Tops Tips to Secure Blockchain Operations

November 9, 2022
Article

It’s no surprise that the Pentagon believes they can use blockchain to improve security across the U.S. military, preventing mega hacks, tampering, and cyber-hijackings of vehicles, aircraft, or satellites. Yet, the more secure and decentralized a blockchain is, the slower and more difficult it is to scale.

A blockchain is a series of records or ‘blocks’ of data presented in hash functions with timestamps. So that data cannot be changed or tampered with, the hash codes serve as a unique fingerprint that identify the current and previous ‘block’ creating the ‘chain’. As the previous codes must be replicated, blocks cannot be overwritten. Data manipulation is extremely impractical, especially when the chains get exponentially long—slumping the network speed.

Layer two solutions are ways to increase the throughput to a layer one chain. The second layer handles transaction load away from the main chain it supports. Then it feeds verifiable data through to that main chain for finalization and integration of transaction records. But how do you ensure its security?

1. Get encrypted: AES vs. RSA

If you are a lucrative target for hackers with highly sensitive information and a vast supply of energy, RSA—an acronym for its three inventors Rivest, Shamir, and Adelman—is the encryption method for you. 

RSA uses an asymmetric key model rather than a symmetric one, meaning a different key encrypts and decrypts the data. This requires a significant amount of computing power. For this reason, it is not suitable for applications where performance and speed are critical.

The U.S. National Institute of Standards and Technology chose Advanced Encryption Standard (AES) as the industry benchmark for its multiple layers of security. It’s a symmetric solution that divides the data, expands keys, substitutes bytes, shifts rows, mixes columns, and repeats the previous steps at least ten times to create a new encrypted key. 

Unless you have the original key, AES is remarkably safe—when implemented right. It would take billions of years even for organizations with tons of computing power, such as the National Security Agency, to hack. The crucial element is to ensure the attacker has absolutely zero way of linking the known public key to the corresponding secret private key, something we take extremely seriously.

2. Lock up the private key with pins and vaults

Imagine your company needs to secure its vault's passcode. While AES encrypts the data, having one key holder is impractical and risky. The key could be compromised, or the keeper could use it to their benefit. 

This is where the Shamir Secret Sharing (SSS) algorithm comes into play. It can be used to share the vault's passcode and generate a certain number of shares, where each are then allocated to associated executives within your organization. 

When the shares are assigned to several executives, you can only unlock the vault if you combine more than the threshold. If a small number of shares were compromised, they could not be used to find the passcode unless the other authorized individuals (executives) cooperated.

At Venly, to protect our customers’ wallets, we take the AES 128-bit encrypted password and split it into three parts using SSS. The part that belongs to the user is then encrypted, again, with AES, using the user’s pin code. All three parts are then stored in a vault where they are encrypted for a final time.

Access Control Lists (ACLs) manage access on the application and infrastructure level to provide strict control over who can access the vaults, what part of the key, and which permission they have. While the user’s private key allows access to vaults, a hacker would still require a pin to access the user’s assets.

Blockchain is inherently built for increased security. With copies of the data in all users' hands, the distributed and decentralized nature of the network makes a successful attack mathematically impossible. Even if hackers had a billion years to crack the AES algorithm, unless every user was in on the attack, you can verify the integrity of the transactions and associated account balances. And with a select number of executives or key holders with stakes in the vault, you would still need them all to turn against you to break the SSS encryption. 

Let us support you to layer your encryption and divide the keys among those with a stake in keeping it safe.

🤓 Read our blog for more blockchain security-related news.

🎧 Listen to Venly Expert Talks if you like audio content.

It’s no surprise that the Pentagon believes they can use blockchain to improve security across the U.S. military, preventing mega hacks, tampering, and cyber-hijackings of vehicles, aircraft, or satellites. Yet, the more secure and decentralized a blockchain is, the slower and more difficult it is to scale.

