The countdown to the release of our Buyer’s Guide: Stablecoin Payment Infrastructure is underway (register your interest to purchase a subscription), and we’re continuing our series on the technical side of stablecoin payments with a further look at wallets – this time focusing on security.
As we explored last week, wallets form a critical part of on-chain infrastructure, with a variety of roles to play in the movement of money depending on how they are configured. However, they can also be a target for bad actors, so it is essential that they are properly secured in the process.
This is achieved through the use of private digital ‘keys’ that are used to ‘sign’ transactions to authorise them. A wallet’s private key has to be used if money is to be moved out of it or it is otherwise managed, stopping those without the key from gaining access. However, this risks the key serving as a single point of failure: if it is lost, it cannot be replaced or revoked, with no central point of authority to reset a password. If that happens, any money in the wallet is irretrievable.
Wallet security therefore focuses around balancing that risk while allowing access, with two main approaches on offer, known as HSM and MPC.
Hardware security modules (HSM), the less popular of the two, are physical devices that store and use keys securely as needed. Typically this sees them remaining in a secure, fixed area, providing high security and control, but making management more of a challenge, particularly for organisations operating across multiple locations.
By contrast, multi-party computation (MPC) is much more common for payments applications, and sees the key split into multiple shards that are held on different systems and by different users, and which are combined for the key to be used. There are also a variety of solutions to securely store these parts of the key, allowing it to be deployed as required.
While most payments-focused vendors take an MPC-based approach, how they provide this varies. Some will handle key custody and management themselves, following what is known as a custodial model, while others will provide non-custodial solutions, meaning their clients take responsibility for custody of parts or all of a wallet key, or even pass this responsibility on to their end users.
For companies exploring the space, the right approach is a matter of risk appetite. Giving another company responsibility for key custody reduces internal risk but increases counterparty risk, while retaining management themselves does the opposite. Smaller organisations and those with less onerous compliance requirements often opt for the former, while larger institutions sometimes favour the latter. In both cases, the security and reputation of the provider is critical, particularly if wallet provision is a critical central offering of their business.
Next week we’ll continue our series on stablecoin infrastructure ahead of the release of our Buyer’s Guide: Stablecoin Payments Infrastructure product. Register your interest to purchase a subscription if you are exploring how best to navigate stablecoin payments infrastructure for your business.
