Security and Compliance
Provide Peace of Mind
Eniblock understands the paramount importance of wallet security in safeguarding users' valuable assets. We are acutely aware of the historical security breaches that have plagued wallets, resulting in significant financial losses for individuals. In response, Eniblock has implemented state-of-the-art technological countermeasures to provide the highest level of protection for our users. In the following text, we will delve into the various layers of security we have implemented to ensure the utmost safety of your assets. However, before we explore these security measures, let us briefly recall the dark history of wallet breaches that has motivated our commitment to delivering the most secure wallet solution.
The Dark History of Wallets
The world of wallets has witnessed its fair share of dark moments, resulting in substantial financial losses. These incidents serve as stark reminders of the vulnerabilities present in wallet technology and the risks associated with relying on single points of failure.
In 2023, a noncustodial wallet, fell victim to a major exploit orchestrated by the infamous hacking group, Lazarus Group. This attack led to a staggering $100 million loss, affecting around 5,500 crypto wallets. Efforts to recover the stolen funds are underway.
A popular hardware wallet faced its own challenges in 2023 and 2022. Unciphered, a company specializing in cryptocurrency recovery, discovered an unpatchable hardware vulnerability, exposing the seed phrase and PIN. In another incident, a hacker named Joe Grand successfully cracked another hardware wallet containing over $2 million. These exploits expose the vulnerability of hardware wallets, highlighting the critical risks associated with relying on single points of failure.
In 2022, another self-custodial wallet suffered a breach affecting more than 10,000 wallets due to a bug. Mnemonic phrases and private keys were logged back to the server, a clear violation of security protocols. Such sensitive information should have never left the users' devices.
In 2018, the Parity Multi-Sig Wallet hacks shook the cryptocurrency world, resulting in $400 million worth of Ethers of loss. The vulnerabilities exploited were related to unprotected solidity functions and the destruction of a smart contract, causing significant asset freezes (cf. Parity Postmortem post).
These incidents serve as a grim reminder of the critical importance of security in the wallet ecosystem. As technology evolves, it becomes imperative to address vulnerabilities, embrace continuous improvement, and adopt robust security measures. Eniblock Wallet stands committed to learning from past mistakes and ensuring a trustable and secure future for its users.
Towards SPOF-less Wallets
The history of wallet breaches and vulnerabilities underscores the crucial importance of eliminating single points of failure (SPOFs) in wallet architecture. The numerous incidents of exploited hardware wallets, compromised firmware, and exposed private keys serve as stark reminders of the risks associated with relying on a single point of vulnerability.
Eniblock recognizes the significance of mitigating SPOFs and has developed an architecture that prioritizes security and resilience. Eniblock Wallet goes beyond conventional solutions by incorporating cutting-edge technologies and security measures.
By combining technologies such as Threshold Signature Scheme, Shamir Secret Sharing, Hardware Security Modules, proactive security measures, account abstraction, end-to-end encryption and robust disaster recovery protocols, Eniblock Wallet delivers a comprehensive solution that prioritizes the protection and control of users' digital assets. Each of these technologies is described in the following.
Threshold Signature Scheme: Key-Less, SPOF-Less Signature
Threshold Signature Scheme (TSS) is a cryptographic protocol that has a longstanding history and has recently been adapted to the elliptic curves commonly utilized by blockchains, thereby revolutionizing the security of digital wallets.
The core strength of TSS lies in its ability to distribute private key fragments among a predefined group of participants that produce a signature without reconstructing the private key at any time.
Here's how it works: Rather than relying on a single entity to safeguard the entire private key, TSS divides the key into shares, with each participant holding a unique fragment. To generate a digital signature, a threshold number of participants must collaborate, combining their shares to create a collective signature.
This decentralization eliminates the dependence on a single entity to safeguard the complete private key, thereby significantly reducing the risk of a single point of failure (i.e. SPOF). Unlike other MPC protocols, the SPOF is not only avoided at rest - while the secrets are stored on persistent data storages - but also at run, when the signature is produced.
Eniblock Wallet leverages TSS technology to enhance the security of blockchain accounts. The TSS implementation involves generating two secret shares for each blockchain account: a client share and a server share.
The client share is created on the client side, such as a browser on a smartphone or laptop. This share can be stored securely in various ways, such as on a cloud storage location accessible only to the user, on the user's device, or even as a QR code. By design, only the client possesses the client share, ensuring that Eniblock Network is unable to interact with users' wallets directly.
