Tops Tips to Secure Blockchain Operations
It’s no surprise that the Pentagon believes they can use blockchain to improve security across the U.S. military, preventing mega hacks, tampering, and cyber-hijackings of vehicles, aircraft, or satellites. Yet, the more secure and decentralized a blockchain is, the slower and more difficult it is to scale.
A blockchain is a series of records or ‘blocks’ of data presented in hash functions with timestamps. So that data cannot be changed or tampered with, the hash codes serve as a unique fingerprint that identify the current and previous ‘block’ creating the ‘chain’. As the previous codes must be replicated, blocks cannot be overwritten. Data manipulation is extremely impractical, especially when the chains get exponentially long—slumping the network speed.
Layer two solutions are ways to increase the throughput to a layer one chain. The second layer handles transaction load away from the main chain it supports. Then it feeds verifiable data through to that main chain for finalization and integration of transaction records. But how do you ensure its security?
1. Get encrypted: AES vs. RSA
If you are a lucrative target for hackers with highly sensitive information and a vast supply of energy, RSA—an acronym for its three inventors Rivest, Shamir, and Adelman—is the encryption method for you.
RSA uses an asymmetric key model rather than a symmetric one, meaning a different key encrypts and decrypts the data. This requires a significant amount of computing power. For this reason, it is not suitable for applications where performance and speed are critical.
The U.S. National Institute of Standards and Technology chose Advanced Encryption Standard (AES) as the industry benchmark for its multiple layers of security. It’s a symmetric solution that divides the data, expands keys, substitutes bytes, shifts rows, mixes columns, and repeats the previous steps at least ten times to create a new encrypted key.
Unless you have the original key, AES is remarkably safe—when implemented right. It would take billions of years even for organizations with tons of computing power, such as the National Security Agency, to hack. The crucial element is to ensure the attacker has absolutely zero way of linking the known public key to the corresponding secret private key, something we take extremely seriously.
2. Lock up the private key with pins and vaults
Imagine your company needs to secure its vault's passcode. While AES encrypts the data, having one key holder is impractical and risky. The key could be compromised, or the keeper could use it to their benefit.
This is where the Shamir Secret Sharing (SSS) algorithm comes into play. It can be used to share the vault's passcode and generate a certain number of shares, where each are then allocated to associated executives within your organization.
When the shares are assigned to several executives, you can only unlock the vault if you combine more than the threshold. If a small number of shares were compromised, they could not be used to find the passcode unless the other authorized individuals (executives) cooperated.
At Venly, to protect our customers’ wallets, we take the AES 128-bit encrypted password and split it into three parts using SSS. The part that belongs to the user is then encrypted, again, with AES, using the user’s pin code. All three parts are then stored in a vault where they are encrypted for a final time.
Access Control Lists (ACLs) manage access on the application and infrastructure level to provide strict control over who can access the vaults, what part of the key, and which permission they have. While the user’s private key allows access to vaults, a hacker would still require a pin to access the user’s assets.
Blockchain is inherently built for increased security. With copies of the data in all users' hands, the distributed and decentralized nature of the network makes a successful attack mathematically impossible. Even if hackers had a billion years to crack the AES algorithm, unless every user was in on the attack, you can verify the integrity of the transactions and associated account balances. And with a select number of executives or key holders with stakes in the vault, you would still need them all to turn against you to break the SSS encryption.
Let us support you to layer your encryption and divide the keys among those with a stake in keeping it safe.
🤓 Read our blog for more blockchain security-related news.
🎧 Listen to Venly Expert Talks if you like audio content.