Hardware Custody / Digital Asset Management Solution
Riddle&Code has been founded and set up by Prof. Fürstner as a 'blockchain interface company'. R&C have been specializing in developing our own crypto chip modules and related software in-house. This allows us to increase the security against hardware hacks massively, to reduce energy consumption of devices (for IoT) and to be flexible in allowing all relevant radio communications or blockchain protocols to be interoperable with our hardware.
The project we have developed for the financial industry is highly relevant for society since it allows to get rid of one of the weak points of blockchain technology: centralized (legacy) hardware. Even though blockchain is secure by design because of the cryptography involved, the security has been limited before by the security of the hardware these protocols have been running on. A server or a centralized IT device that stores wallets / secrets / keys, such as an HSM in the financial industry, can always be hacked if access is established physically or remotely or if enough time and resources are available. This poses a threat for critical infrastructure.
And that's why the design of our Hardware Custody & Digital Asset Management Solution comes with a co-signing approach established by using https://de.wikipedia.org/wiki/Shamir’s_Secret_Sharing to enable co-signing procedures distributed between several hardware wallets (n out of m to achieve a quorum to be set as the governance rule) that are held e.g. by the professional traders of a bank's trading desk or by individuals and their lawyers/partners/kids etc.
In this set up, no secrets / keys / wallets are stored on the devices, and immediately after a transaction (between different blockchain wallet addresses) has been orchestrated in a regulatory and governance-compliant way, all secrets are deleted from the devices.
Both the devices as well as the code have been audited thoroughly in order to be accepted by the Swiss Financial Market Regulator.We think it is a 'bold' concept since it brings trust, GDPR and AML compliance to not only the financial industry, but also to the broader economy and will enable trustless, efficient and secure industry-grade processes for the upcoming M2M era and the token economy.