On the other hand, the server share is generated on the server side within Eniblock Network. This share is stored within a network infrastructure composed of multiple servers, enhancing the redundancy and resilience of the system.
By utilizing TSS, Eniblock Wallet achieves a high level of security by distributing the responsibility of generating signatures between the client and the server. This ensures that no single entity has full control over the secret key, mitigating the risks associated with a centralized approach.
Shamir Secret Sharing: Resilient Key Infrastructure
Shamir's Secret Sharing is a cryptographic technique that allows a secret to be divided into multiple shards and distributed among different participants. Developed by Adi Shamir in 1979, this method ensures that the secret remains secure even if some shares are compromised or lost.
Here's how it works: Imagine there is a secret that needs to be kept safe. Shamir's Secret Sharing transforms this secret into a mathematical equation. Each participant receives a unique piece, called a shard, which is like a random value generated by the equation.
To reveal the secret, a minimum number of shards is needed. Participants gather and combine their shards, using math to piece together the original equation. By extracting a special value from the equation, which represents the secret, the original information is reconstructed.
The strength of Shamir's Secret Sharing lies in its security. Even if some shares are compromised, they reveal no information about the secret. The minimum threshold requirement ensures that multiple participants must collaborate to reconstruct the secret, preventing unauthorized access to the information.
Many Wallets uses SSS to secure the private key. However, this approach leads to a single point of failure: the private key that has been reconstructed on the user's device.
Eniblock Network employs the SSS protocol to enhance the security and resilience of its infrastructure. The server share is split into multiple shards using SSS, and each shard is securely stored on encrypted databases hosted on different servers. This distribution of shards ensures that the server share remains protected even if individual servers are compromised.
In the event of a malfunctioning server, the SSS protocol plays a crucial role in maintaining the system's integrity. With SSS, the infrastructure is capable of reconstructing the server share by retrieving enough shards from the functioning servers. This resilience feature ensures that the system remains operational and the data can be restored, even in challenging circumstances.
The utilization of SSS within Eniblock Network's setup provides a high level of security by distributing the server share and protecting it with encryption. Moreover, the SSS protocol contributes to the system's resilience, ensuring that the infrastructure can adapt to server failures and continue to operate effectively. These measures collectively reinforce the reliability and robustness of Eniblock Network's infrastructure.
Reshare: Proactive Security
Key rotation is a fundamental practice in security that plays a crucial role in safeguarding sensitive information. By regularly rotating keys, organizations ensure that their cryptographic keys are regularly refreshed and prevent the long-term exposure of a single key.
The importance of key rotation lies in minimizing the impact of a potential compromise. Even with strong security measures in place, the risk of a key being compromised cannot be entirely eliminated. However, by implementing key rotation, the exposure time of any compromised key is significantly reduced.
Regularly rotating keys helps mitigate the impact of attacks such as unauthorized access, data breaches, or cryptographic vulnerabilities. It ensures that compromised keys become obsolete, as new keys are generated and put into use. This practice enhances the overall security posture and reduces the likelihood of adversaries gaining prolonged access to sensitive information.
Eniblock Wallet prioritizes proactive security measures by periodically resharing the Threshold Signature Scheme (TSS) shares associated with users' blockchain accounts. Through periodic resharing, Eniblock SDK and Eniblock Network generate collaboratively new TSS shares corresponding to the same blockchain account. This process involves reconfiguring the shares, effectively refreshing the cryptographic secrets and enhancing the overall security posture.
By implementing this proactive approach, Eniblock mitigates the risks associated with long-term exposure of TSS shares. It reduces the likelihood of successful attacks, as compromised or leaked shares become outdated and ineffective.
Hardware Security Modules: Data Encryption
In order to ensure an additional layer of security, the servers within Eniblock Network's infrastructure are fortified with Hardware Security Modules (HSMs). HSMs are specialized devices designed to securely store cryptographic keys and perform cryptographic operations.
HSMs provide tamper-resistant physical and logical safeguards, preventing unauthorized access to the server's cryptographic material. The HSMs utilized by our system at Eniblock Network adhere to the highest security standards. Our HSMs are FIPS 140 Level 2 certified, ensuring their compliance with the rigorous security requirements established by the Federal Information Processing Standards (FIPS). This level of certification covers key aspects such as physical security, role-based authentication, cryptographic key management, intrusion detection, self-tests, and a finite state model.
