Fireblocks
Fireblocks is a digital asset and custody infrastructure provider. With Fireblocks, banks and financial services providers can offer digital asset services without having to reinvent the wheel and implement their own software. Features include digital custody, wallets, and tokenization. Fireblocks connects to many popular public blockchains. Using the Fireblocks web interface, users can manage their digital assets and initiate, approve, and receive transactions.
Securing Digital Wallets
In crypto currencies and other distributed ledger systems every asset is owned by a wallet. This wallet is linked to a public-private key pair. Using the public key pair, others can send money to the wallet. The private key needs to be stored securely, as it can be used to send money from this wallet. This means that the human owner must keep the private key confidential but also available.
In the early days of crypto currency, users had to manage the private key themselves. This can be done using seed phrases printed on paper, hardware wallets in form of small devices, or software wallets installed on a phone or computer. These self-custody solutions pose a high burden on the human users. For non-technical people who simply want to trade digital assets, it is a high barrier of entry.
Digital custody offers a solution: a custodian manages the wallets on behalf of the user. If the user forgets their password, the custodian can use recovery processes to identify the user and grant them access again. Many crypto currency exchanges offered such custody services.
The problem with digital custody is that it is a central point that can be attacked. Therefore, the digital custody platform needs to provide the highest security for protecting the wallet keys, to prevent malicious transactions being signed and money being lost.
By default, Fireblocks uses Multi-Party Computation (MPC) to split the wallet keys across multiple Intel SGX enclaves hosted in multiple different public clouds. Together these "Co-Signers" can reconstruct the wallet key to sign blockchain transactions. Optionally, customers can host their own co-signers.
Fireblocks Key Link
As an alternative to splitting the wallet keys via MPC, Fireblocks Key Link allows customers to connect their existing Hardware Security Module (HSM) or Key Management System (KMS) solutions to Fireblocks. This has multiple advantages over MPC:
- Reusability: If you already have an HSM or KMS, you can use it for Fireblocks, too. This allows you to reuse your existing key management processes, backup procedures, risk assessments, and threat models.
- Tamper-protection: Intel SGX has a history of vulnerabilities. HSMs on the other hand are specifically designed for secure key storage, and they provide strong, certified tamper-protection.
- Full ownership: With on-premise HSMs, you have full ownership and control over the hardware that stores your wallet keys. You don't have to trust cloud providers to keep their hardware secure.
- Regulatory compliance: Banks or a financial services providers may be required by regulators to use HSMs.
Benefits of Primus HSM
Primus HSM offers the following features that make it a great fit for usage with Fireblocks Key Link:
- High performance: Primus HSM natively supports many blockchain algorithms. In clustered environments, it can handle hundreds of thousands of signatures per second.
- Certification: Primus HSM is FIPS 140-2 Level 3 and Common Criteria EAL4+ certified.
- Multi-authorization: For additional security, protect access to the signing keys with fine-grained multi-authorization policies provided by Smart Key Attributes (SKA).
Getting Started
- Read the How It Works guide to learn about the concepts and different deployment architectures.
- Follow the installation guide to learn how to install the Securosys Custom Server and how to connect it with your Fireblocks workspace.