Private key management is a complex problem in cryptography. In the last few years, we have seen attacks against cryptocurrency companies that seek to retrieve the private keys of user wallets. Within cryptocurrency, private key management has an additional complexity: the value of stored user funds related to that private key. Truly, key management is a challenge that has plagued secure computing for years. While storing keys is essential, it is equally important to securely use those keys in an application. Without secure use of private keys, applications are vulnerable to attacks to exfiltrate those private keys.
In this talk, we will discuss the approach the AirSwap team uses to securely store and use private keys for high value wallets. We will show real world permissions, policies, and code used by our team. We will discuss common attacks against private key management systems and the ways that our implementation thwarts those attacks.
This talk is beneficial to any team or company that interacts with the Ethereum blockchain via signed transactions and off-chain custom code. It is essential for any team that wishes to use a private key in their application code securely.
0 Comments