2

I have some security problems to solve, and frankly, don’t even know where to start. I’d appreciate some feedback from the experts here...

Problem 1: Protecting API keys that have rights to withdraw crypto currencies from exchanges.

Problem 2: Protecting private keys for crypto currency wallets hosted on 3rd party servers.

Problem 3: Making code immutable unless multi-signatures are supplied. The code that processes withdrawals.

Problem 4: Making data immutable unless multi-signatures are supplied. The whitelist addresses the code will check against to prevent withdrawals outside of the whitelisted wallets.

The payoff for a hacker that cracks the protection is significant.

Potentials I’m considering:

  1. Putting all code, data & keys in blackbox protected with homomorphic encryption. Code receives the raw params (wallet addresses & amounts). Params are checked against whitelist in the blackbox & signed with API keys in the box.

  2. Whitelist hosted on an immutable blockchain ledger, with code in a homomorphic blackbox.

  3. Whitelist hosted on an immutable ledger. Signing happens in a homomorphic blackbox. Signatures & params sent to an immutable smart contract on a blockchain. Smart contract checks against the whitelist & processes the transfer.

I’m sure these problems have been throughly hashed over already. I have no experience in security, I’m sure some experts here can see all kinds of holes I might be missing.

Any feedback is greatly appreciated.

Emily
  • 121
  • 2
  • 1
    The solutions I'm considering require homomorphic encryption. Not sure if that fits best in security or cryptography. –  Mar 29 '18 at 12:25
  • 2
    Honestly, the problem with "I don’t even know where to start" is that, quite frequently, neither will anyone else. I suspect that your problem may be too poorly defined for anyone to give an answer, other than maybe to say that "it can't be done without some additional assumptions." That said, I'm no expert on cryptocurrencies or homomorphic encryption, so I'm *not* voting to close your question as unclear. It's possible that someone more familiar with the subject might be able to make sense of your question and answer it. But I'm not holding my breath waiting for that, and neither should you. – Ilmari Karonen Mar 29 '18 at 23:47
  • What does immutability mean in the context of problems 3 and 4? – Jonah Benton Apr 02 '18 at 00:22
  • Would mean data is impossible to change unless multiple signatures are supplied. (Added these details to question.) – Emily Apr 03 '18 at 10:26

0 Answers0