DCRM Multi-Party Interoperability and Custody
Fusion's Distributed Control Rights Management (DCRM) was built to address cross-chain interoperability through a decentralized custodian model. It uses the latest cryptography technologies in Threshold Signature Scheme (TSS) for Elliptic Curve Digital Signature Algorithm (ECDSA) to provide a distributed key generation and transaction signing algorithm. This technology was developed for over a year, with the feedback of 4 leading cryptographers such as Rosario Gennaro and Dr. Pascal Paillier.
operates at the encryption level
creates token portability and exchange across chains
retains cross-chain encumbrance allowing for multi-token Smart Contracts to be created with IFTTT
With a distributed key generation and signing algorithm, private keys are no longer a single point of failure. Access to wallets or any data that needs protection is now distributed among N number of parties or devices. For blockchains, which relies solely on private keys to prove ownership of assets, DCRM greatly increases the security while mitigating risk of lost keys.
For example, if an individual loses a device with sensitive data, they can stop non-permissioned access from the device while retaining access from another sharded key they have stored elsewhere. Or, financial organizations can implement compliance and access controls where-in both a compliance officer along with department head must sign before a trader can access funds.
With its characteristics of Interoperability and Security, DCRM is ultimately a custodian that
Secures assets like cold wallet custody
Transacts with the liquidity and hardware-less setup like hot wallets
Protects with multi-party sign-offs and recovery
This custodian model can be employed as a trusted network across parties such as banks and their customers to allow for efficient transactions or as a single, secure solution for individual banks.
DCRM utilizes an advanced form of decentralized cryptography known as Threshold Signature Scheme (TSS), which is a type of Multi-Party Computation (MPC). TSS allows multiple parties to jointly generate a key and a signature. None of the parties by themselves ever have a full key and none of the parties can sign without consent of the others. TSS can be configured for m-of-n setups as well; that is, requiring only m parties to sign under a group of n trusted peers.
While often compared to Multisig (Multi Signature) algorithms, there are two key differences:
Multisigs performs its cryptography on-chain, exposing details such as number of signers that weaken security.
TSS signatures are treated as one signature on the blockchain, making costs of TSS signatures much cheaper.
TSS is stronger than a sharded key-storage scheme or secret sharing schemes like Shamir’s Secret Sharing because the private key generated through TSS is never accessible as one whole key.
Elliptic Curve Digital Signature Algorithm (ECDSA) is an encryption algorithm used by ~80% of cryptocurrencies in the market, including the majors like Bitcoin, Ethereum, and NEO.
At the end of 2019, simultaneously as Fusion announced the release and consequent open-sourcing of DCRM 5.0, the DCRM Alliance was announced: a group of DeFi players and protocols, Fintech companies, enterprises, government and academia that will join forces to further accelerate the development of next generation decentralized finance and custody solutions using DCRM.
Fantom Fantom offers a series of technology components, enabling fast and scalable distributed ledgers, with a focus on their Lachesis aBFT consensus module. Fantom represents the voice of public protocols in our Alliance.
Karlsruhe Institute of Technology The Karlsruhe Institute of Technology (KIT) team is investigating the proper deployment, measurement and comparison of cross-chain technology. Ali Sunyaev and the CII research group at the KIT represent the voice of academia in our Alliance.
Realio Realio is aiming to disrupt the way capital is raised and invested today by building a complete ecosystem aimed at the issuance, management and trading of digital assets. Realio represents the voice of asset tokenizers/issuers in our Alliance.
Totle Totle delivers access to a DeFi infrastructure, ranging from token trading and liquidity, to facilitating payment requests. Totle represents the voice of DEXes and value exchange in our Alliance.
Solidx SolidX was founded with the mission of providing institutional access to bitcoin. Its efforts dating back to 2011 have focused primarily on working with the SEC to approve the listing of a bitcoin exchange traded product.
The Alliance chose decentralized custody as its first area of focus. Decentralized custody is not only paramount for cross-chain DeFi but also for the security of any centralized entity’s digital assets. According to Cointelegraph, the number of centralized exchanges being hacked is escalating every year. In 2019, 11 large scale thefts were carried out against centralized exchanges which resulted in over $292M being lost. With growing institutional involvement in blockchain and digital assets, the demand for solutions like multi-party signing and MPC (multi-party computation) to provide secure usage of digital assets will only increase.
Further validating the focus of the Alliance, Brave New Coin predicted the top solution in 2020 to solve the crypto’s challenges would be MPC Custody (or decentralized custodian). The article also mentions successful startups like Fireblocks, who raised $16M in July, 2019 and is currently moving $2.5 Billion monthly on behalf of their institutional clients, illustrating the need for DCRM and decentralized custody.
Each Alliance member runs their own single node (off-chain) to form a distributed signing "bedrock" for the various decentralized solutions, including decentralized custody. Hardware requirements are minimal, can be run in cloud providers such as AWS, and node setup generally takes 15 minutes.
Key points of progress include:
Created a network of DCRM nodes in a fully functional test network.
Using a simple UI designed by SMPC wallet team, Alliance members successfully conducted several transactions to generate accounts and send ETH, BTC, and FSN in distributed fashion.
User custodial setup in testing.
This progress marks the beginning of a new era in finance where different organizations and industry players (technology, DEX, academia, issuance platform) collaborate to create accounts and transfer incompatible tokens. No single organization in this group can act without the approval or knowledge of the other, perfectly showcasing the security and transparency possibilities of blockchain.
Fusion is currently in talks with two other top blockchain projects who are interested in the DCRM Alliance work.
The initial phase of testing will continue to enhance performance, security and stability of the signing group. Important security questions that have been answered in theory but need to be confirmed in practice include:
What happens if one node is down?
Can any individual node be hacked and reconstruct full key?
Can any malicious player steal the keys from the other alliance members?
After these questions have been answered and solutions implemented, the Alliance members will review the test results and jointly plan the next phase in optimizing DCRM for commercial-grade applications.
Through DCRM and decentralized oracles, a blockchain protocol that can interact with all assets, both on-chain and off-chain, will provide a future-proof bedrock to build financial transactions around. Decentralized oracles can monitor customer ACH payments, triggering smart contract automation in bank systems and transferring value and data easily from one network to another.
Using DCRM, we can build a custodian that is able to meet the compliance requirements of traditional banks with multiple sign-offs, provide the software equivalent security of HSMs (Hardware Security Modules), and future-proof bank for digital currencies that are in existence as well as proprietary settlement coins or government-backed digital currencies that are in development.
Whether the workflow is on-chain (granting a trader access to trade a firm position) or off-chain (granting access to sensitive tax documents), DCRM can provide the protection of multiple authorization without the security risk of centralized password storage and without the economic burden of traditional multi-signature solutions. We can leverage expertise from DCRM Alliance Member Solidx’s sister entity Atakama, who specializes in decentralized protection of data access.
One of the biggest challenges holding crypto custodian solutions back has been the risk of losing keys without ways to recover, leading to irrevocable loss of assets.
Through DCRM’s key sharding and TSS (Threshold Signature Scheme) implementation, users can use one shard in conjunction with one held by a provider to sign transactions, and keep their one extra shard as backup to restore or even create new keys. Banks can even leverage this scheme to protect their customers mobile wallet solutions, quickly invalidating one key shard should a customer’s phone be stolen, and activating a safe shard.
If you are a developer you may be interested in the DCRM SDK. Find out more here.