the original key is thrown away. This results in functional multi-signature, even though it is not a multi-sig address like Bitcoin.

Then when a transaction is requested, it goes through several rounds of digital and physical security checkpoints.

First the transaction must be initiated by a member on the SALT platform, or by our team internally. The transaction is then verified, reviewed, and ultimately approved by our accounting team. After the verification, a team of rotating signers place their keys (or key parts in the case of Ethereum) into a “digital safe” while a facilitator oversees the transaction. This group of signers changes with each transaction for added security. Given the key is broken up into an M of N series of sharded keys-parts, each separately encrypted, none of the participants will ever be able to see even a portion of a full key. Cryptocurrency kept within the SALT platform can never be moved by any one individual.

Think of the process as a house with a physical safe inside. That safe requires several physical keys to open, and for the homeowner to be present for any access to the money to be permitted. Similarly, our process requires a number of key-holders, the digital safe itself, and then a facilitator (homeowner), all to execute the move.

At SALT, we ensure security through process and technology to provide security in all of our transactions.

chevron-down