Secrets used in the TSS protocol (i.e. SSS shards of TSS shares), as well as other critical cryptographic components, are securely stored within the HSMs.
By employing HSMs and storing SSS shards on the servers, Eniblock Network safeguards against various attack vectors and enhances the overall security posture. The combination of TSS technology, which distributes the secret shares among clients and servers, and the utilization of HSMs and SSS for protection and reconstruction of the shares, creates a robust and resilient environment for Eniblock Wallet users. This comprehensive security approach demonstrates Eniblock's commitment to safeguarding the confidentiality and integrity of users' blockchain accounts, reinforcing trust in the platform's infrastructure.
Account Abstraction: Onchain Payment Policies
To enhance the security of user wallets and mitigate potential risks in the event of a wallet hack, Eniblock Wallet enables users to set up payment limits directly within their wallet's smart contract (i.e. Account Abstraction). These limits are enforced on-chain, meaning that the predefined restrictions are embedded within the blockchain network itself.
By implementing payment limits on-chain, users have granular control over the maximum amount of funds that can be transferred from their wallet within a specific timeframe. These limits are programmed directly into the smart contract governing the wallet, ensuring that any transaction exceeding the set limits is automatically rejected by the blockchain network.
To modify payment policies, users must undergo an additional layer of authentication as a safeguard against potential hackers who may gain unauthorized access to the wallet and attempt to modify the policies.
Enforcing payment limits on-chain adds an additional layer of protection, as it prevents unauthorized transactions from being executed even if the wallet is compromised. By embedding these limits within the smart contract, users can rest assured that their wallet's security is not solely reliant on external factors or centralized control. This approach empowers users to tailor their security measures according to their individual risk tolerance and financial requirements.
OAuth 2 Authentication
Eniblock's server implements the OAuth 2.0 framework, which ensures secure and standardized authentication for users of the decentralized application (dApp). OAuth 2.0 is a widely adopted protocol that enables delegated access to protected resources without the need to share credentials.
To access their wallet, users are required to provide a JSON Web Token (JWT) token that follows the format compatible with OAuth 2.0. This token serves as proof of authentication and authorization, granting users access to their specific resources and functionalities within the dApp.
OAuth 2.0 provides a secure and scalable authentication mechanism by leveraging access tokens and refresh tokens. The JWT token issued by your IAM contains the necessary claims and information required for authorization and identity verification. These tokens are digitally signed and can be easily validated by the server, ensuring the integrity and authenticity of user credentials.
Passkey: Biometric Authentication
Passkey technology, championed by the FIDO Alliance and recently embraced by industry leaders Apple and Google, revolutionizes the concept of passwords. By employing public-key cryptography, passkey enables passwordless logins. An authenticator generates a pair of cryptographic keys, where the public key is transmitted to the server for secure storage, while the private key remains protected on the user's device. During the login process, the server issues a challenge, which the private key solves by "signing" the data. Without accessing the actual key, the server verifies the response using the associated public key. Passkeys not only provide robust security but also offer a seamless and convenient user experience, mitigating the risks commonly associated with traditional passwords.
Biometric authentication, like Face ID or Touch ID on Apple platforms, enhances Passkey access security by requiring users to verify their unique biometric traits, such as their face or fingerprint. This additional layer of protection strengthens account security by ensuring that only authorized individuals can access accounts protected by Passkey.
Eniblock provides an additional, optional but recommended layer of security through the implementation of Passkey. When initiating a transaction, the user is prompted to authorize the use of their passkey, which serves as a verification mechanism. The passkey is used to authenticate the user's identity and validate their authorization to perform the transaction. By requiring the passkey at each transaction signing, Eniblock ensures that only individuals with the correct passkey can access and interact with the wallet, adding an extra level of security to safeguard user accounts and transactions.
TLS: End-to-End Encryption
Transport Layer Security (TLS) is the widely accepted and standardized protocol utilized to secure data transmitted over the Internet. It is imperative to strongly discourage the use of web services that operate without TLS. At Eniblock, we prioritize the security of our services by enforcing TLS for all communication. Whether the data being exchanged between Eniblock servers and user browsers is sensitive or not, it undergoes end-to-end encryption. This commitment extends to the 3rd-party services we offer to our end-users.
