CORE CASP Solution Overview

Unbound CORE Crypto AssetClosedDigital information that needs to be securely stored. Security provides the advanced technology and the architecture to secure crypto assetClosedDigital information that needs to be securely stored. transactions. The crypto assetClosedDigital information that needs to be securely stored. solution contains the CASPClosedUnbound’s Crypto Asset Security Platform (“CASP”) provides the advanced technology and the architecture to secure crypto asset transactions. service and different endpoints (humans or bots). This solution is referred to as the Unbound CORE Crypto AssetClosedDigital information that needs to be securely stored. Security Platform, or CASPClosedUnbound’s Crypto Asset Security Platform (“CASP”) provides the advanced technology and the architecture to secure crypto asset transactions..

Figure 1: CORE Crypto AssetClosedDigital information that needs to be securely stored. Solution Components

The CASPClosedUnbound’s Crypto Asset Security Platform (“CASP”) provides the advanced technology and the architecture to secure crypto asset transactions. solution is built on the technological foundation of secure multiparty computation (MPCClosedMultiparty computation - A methodology for parties to jointly compute a function of their inputs while keeping those inputs private.). As used in the CASPClosedUnbound’s Crypto Asset Security Platform (“CASP”) provides the advanced technology and the architecture to secure crypto asset transactions. solution, it provides the following benefits:

  • A Risk-Based Quorum Policy that provides a flexible mechanism to handle transaction signing by multiple participants across multiple groups.
  • Each private key exists as several separate random shares stored on separate locations and is refreshed constantly.
  • Key material never exists in the clear at any point of its lifecycle. Key shares are never combined at any point in time – not even when used or when created.
  • An attacker needs to get control over all involved servers and clients, simultaneously.
  • Real-time, tamper proof audit log that logs any key operation.

CASP Components

CASPClosedUnbound’s Crypto Asset Security Platform (“CASP”) provides the advanced technology and the architecture to secure crypto asset transactions. provides the framework to create Accounts, which hold multiple Vaults where secrets are stored. Access control is managed by the Risk-Based Quorum Policy for all of the Participants.

Accounts

An account is a container for a set of vaults and participants that manage these vaults. An account may represent a customerClosedThe entity that initially holds the crypto asset and requests storage in the crypto asset vault. of the system, a trader, an organization, etc. The CASPClosedUnbound’s Crypto Asset Security Platform (“CASP”) provides the advanced technology and the architecture to secure crypto asset transactions. service supports creating different accounts, managing account participants (human users or machine bot's), creating secure vaults for the account, and executing different crypto assetClosedDigital information that needs to be securely stored. transactions within the account.

The CASPClosedUnbound’s Crypto Asset Security Platform (“CASP”) provides the advanced technology and the architecture to secure crypto asset transactions. service supports the notion of global accounts, which can manage vaults across other accounts. This notion may support the use case of the CASPClosedUnbound’s Crypto Asset Security Platform (“CASP”) provides the advanced technology and the architecture to secure crypto asset transactions. service providers managing vaults on behalf of the CASPClosedUnbound’s Crypto Asset Security Platform (“CASP”) provides the advanced technology and the architecture to secure crypto asset transactions. customers.

Participants

A participantClosedA member of any of the quorum groups. can be a human within the account or a bot taking part in crypto assetClosedDigital information that needs to be securely stored. transactions. Each participantClosedA member of any of the quorum groups. owns a share of the cryptographic material that is part of the different transactions. CASPClosedUnbound’s Crypto Asset Security Platform (“CASP”) provides the advanced technology and the architecture to secure crypto asset transactions. supports participants using any relevant platform, including mobile devices, laptops, and different server platforms for bots. Participants can be hot or cold, where cold participants are not connected to the internet.

Vaults

A vault is a secure container for the cryptographic material used to protect a crypto assetClosedDigital information that needs to be securely stored., such as the seed or private key. CASPClosedUnbound’s Crypto Asset Security Platform (“CASP”) provides the advanced technology and the architecture to secure crypto asset transactions. uses Multiparty Computation (MPCClosedMultiparty computation - A methodology for parties to jointly compute a function of their inputs while keeping those inputs private.) to split the crypto material between the different participants in the vault, which ensures that the material never exists in a single place. In addition, only the approved set of participants can complete a transaction based on the vault definition.

