In this post we highlight the benefits of multi-signature wallets and applying the CCSS to the design and management of a multi-sig wallet.
What is a Multi-Sig Wallet?
When conducting a transaction on a blockchain, the transaction is signed by the initiator of the transaction with their private key. The signed transaction is then validated by the blockchain’s validators which involves a process where the initiators public key is used to ensure the correct private key was used to sign the transaction.
The bulk of blockchain transactions are signed by one initiator. For example, Bob sends Mary some Bitcoin from his wallet to Mary’s wallet. For the transaction to succeed Bob must sign the transaction with his private key.
For organisations that have crypto assets, such as cryptocurrency and NFTs, trusting one person to sign all transactions may be too risky especially if the crypto assets combined value can be in the millions.
The main risks involved where one person can sign transactions involve:
- Fraud by the signer
- Criminals gaining access to the private key such as a phishing attack
- Loss of the password to the wallet containing the private key
To reduce the risks above organisations can implement a type of wallet that is configured to required more than one initiator to sign the transaction. This type of wallet is called a multi-signature wallet (multi-sig).
Why Use a Multi-Sig Wallet?
The goal of a multi-sig wallet is to remove the risk of only having one signer for a transaction.
With a multi-sig wallet there is generally a requirement to have at least 2 signers for each transaction but depending on the value of the transaction the required number of signers could be more.
Another major benefit of a multi-sig wallet is that most support a M-of-N configuration. This means that an organisation can have for example 4 authorised signers for a transaction however only 3 are required to sign the transaction. The M-of-N approach to signing transaction addresses risks such as one or more signers cannot be reached for a signing process, or one of the signers has their key(s) or their themselves compromised. It is a lot harder to compromise all the authorised signers than just one via a phishing attack.
Implementing Multi-Sig Wallets
To support the requirement to have more than one signer (private key) for a transaction additional code is required that contains the logic for supporting more than one private key used for a transaction. In the case of Bitcoin, a script is required which defines the logic required to support multi-sig. For Ethereum a smart contract is generally used.
An Example of a Multi-Sig Wallet
In the example below the cryptocurrency is Ethereum and the multi-sig wallet is provided by Gnosis Safe which is a smart contract based multi-sig wallet that supports M-of-N transaction signing. The Gnosis Safe wallet in this example has a 2-of-3 signers required for signing a transaction. For this transaction Susie and Bob have signed the transaction using the smart contract code provided by Gnosis Safe to pay a supplier.
The Gnosis Safe wallet has its own Ethereum address which manages the ETH funds for the organization. A transaction is initiated by one of the authorized signers (Susie, Bob, Mary) in the Gnosis Safe UI to pay the supplier. The Gnosis Safe wallet then alerts all the authorized signers of the transaction stating how many more signers are required to sign the transaction. In this case the initiator of the transaction was one of the signers so only an additional signer is required. Once two signers have signed the transaction the Gnosis Safe wallet smart contract then broadcasts the transaction to the Ethereum Network for the transaction to be validated and the funds then end up in the supplier’s wallet.
Using the Gnosis Safe wallet as an example we can review the specifications of the wallet with the CCSS standard to see if the wallet conforms with the standards requirements.
Why is this necessary?
By applying a security standard to the people, process, and technology of a system the risk of compromise of the system can be greatly reduced and provides the ability for external parties to understand the security controls in-place and ensure they are configured and implemented to industry best practice. Soon, CCSSAs (Crypto Currency Security Standard Auditors) will be able to audit these implementations. But it’s important to also consider the CCSS as only one part of a robust cybersecurity framework and use other standards to support it.
CCSS is a new standard and uptake on the use of the standard to evaluate a system providing crypto wallet functions is hard to understand as there are no official list of entities who are compliant with CCSS. However, the list of required controls in the CCSS standard appears to be well thought through and complements the base-line information management security standards. The current CCSS steering committee members include a who’s-who of key influencers in the crypto space so the standard does come with pedigree.
Need More Help?
We can help you understand the best practices for wallet management and security. We can also help you demonstrate your PCI DSS compliance. Contact us for more information.