Back
November 4, 2022
Kris Punia

Cryptoasset Custody

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.

Rooba.Finance provides best-of-breed digital asset management solutions by delivering the highest levels of security imperative for safeguarding multiple asset classes. 

Crypto wallets and keys

Crypto wallets are a prerequisite for accessing and using cryptoassets. They are the point of initiation as well as approval of all blockchain transactions. They do not, however, store users’ assets; in DeFi, cryptoassets (tokens/coins) are simply pieces of encrypted blockchain data corresponding to owned securitised assets, stored on distributed ledgers. Wallets merely enable users to manage their holdings. In order to access/send or receive funds (from wallets), users require private and public keys This model of cryptographic ciphering is known as asymmetric encryption. When private keys are stored on a device (or an application), the device/application becomes the wallet. 

Private keys unlock crypto wallets and authorise those in possession of them to manage cryptoassets (all transactions must be approved using private keys). Visually, they are algorithmically encrypted strings of alphanumeric characters (depicted below). Because they prove crypto ownership, crypto wallets function like bearer instruments - owners of private keys are de facto owners of linked assets. They are extremely difficult to remember and can be stolen or hacked. 

Public keys are cryptographic hashes (random alphanumerics with a set number of characters) created out of private keys. Public keys resemble traditional bank account numbers in terms of function; they are public-facing personal identification numbers associated with crypto wallets. In essence, public keys are wallet addresses which require a corresponding private key to access, send or receive funds. Hence, wallets are where transactions are initiated and digitally signed using private keys. From here, transactions are broadcast onto the network to be validated by miners/nodes.

Custodial and non-custodial wallets 

Wallets may either be custodial or non-custodial depending on where users’ private keys are stored. Users may choose to either manage their private keys themselves (self-custody) or entrust safekeeping responsibilities to providers of custody services. 

The need for custody solutions emerged with the growth of the digital asset space. Custodians provide asset security as well as ease of transacting. By abdicating guardianship obligations vis-a-vis private keys, users relieve themselves of the worries associated with keeping them secure. They simply login to the platform using corresponding PINs while transactions are signed by respective custodians using keys stored on their platforms. However, relying on external parties to safeguard private keys may cause users to be subjected to interruptions in services and possibly even, the loss of assets. Custody providers have been victims of hacking, which has resulted in the loss of user assets. Also, since custody providers are given access (and ownership) to user assets, private keys in their custody may be lost in case their platform fails. Users need not avoid them necessarily, but rather must exercise caution when choosing custody providers. 

Users may also opt for non-custodial wallets (self-custody) such as web-based wallets (which keep private keys on web-browsers for instance), or hardware and paper wallets. Those who prefer this mode of custody undertake the tremendous responsibility of securing their private keys; should a private key be lost, all assets associated with it are lost forever. Users who prefer this custody-technique must develop a set of reliable practices to protect private keys. Non-custodial wallets ensure user assets are not subject to censorship or confiscation, however, in exchange for this freedom, a tremendous amount of responsibility is placed on the holder of the private keys. 

Wallets may be termed as custodial only if users’ private keys have been entrusted to a custodian. If private keys are stored on a web-browser/mobile device secured via encryption techniques like multisig or mpc, the custody method is self-custody. 

New key-encryption techniques have now been developed to remove these lapses in security, as discussed in the next essay. 

Hot/Warm/Cold Wallets

Before a transaction is appended onto a blockchain, it must be digitally signed using a private key and be validated by a node. Crypto wallets are the point where transactions are initiated and also signed using private keys. They come in several variants. What sets them apart is immediacy of access as well as the level of security they provide. Wallets may be hot, warm or cold. 

Hot wallets

Hot wallets are perpetually connected to the internet. They are popular because they are usually free and are convenient to use. While they appeal to the public due to their advantages in accessibility, they are relatively more susceptible to theft in contrast to cold storage techniques since users’ private keys always remain online (custodial ). Wallets not making use of private-key encryption (eg multisig) store private keys in a single location, making them easier targets for hostile actors. Examples of hot wallets include web-based, desktop and mobile wallets.

Warm wallets are functionally the same as hot wallets. Fundamentally, the main point of difference between them is that warm wallets necessitate human involvement to sign transactions in the form of a sort of two-factor authentication technique. 

Cold wallets

Cold wallets are devices or applications which store private keys offline. Keys are stored on The premise of cold digital wallets is that private keys reside on a platform that cannot communicate with other devices (internet etc), thereby protecting the wallet from unauthorized access, cyber hacks, and other vulnerabilities that hot wallets are susceptible to. This method is more secure than hot wallets but is less convenient and slower. USB devices, paper wallets, secondary offline computers are all examples of cold storage options. 

By tweaking our role-based access control and threshold requirements for signatures, we are able to recharacterise the same wallet as hot, warm or cold. Therefore, we have an extremely scalable custody solution which does not require multiple deployments.  - rooba

Hardware wallets are a cold wallet-variant in the form of a programmed USB device which holds users’ private keys. Initiated transactions must be moved from an online wallet to an offline one (hardware wallet) in order to be digitally signed (approved using private key). It is then retrieved back onto an online device to be transmitted onto the distributed ledger network. Since the private keys have no contact with online servers during the signing process, hackers cannot decode the transaction to reveal the private keys used. Similarly, malicious entities or malware present on a device such as a pc will not have access to the keys/assets and will therefore be unable to sign transactions. If the platform containing private keys is online, it is hot. 

To steal from a hardware wallet, a thief must have physical possession of the cold wallet, along with possible passwords or pins. Even when hardware wallets are plugged into other devices or connected to various networks, it is nearly impossible to access user assets since the signing of transactions is done in-device. However, while private keys remain secure within the Hardware Security Modules (HSMs) of such devices, applications interacting with the HSMs may be malevolent. Hence, it is paramount to ensure a safe environment to facilitate this interaction. 

Hardware wallets are less convenient than hot wallets and also cost more. While considered to be highly secure, these methods are being replaced by reputable secure storage options made available by custody providers. Also, while cold storage options prevent loss of private keys, in case storage device is lost, private keys are lost too. 

Conclusion

Limiting access to private keys is paramount, particularly given that most transactions, depending on the type of Distributed Ledger Technology (DLT) used, are likely irreversible. Entities are said to be in custody of users’ digital assets if they hold their private keys on their behalf.

The growing interest of institutional investors in the crypto space has established the need for institutional crypto custody solutions. Custody solutions are one of the latest innovations to come out of the cryptocurrency ecosystem and have been expected to herald the entry of institutional capital into the industry. 

Each crypto wallet can be used for a specific purpose, but users may opt for combinations of different wallets to be used simultaneously. Given how every type of wallet offers some advantages over its counterparts, a trade-off between benefits (security and speed) on offer is inevitable when opting for either type over another. Therefore, a combination of cold and hot wallets is usually ideal, allowing users to choose and tweak the combination which suits them best. Users can maximise security by holding a small portion of cryptoassets in a hot wallet, ready to be traded, while keeping the major portion of assets in cold storage, offline.