Curriculum and overview

• Date and time：Wednesday, April 25, 2018 17: 00 – 19: 10
• Place：TKP Garden City Take Bridge 7th Floor (Hall 7D)

• “About key management in the virtual currency exchange industry” – not to cause an accident never again ~

“About key management in the virtual currency exchange industry” – not to cause an accident never again ~

As you can see in this title, we have accelerated research and development in response to the sad incident of other companies. So we opened an emergency press conference on January 29th at the BCCC (Block Chain Promotion Association) to which we belong, and it is a document when we explained what kind of things happened.
There are places that I write somewhat by speculation, so I think whether there are places where facts and numbers differ, but I will tell you where I know.

I will tell you the overview of the accident at the beginning that was the subject of today’s agenda.
The exchanges that caused the accident were the largest exchanges in Japan. It is believed that it had estimated users with more than 2 million people, and there was a report that the transaction amount was about 3.8 trillion yen.
At the time, it was a business dealt with 13 coins and the most virtual currency, user friendly, many light users, there is a feature that you can trade from smartphone, and immediate deposit and withdrawal is one big point think.

To do this immediate deposit and withdrawal is not necessarily a hot wallet, and it is absolutely impossible to be a cold wallet, so it can be inferred that there is a place where we have pursued the convenience around here.
Although this time NEM leaked out, the problem of virtual currency does not roll back.
If it is a transaction of a bank, if there is a mistake, you can send back or send back, but the virtual currency is stolen = runoff. There is a big difference with other financial systems where reclamation is absolutely ineffective.
When it happens at the time when the leak occurs, it happens when the secret key is taken. Also, even if the system that can control the secret key is hijacked it is the same as the outflow.

For example, there is vulnerability in the system of API, control right is deprived when it is attacked there, and as a result key is used without touching the key and it gets lost.
How to manage this is a big problem.
It will be a while, but it is a place where from where to where you can go online and where you can not be online …

・・・
A solution that might solve this problem is the secret sharing method.
The method is to divide one key into two or more, and if you collect some of the thresholds there will be a key.
For example, 3of 5, that is, secret sharing that one key can be created by collecting three keys of five, it is not so if one key has 20% information volume.
In the case of the secret sharing method with the threshold 2, there is an X axis, a Y axis, and since I do not know where the other key is after finding the first key, each entropy is 100% It becomes information amount.

In other words, I do not fully understand.
In the case of Threshold 3, increase the order to make it a quadratic function. If 3 points are determined, 1 of the contact point of P will be known, so it will not be known at the time of collecting two, so it is useless unless you find the third one is.
This is a very secure distribution method, so if you use this secret sharing method, you should be able to design your work by deciding which key pieces to give to who.

For example, one of the pieces of paper is given to the user, one is held by the business operator and the other is owned by the Wallet business. In addition, one company and one wallet enterprise each have as backup.
At this time, there are few cases that the business operator loses, but there are cases where the user loses it and sometimes it is taken by people.

This is not stolen how to do this at this time.
Three of the five must be collected, two are owned by the business, and two are in the custodian.
If one key is stolen or lost in the condition that even a business operator can not immediately retrieve it, it will not be stolen immediately.

In other words, if you apply for lost in such a state, you can create a new key and share that key with the business operator and the Wallet business.
In this way, it is okay to lose it, and while doing somewhat loose things that it is okay for people to see it, businesses can create models that have control over them.
I think that if you can firmly designate which key to place and who can design which key to allocate, various business can be established.
For example, I thought that it could be used in a trust scheme, and when I reviewed the trust bank, I was told that there is a problem.

The problem is that if bankruptcy isolation is not done, having a key when a virtual currency exchange operator collapses is pointed out that the property has not completely shifted to the trust bank I thought.
To that end, we have to deposit all of them from the virtual currency exchange business to the trust business once, the risk simply shifts. The next question is how to build it.

Therefore, we call such trust businesses and non-life insurance providers by calling trust businesses and non-life insurers as to whether we can make safe operations using secret sharing law, I am considering a place to become a business · · ·

(Questioner 1)
I asked for it again because I needed to have nine keys and I missed the three keys.

(Currency Port Co., Ltd. Mr. