Escrow and key management services

The strongest two-factor authentication and the use of multisig crypto wallets are the most reliable method of protecting and authenticating purses of cryptocurrencies. Multisig wallets are used in Bitcoin, Ethereum and other cryptocurrencies.

We provide the escrow service and storage of one of your private keys, the use of which is described in advance in a contract between the CRYPTOSEC and Your company. The customer’s private keys are stored in accordance with banking requirements in a secured banking safe for long term or HSM (Hardware Security Module) for short term smart contracts.

This service is applicable to any other authentication procedures that use two-factor authentication or several private keys, for example, access to critical infrastructures, data warehouses, crypto assets and others.

This service is also applicable as a escrow for conducting ICO (Initial Coin Offer), which allows the ICO project to gain additional investor confidence and stimulate investment growth.

We also provide security for transactions using our escrow service.In cases where a buyer needs to make a deal with someone he does not know or trust, this service can help both the buyer and the seller.

A buyer wants to trade with somebody he doesn’t know or trust. In the common case where the transaction goes well, the client doesn’t want any third parties involved. If something goes wrong though, he’d like a third party to decide who gets the money – perhaps a professional dispute mediation service. Note that this concept can apply to either buyer or seller. The mediator might request proof of postage from the merchant, for example.

In other words, one wants to lock up some coins so a third party has to agree in order for them to be spent:

  • Agree with the merchant on a dispute mediator (e.g., ClearCoin).
  • Ask the merchant for a public key (K1). Ask the mediator for a public key (K2). Create a new key for yourself (K3).
  • Send the merchant K2. The merchant challenges the mediator with a random nonce. The mediator signs the nonce with the private form of K2, thus proving it really belongs to merchant.
  • Create a transaction (Tx1) with an output script as follows and broadcast it: 2 <K1> <K2> <K3> 3 CHECKMULTISIGVERIFY

Now the coins are locked in such a way that they can only be spent by the following methods:

  • Client and the merchant agree (either a successful trade, or merchant agrees to reimburse client without mediation)
  • Client and the mediator agree (failed trade, mediator sides with client, like a charge-back)
  • The mediator and the merchant agree (goods delivered, merchant gets client’s coins despite the dispute)

When signing an input, the contents are set to the connected output. Thus, to redeem this transaction, the client creates a scriptSig containing zeros where the other signature should be, signs it, and then sets one of the slots to his new signature. The partially-complete transaction can then be sent to the merchant or mediator for the second signature.


Where we store private keys ?

Private keys are securely stored for long term smart contracts in a bank safe deposit safe or for short term smart contracts at Hardware Security Modules (HSM), which comply to Common Criteria Evaluation Assurance Level (EAL) 4+ certification and FIPS-140-2 level 3, a standard defined by the US National Institute of Standards and Technology. Infrastructure also complies to PCI Security Standards

Hardware security modules (HSMs) are crypto – processors that securely generate, protect and store digital keys. Keys stored in the Thales HSM architecture cannot be extracted or used except under a highly controlled protocol. The new solution is based on the widely used nShield HSM developed by Thales and creates a simple path to large – scale commercial use of blockchain technology.

Security of a blockchain depends upon the security of its cryptographic keys. Every transaction executed through a blockchain process requires a new set of one-time keys. Chain uses the Thales nShield HSM to generate and secure these critical keys. With unique customer needs in mind, Chain developed the Chain Key Derivation algorithm using Thales CodeSafe technology. This provides the unique capability to move sensitive applications within the protected perimeter of the FIPS 140-2 level 3 nShield HSM. Additionally, the solution incorporates robust cryptographic techniques, which securely and efficiently generate temporary one-time keys for each transaction.

Currently, blockchain-based systems typically rely on “cyberwallets” to store digital keys for blockchains. But because those keys typically reside on software servers, they can become vulnerable to network breaches of the kind that have occurred on cryptocurrency exchanges in recent years. The solution makes it extremely difficult if not impossible for digital keys to be misappropriated because they are stored in physical isolation from IT networks and are architected with highly sophisticated, deterministic security mechanisms. In addition, the platform need only be installed once, allowing companies to secure each of their blockchain applications using the same solution – regardless of which blockchain software or application they use – versus crafting a code interface for each solution.

Contact Us