However, our security measures go beyond just user-facing encryption. We have implemented TLS for internal service communication as well. This means that the interactions between our servers and the internal applications are also encrypted using TLS. By implementing TLS throughout our infrastructure, even in the unlikely event of a breach in our servers, none of the sensitive data transmitted on the internal network is accessible in plain text.
The implementation of TLS serves as a crucial safeguard against man-in-the-middle attacks. It ensures that users who rely on Eniblock's services benefit from end-to-end protection, safeguarding their data throughout the entire communication process. By prioritizing the use of TLS, Eniblock reinforces its commitment to maintaining a secure environment for our users and their valuable information.
Zero Trust Architecture
Eniblock follows a zero trust architecture, which means that it operates under the principle of not trusting any service or device by default, regardless of their location or network. Zero trust architecture is a security approach that assumes nothing can be trusted within a network or system. It recognizes the increasing sophistication of hackers and the widespread use of connected devices, cloud applications, and IoT devices. In a zero trust architecture, every device, user, and application is considered a potential threat and must undergo continuous verification and authentication. The principle of "never trust, always verify" is applied, where even after authentication or authorization, access privileges are limited to the bare minimum required. This approach aims to stop potential security breaches by increasing visibility into internal traffic, applying user context, and implementing measures like micro-segmentation and granular perimeter enforcement. By doing so, it mitigates lateral movement and limits the impact of attacks within an organization, ensuring sensitive data remains protected.
Eniblock Wallet incorporates two recovery solutions to ensure that users can regain access to their funds and accounts in the event of a service-side disaster or the loss of the client secret share. The first involves a third-party, or the solution buyer itself, holding an emergency key to allow wallet export in the event of Eniblock's unavailability. The second utilizes social recovery technology, where users designate trusted guardians for wallet recovery. These solutions ensure secure access and asset protection in various disaster scenarios.
Emergency Key Exportation
Eniblock incorporates an "emergency mode" feature that allows for seamless transition in case of a disaster or when the business client decides to migrate the wallet solution. In this mode, users are prompted to export their private keys, enabling them to transfer their wallets to another self-custodial wallet.
Technically, when a wallet is generated, both a client share and a server share are created. The client has access to the client share, and Eniblock gives an encrypted version of the server share to the client. The corresponding decryption key is held by a designated third party, such as a notary or the the solution buyer itself. When the third party determines an emergency situation, they publish the decryption key on a public storage at a designated URL. Users' wallets continuously monitor this URL, and when an authentic decryption key is published, the emergency mode is activated. The decryption key is automatically downloaded, the server share is decrypted, and using the client and server shares, the wallets compute the corresponding private key. This private key can then be exported to other self-custodial wallets like Metamask or Trust Wallet.
It has to be emphasized that in order to migrate the wallet, the wallet owner has to give the access to its client share. In other words, the user still owns his wallet. The third party can only suggest the migration.
The platform's social recovery feature plays a key role in this process, allowing users to designate trusted individuals, known as guardians, who can assist in account recovery.
Operating on a consensus basis, the social recovery feature requires a specified threshold of guardians to agree on proposed changes to the owner address of the smart account. This collaborative approach ensures that no single guardian can unilaterally take control of the account. Instead, changes can only be authorized when the majority of the guardians reach a consensus.
To set up the social recovery feature, wallet owners can designate guardians by directly adding their wallet addresses or inputting their email addresses. Eniblock Wallet facilitates this process by sending personalized email invitations to potential guardians, who can then link their wallet addresses to the smart account through a dedicated web interface. If a potential guardian doesn't have a wallet, an Eniblock Wallet wallet can be generated in one click.
In the event of a disaster resulting in the termination of Eniblock Wallet's servers and services, or when a wallet owner loses their client secret share, the account recovery process can be initiated. The wallet owner creates a new wallet, generates a new address, and communicates it to the designated guardians. The guardians, in turn, update the owner address on the user's smart account through Eniblock's dedicated web interface. Once the required consensus is reached, the account recovery is successfully completed, enabling the wallet owner to access and manage their digital assets using the new wallet.
The combination of the social recovery feature and account abstraction technology provides a reliable and secure approach for Eniblock Wallet users to recover access to their accounts. By incorporating trusted guardians and a consensus-based approach, the recovery process is safeguarded against single-point failures and unauthorized access, ensuring users can regain control over their accounts even in challenging circumstances.
