APIs for centralized private key management, transaction signing, and multi-factor authentication
Over the summer, we wrote a post on the difficulties of getting mainstream users to the blockchain. In keeping with our vision to help developers create usable and secure blockchain applications, we’re pleased to announce the launch of the ChainFront Cloud Service and the availability of APIs for the Stellar and Ethereum Blockchains (Bitcoin and Ripple coming soon) to solve the user adoption, security, and software development issues around crypto wallets. ChainFront makes life easy for end users (no need to use and secure wallets) and for developers (eliminates associated development efforts, and ensures security). ChainFront Cloud Services include: transaction signing as a service, private key management as a service, and secure and trusted multi-factor authentication. We’ve also renamed our company from Participate Crypto to ChainFront as part of this launch.
Developers of crypto applications today are faced with several challenges:
- Mainstream users are not comfortable with crypto wallets and the notion of “lose the keys, lose the assets,” no recovery.
- Most hacks of exchanges today have been “spear phishing” of one type or another – meaning individual crypto wallets get hacked:
- “Spear phishing remains the major vector of attack on corporate networks. For instance, fraudsters deliver malware under the cover of CV spam [with an attachment] that has a malware embedded in the document,” the summary explains. “After the local network is successfully compromised, the hackers browse the local network to find work stations and servers used working with private cryptocurrency wallets.”
- As a result, for applications where users are comprised of multiple entities, the notion of many on-device wallets to approve and execute transactions is almost impossible to make work from useability and security perspective.
- Consideration of security is paramount; at no time can private keys be exposed or insecure; while all actions on blockchain are immutable and visible to all participants, all other data must be kept secure.
- Transactions requiring multi-signature (multi-sig) and escrow can be complex to execute in various public and private blockchains.
- It is difficult to implement multi-factor authentication in conjunction with transaction signing.
- As applications scale, uncertainty around response times and availability make design and architecture difficult.
- Code to execute complex crypto transactions must be interspersed and layered within business logic.
Any solution to these challenges must meet the following requirements:
- Abstraction of code away from blockchain to enable development of business layer.
- Enable users to approve of transactions without use of on-device wallets — use of multi-factor authentication (MFA) instead via easy to use APIs.
- Provide load balancing and sequencing of transactions at scale.
- Provide military grade security (FIPS 140–2).
- Ensure private keys are never seen nor leave secure area — only public signed transactions.
- Easy to use APIs for multi-sig, escrow and other complex signing transactions; enable developers to focus on business logic vs. transactional syntax and logic.
- Ability to queue up transactions offline to the extent blockchain latency exists.
ChainFront Cloud Service:
The ChainFront Cloud Services API enables developers to quickly and easily create blockchain applications that can be used by mainstream consumers and businesses. The API endpoints support connecting to the Stellar, Ethereum, Bitcoin (coming soon), and Ripple (coming soon) networks. By using ChainFront, you provide your users with a secure and easy way to approve transactions without the need for them to manage their own private keys. You can easily create accounts, transfer tokens, and invoke contracts, all with the benefit of requiring multi-factor authentication for any transaction signer.
The ChainFront Cloud Service API is a RESTful API. It allows you to create accounts, configure multi-factor transaction approval methods, create blockchain addresses, create and sign transactions, and submit transactions to a blockchain network.
The API is available to ChainFront customers and integration partners and all organizations must acquire valid credentials prior to using the web services. All API endpoints require authentication.
Multi-Factor Transaction Approvals
In a traditional blockchain security architecture, users are responsible for keeping a private key secure. In a traditional enterprise application, users are accustomed to password recovery, rolling passwords, and generally are not expected to manage their own password backups. ChainFront blends these approaches by abstracting the private key away from the user, in exchange for the user presenting a multi-factor approval via a device they have proved they own.
Each account can be configured with a transaction approval method. For every transaction in which the account is a signer, the approval method indicates how the user is to approve the transaction.
- AUTHY_PUSH: sends a push approval request to the registered Authy id.
- CHAINFRONT_TOTP: using ChainFront UIs, the user will have to scan a QR Code with Google Authenticator or Authy, and will be prompted to enter their TOTP code.
- APP_TOTP: Your app will need to collect a TOTP code from the user and pass it in the X-TOTP-CODE header.
- IMPLICIT: No approval will be required for transactions with this account. Use this flow when your application handles all security related to account identity.
Main API Commands:
Account Service: Create a new account for a supported public blockchain. ChainFront uses a high entropy randomness to generate a secret seed to create private and public keys, all within the secure area (never leaves that secure area). Ability to list the accounts held within ChainFront.
Transaction Service: Sign a transaction between two (or more) accounts and submit to public blockchain. The transaction signing happens in secure area, is validated there, and only the public signature is transmitted across the internet.
Using these simple APIs provides developers with unparalleled power and flexibility to implement blockchain projects. Developers can use various methods to validate users and transaction signers, without worrying about users’ ability to work with wallets and use best practices to secure and back up private keys. ChainFront uses military grade security to store secrets in the cloud; developers need only focus on the logic of their blockchain/ledger project.
Also published on Medium.