A QuorumClosedOne or more groups, comprised of participants vault shares the responsibility of executing a transaction between many different participants in a structure defined by the vault policyClosedA set of conditions that define the MofN groups used for quorum-based transactions.. The vault policyClosedA set of conditions that define the MofN groups used for quorum-based transactions. contains a quorumClosedOne or more groups, comprised of participants-based structure where there are any number of groups, any threshold value per group, any tree structure between different groups, etc. The MPCClosedMultiparty computation - A methodology for parties to jointly compute a function of their inputs while keeping those inputs private. protocols used by CASPClosedUnbound’s Crypto Asset Security Platform (“CASP”) provides the advanced technology and the architecture to secure crypto asset transactions. ensure that if and only if the quorumClosedOne or more groups, comprised of participants definition is satisfied, a transaction can take place, which is enforced on the cryptographic level.

Risk-Based Quorum Policy

Each CASPClosedUnbound’s Crypto Asset Security Platform (“CASP”) provides the advanced technology and the architecture to secure crypto asset transactions. vault has a set of risk-based quorumClosedOne or more groups, comprised of participants policies associated with it, which are defined during vault creation. These policies assign a different quorumClosedOne or more groups, comprised of participants policy to different transactions, based on the transaction details (such as the transaction amount or the time of day).

Approvals are defined by a group of authorizing entities, of which a minimal-size subset (called a quorumClosedOne or more groups, comprised of participants) is required to approve the transaction. M approvals from a set of N entities is known as "MofNClosedDefines how many participants of a group are required for an approval. M out of N participants are sufficient to reach the quorum.". For example, the client may define 8 entities, of which 4 must approve the transaction. Another example is where there must be 3 approvals from group A and 2 approvals from group B.

The number of groups, size of groups, and the size of the approving subset is fully flexible and can be different for each vault.

Admin Quorum

A risk-based policy vault requires the definition of an admin quorumClosedOne or more groups, comprised of participants, i.e. a quorumClosedOne or more groups, comprised of participants of participants that approve any change to the policies of this vault. By defining such an admin quorumClosedOne or more groups, comprised of participants, CASPClosedUnbound’s Crypto Asset Security Platform (“CASP”) provides the advanced technology and the architecture to secure crypto asset transactions. assures that any change to any policy is reviewed by MofNClosedDefines how many participants of a group are required for an approval. M out of N participants are sufficient to reach the quorum. participants.

Data Collectors

Data collectors are independent components that calculate policy related attribute templates (custom static attributes) for transaction signing. Each data collector is associated with an attribute template group that contains the attribute templates.

Unlike participants, which can be human and require no development, data collectors by definition require development by the customerClosedThe entity that initially holds the crypto asset and requests storage in the crypto asset vault..

Synchronous and Asynchronous Operations

CASPClosedUnbound’s Crypto Asset Security Platform (“CASP”) provides the advanced technology and the architecture to secure crypto asset transactions. is a collaboration service, where different participants collaborate to perform crypto assetClosedDigital information that needs to be securely stored. transactions. As such, it has inherent support for asynchronous operation. When an operation is triggered, it is located in a queue and completed when the relevant set of participants complete their part. CASPClosedUnbound’s Crypto Asset Security Platform (“CASP”) provides the advanced technology and the architecture to secure crypto asset transactions. supports triggering asynchronous operations, notifying the relevant participants on required actions, and checking the status of operations.

Blockchain

CASPClosedUnbound’s Crypto Asset Security Platform (“CASP”) provides the advanced technology and the architecture to secure crypto asset transactions. can be used for securing the crypto material and managing crypto transactions where communication with the different blockchains is external to the CASPClosedUnbound’s Crypto Asset Security Platform (“CASP”) provides the advanced technology and the architecture to secure crypto asset transactions. system. In such a case, CASPClosedUnbound’s Crypto Asset Security Platform (“CASP”) provides the advanced technology and the architecture to secure crypto asset transactions. is mainly used for securing the vault keys and executing the sign operation. CASPClosedUnbound’s Crypto Asset Security Platform (“CASP”) provides the advanced technology and the architecture to secure crypto asset transactions. can also support managing the blockchain operations itself. In such a case, CASPClosedUnbound’s Crypto Asset Security Platform (“CASP”) provides the advanced technology and the architecture to secure crypto asset transactions. is capable of showing balances, sending transactions to the blockchain, checking blockchain transaction status, etc.

