We are witnessing the rapid rise of blockchain technologies in many sectors: banks, transportation, automotive, public sector, etc. Blockchain appears often as the universal panacea and the remedy to many problems.
Some examples of this are fighting against fraud and counterfeiting and providing trust in a digital economy. For this, blockchain technologies rely entirely on cryptographic operations like hashing and signatures. To the difference with banks, blockchain makes relatively small use of symmetric cryptography (3-DES, AES, etc.)
In this article, we examine why HSMs matter to blockchains and why blockchain systems cannot really afford not to use them anymore.
The Danger of Not Using HSMs with the Blockchain: Example Case with Public Cryptocurrencies
Since there is no norm for blockchains, it is impossible in principle to rule out any sort of cryptographic system or algorithm. However, blockchains are always based on a variant of the ‘initial’ blockchain system developed by the Bitcoin cryptocurrency.
Blockchain per se is not using PKI. However, its operation mode is not so different. It is believed that PKI and Blockchain may eventually fuse in the near future.
For instance, in the Bitcoin architecture, which is a public blockchain, users are provided with their own key pairs. The algorithm used is ECDSA (Elliptic Curve Digital Signature Algorithm) and the private keys are always 256 bits long.
In Bitcoin, it’s up to each user to generate a key and register to the Bitcoin. Once the registration is done, the user is given a unique SHA-256 hash that acts as an ID for his/her account.
Without using an HSM (or any equivalent device), the protocol is clearly incredibly insecure. For example, anyone can offer software or online services for key creation with poorly designed random number generators.
Since the Bitcoin system (and most of the other public cryptocurrencies and token systems) is entirely anonymous, ownership of private keys equals ownership of the account (and of the corresponding amount of crypto money). There is no possibility in the ‘raw’ Bitcoin system to use passports or any credentials to restore or block bitcoin funds. Therefore, any user using a computer or any unprotected electronic device to store his/her private key is using Bitcoin insecurely. This is true for any blockchain system.
In general, Bitcoin users and crypto token users can register to third-party financial services who will generate keys on their behalf. Yet, the third party service has to securely generate and store the keys. With millions of wallets managed, serious and professional companies must use HSMs in combination with being compliant with norms such as the ANSI X9.24-1-2017, such as shared secrets, secure cryptographic devices, etc., for instance
However, many cryptocurrency exchange online wallets are still not using such systems and may simply store the keys inside USB sticks that are stored in bank vaults, which is insecure as well.
Regardless of this ‘cold storage’, the online wallets must keep a copy of the private keys so that they can use them for spending the bitcoins, e.g., signing the transactions during the blockchain operations. Bitcoins are stored in the blockchain itself and associated with the hash of a given ECDSA private key.
If the hash or signature operation is done purely in software-based systems, there then is a great risk that the keys may be intercepted, tampered with, have their destination address replaced, and that the amount is fraudulently modified. Badly managed keys can also be damaged or lost.
To illustrate these risks we state the following facts:
- About 20% of all bitcoins in the world are believed to be lost (private keys are lost). One estimate is that they would have a market value of around $20 billion at July 2018 prices;
- As of December 2017, around 980,000 bitcoins have been stolen from cryptocurrency exchanges. This is mostly from stealing the corresponding private keys;
- 45,000 ETHERS (the equivalent value of several million dollars) have been stolen by attackers that could guess badly generated Ethereum keys;
- There are many records of major thefts in exchange companies where attackers were insiders and stole thousands of unprotected private keys just by copying them over USB devices.
HSM and Permissioned Blockchains
Permissioned blockchains are ‘just starting’ when compared to cryptocurrencies that have already been active for over a decade.
Their design is more business-oriented, yet they bear the same weaknesses of their public counterparts if HSMs are not used.
Corda Notary HSM support
In Corda, notaries nodes that act as critical trusted authorities for timestamping and/or consensus use three private keys that must be ideally stored inside HSMs:
- The distributed notary identity (shared between notaries) used for ‘notarization’ operations (e.g., signing transactions, etc.);
- The node certificate authority used for CA generation purposes and for TLS (messaging);
Corda supports the Utimaco SecurityServer Se Gen2 for storing the legal identity keys of nodes.
Hyperledger & HSMs
Hyperledger fabric supports HSMs.
When creating a blockchain network, keys can be generated inside an HSM using PKCS#11. HSMs are used to store Hyperledger Admin Certificate Authority (CA), Peer, and Orderer private keys as well.
Please refer to “The Key Role of HSMs in Secure Permissioned Blockchains for Banking and Payment Services” for a further explanation of why HSMs are important to permissioned blockchains.
Not using HSM in a permissioned blockchain can result in the same damage that may occur with public cryptocurrencies, including stolen account keys being stolen or easily guessed. The security of the private keys guarantees the security of blockchain operations that are heavily dependent on asymmetric cryptography.
References and Further Reading
- Learn more about Utimaco's HSMs for blockchains
- More articles on blockchains in automotive (2019 - today), by Martin Rupp, Priyank Kumar, Ulrich Scholten, Asim Mehmood, Dawn M. Turner and more
- More articles on permissioned blockchains in banking (2018 - today), by Martin Rupp, Priyank Kumar, Ulrich Scholten, Asim Mehmood, Dawn M. Turner and more
- More articles on HSMs (2018 - today) by Terry Anton, Dawn M. Turner and more
Blog post by Martin Rupp, Priyank Kumar and Dr. Ulrich Scholten