A blockchain is a series of records or ‘blocks’ of data presented in hash functions with timestamps. So that data cannot be changed or tampered with, the hash codes serve as a unique fingerprint that identify the current and previous ‘block’ creating the ‘chain’. As the previous codes must be replicated, blocks cannot be overwritten. Data manipulation is extremely impractical, especially when the chains get exponentially long—slumping the network speed.

Layer two solutions are ways to increase the throughput to a layer one chain. The second layer handles transaction load away from the main chain it supports. Then it feeds verifiable data through to that main chain for finalization and integration of transaction records. But how do you ensure its security?

1. Get encrypted: AES vs. RSA

If you are a lucrative target for hackers with highly sensitive information and a vast supply of energy, RSA—an acronym for its three inventors Rivest, Shamir, and Adelman—is the encryption method for you. 

RSA uses an asymmetric key model rather than a symmetric one, meaning a different key encrypts and decrypts the data. This requires a significant amount of computing power. For this reason, it is not suitable for applications where performance and speed are critical.

The U.S. National Institute of Standards and Technology chose Advanced Encryption Standard (AES) as the industry benchmark for its multiple layers of security. It’s a symmetric solution that divides the data, expands keys, substitutes bytes, shifts rows, mixes columns, and repeats the previous steps at least ten times to create a new encrypted key. 

Unless you have the original key, AES is remarkably safe—when implemented right. It would take billions of years even for organizations with tons of computing power, such as the National Security Agency, to hack. The crucial element is to ensure the attacker has absolutely zero way of linking the known public key to the corresponding secret private key, something we take extremely seriously.

2. Lock up the private key with pins and vaults

Imagine your company needs to secure its vault's passcode. While AES encrypts the data, having one key holder is impractical and risky. The key could be compromised, or the keeper could use it to their benefit. 

This is where the Shamir Secret Sharing (SSS) algorithm comes into play. It can be used to share the vault's passcode and generate a certain number of shares, where each are then allocated to associated executives within your organization. 

When the shares are assigned to several executives, you can only unlock the vault if you combine more than the threshold. If a small number of shares were compromised, they could not be used to find the passcode unless the other authorized individuals (executives) cooperated.

At Venly, to protect our customers’ wallets, we take the AES 128-bit encrypted password and split it into three parts using SSS. The part that belongs to the user is then encrypted, again, with AES, using the user’s pin code. All three parts are then stored in a vault where they are encrypted for a final time.

Access Control Lists (ACLs) manage access on the application and infrastructure level to provide strict control over who can access the vaults, what part of the key, and which permission they have. While the user’s private key allows access to vaults, a hacker would still require a pin to access the user’s assets.

Blockchain is inherently built for increased security. With copies of the data in all users' hands, the distributed and decentralized nature of the network makes a successful attack mathematically impossible. Even if hackers had a billion years to crack the AES algorithm, unless every user was in on the attack, you can verify the integrity of the transactions and associated account balances. And with a select number of executives or key holders with stakes in the vault, you would still need them all to turn against you to break the SSS encryption. 

Let us support you to layer your encryption and divide the keys among those with a stake in keeping it safe.

🤓 Read our blog for more blockchain security-related news.

🎧 Listen to Venly Expert Talks if you like audio content.

Read our latest insights

Stripe chooses Venly to onramp users to Web3
Stripe chooses Venly to onramp users to Web3
December 1, 2022
We are proud to announce that we have been selected as one of sixteen companies to take part in Stripe’s crypto onramp pilot program.
Read more
Tops Tips to Secure Blockchain Operations
Tops Tips to Secure Blockchain Operations
November 9, 2022
Blockchain is inherently built for increased security but there are extra steps you can take to make sure everything stays right where it should.
Read more
How to Sell NFTs From Your Shopify Store
How to Sell NFTs From Your Shopify Store
October 31, 2022
In 2021, Shopify allowed its users to sell NFTs through its seamless end-to-end e-commerce platform. And now, anyone with our app can sell NFTs!
Read more