Using CASP to Sign a Transaction

The general flow for CASPClosedUnbound’s Crypto Asset Security Platform (“CASP”) provides the advanced technology and the architecture to secure crypto asset transactions. signing a transaction is as follows:

  1. A user wants to make a transaction and triggers a request to the crypto assetClosedDigital information that needs to be securely stored. system.
  2. The crypto assetClosedDigital information that needs to be securely stored. system exchange triggers a request to the CASPClosedUnbound’s Crypto Asset Security Platform (“CASP”) provides the advanced technology and the architecture to secure crypto asset transactions. Orchestrator for approval.
  3. The CASPClosedUnbound’s Crypto Asset Security Platform (“CASP”) provides the advanced technology and the architecture to secure crypto asset transactions. Orchestrator communicates with all quorumClosedOne or more groups, comprised of participants members to obtain the required partial signatures.
  4. The CASPClosedUnbound’s Crypto Asset Security Platform (“CASP”) provides the advanced technology and the architecture to secure crypto asset transactions. Orchestrator then can write the signed transaction into the ledger or return it to the application that called it.

Solution Architecture

The CASPClosedUnbound’s Crypto Asset Security Platform (“CASP”) provides the advanced technology and the architecture to secure crypto asset transactions. architecture is shown in the following figure.

Solution Architecture

Figure 2: CASPClosedUnbound’s Crypto Asset Security Platform (“CASP”) provides the advanced technology and the architecture to secure crypto asset transactions. Architecture

The CASPClosedUnbound’s Crypto Asset Security Platform (“CASP”) provides the advanced technology and the architecture to secure crypto asset transactions. Orchestrator is the heart of the CASPClosedUnbound’s Crypto Asset Security Platform (“CASP”) provides the advanced technology and the architecture to secure crypto asset transactions. system. It communicates with all parts of the system, initiates creation of the key shares for the vault, manages the different distributed procedures, and acts as the external entry point for the relevant applications, such as the crypto assetClosedDigital information that needs to be securely stored. applications.

The CASPClosedUnbound’s Crypto Asset Security Platform (“CASP”) provides the advanced technology and the architecture to secure crypto asset transactions. Orchestrator is backed by the powerful key management capabilities of Unbound CORE Information Security ("CORE"). CORE works together with the Participants to provide the complete approval signature for transactions, where Participants can be mobile devices, desktops, servers, or bots. CASPClosedUnbound’s Crypto Asset Security Platform (“CASP”) provides the advanced technology and the architecture to secure crypto asset transactions. creates an ECDSAClosedElliptic Curve Digital Signature Algorithm - A variant of the Digital Signature Algorithm (DSA) which uses elliptic curve cryptography. key, EdDSAClosedEdwards-curve Digital Signature Algorithm key, or Schnorr key, which is used for all transactions, along with support for BIP derivations.

CASPClosedUnbound’s Crypto Asset Security Platform (“CASP”) provides the advanced technology and the architecture to secure crypto asset transactions.’s open architecture enables communication with different types of crypto assetClosedDigital information that needs to be securely stored. ledgers. CASPClosedUnbound’s Crypto Asset Security Platform (“CASP”) provides the advanced technology and the architecture to secure crypto asset transactions. uses the term wallet (also known as chain adapter) to refer to the component that communicates with the ledger. For example, the BTC wallet enables communication with a Bitcoin ledger. It prepares a transaction from the available ledger data and sends it to CASPClosedUnbound’s Crypto Asset Security Platform (“CASP”) provides the advanced technology and the architecture to secure crypto asset transactions.. CASPClosedUnbound’s Crypto Asset Security Platform (“CASP”) provides the advanced technology and the architecture to secure crypto asset transactions. then signs the transaction and returns it, which then transmits the signed transaction to the ledger. CASPClosedUnbound’s Crypto Asset Security Platform (“CASP”) provides the advanced technology and the architecture to secure crypto asset transactions. seamlessly works with many different types of ledgers.