Security Audits & Compliance with Regulations
Non-Custodial: MiCA and PSAN Friendly
The rapid growth of digital assets has necessitated legal regulation in Europe. Two key pieces of legislation, the Markets in Crypto-Assets Regulation (MiCA) and the Payment Services and Electronic Money Regulation (PSAN), aim to create a comprehensive framework for the custody of digital assets. MiCA sets requirements for issuers, service providers, and custodians, including rules on AML and KYC. It also addresses customer fund protection, governance, and risk management. PSAN, an existing regulation, has been amended to include provisions for custody by payment service providers, such as segregated accounts and asset protection. Together, MiCA and PSAN establish a strong legal foundation for enterprise custody of digital assets, providing certainty and safeguarding customer assets. These regulations are crucial for the growth of the European digital asset industry.
Eniblock Wallet stands as a non-custodial solution enabled by the TSS (Threshold Signature Scheme) scheme. With Eniblock Wallet, users have complete control over their digital assets, as only they can initiate transactions. Eniblock does not have access to users' wallets or the ability to interact with their funds. This unique characteristic aligns Eniblock Wallet with the principles of MiCA and PSAN. It offers users a secure and compliant environment to manage their digital assets while upholding the principles of decentralization and user autonomy.
Comprehensive Pen Testing
As part of our commitment to ensuring the highest level of protection for our users' assets, we have conducted a comprehensive penetration testing (pen test) of the SDK code, APIs, and infrastructure to identify and mitigate any potential security vulnerabilities. During the pen test, our team of security experts simulated real-world attacks to identify any potential vulnerabilities in our system. This proactive approach allows us to address and resolve any security issues before they can be exploited by malicious actors. By conducting regular pen tests, we continuously assess and strengthen the security posture of our product. The testing process aligns with industry-standard security guidelines, including the OWASP Top 10 API Security Risks. This will ensure the robustness and security of the whole system, not just the SDK.
Audit of our Cryptographic Protocol
To ensure the highest level of security and reliability of our innovative cryptographic solution, we have conducted a thorough code audit, specifically focusing on the key generation, key derivation, and signature aspects that require specialized cryptographic expertise. This audit was performed by a trusted third-party with extensive experience in cryptographic technologies. By subjecting our codebase to this rigorous examination, we aimed to identify and address any potential vulnerabilities or weaknesses that could compromise the integrity of our cryptographic operations.
The code audit is an essential complement to our comprehensive pen test, as it delves into the intricacies of our cryptographic implementation. Our wallet service places a strong emphasis on protecting our users' digital assets, and cryptographic protocols lie at the core of this security.
Eniblock is fully compliant with the Second Payment Services Directive (PSD2) regulations, which aim to enhance the security of electronic payments and protect the rights of consumers. One of the key requirements of PSD2 is the implementation of strong customer authentication (SCA), which includes the use of multi-factor authentication (MFA). Eniblock supports MFA, ensuring that users have an additional layer of security beyond their simple authentication. With MFA, users are required to provide multiple factors of authentication, such as something they know, something they have, or something they are. This robust authentication process greatly reduces the risk of unauthorized access and enhances the overall security of Eniblock's services, making it fully compliant with DSP2 regulations.
Eniblock takes data privacy and protection seriously, and as a result, it is fully compliant with the General Data Protection Regulation (GDPR). Eniblock's design ensures that it does not collect, store, or have access to any personal data of its users. This means that Eniblock does not gather any personally identifiable information or sensitive user data during its operation. By implementing this privacy-centric approach, Eniblock not only safeguards user information but also eliminates any risks associated with the unauthorized disclosure or misuse of personal data. Users can have peace of mind knowing that their privacy is respected and their data remains under their exclusive control when utilizing Eniblock's services.
SOC 2 Type 2 Compliant
Security encompasses more than just the technical aspects of the platform. Eniblock places equal importance on robust policies, controls, and procedures to ensure comprehensive protection. As part of this commitment, Eniblock is currently undergoing a SOC 2 Type 2 compliance audit.
The SOC 2 framework is an industry-recognized standard that evaluates the effectiveness of an organization's controls and processes related to security, availability, processing integrity, confidentiality, and privacy. By undergoing this audit, Eniblock demonstrates its dedication to maintaining a high level of security across all facets of its operations.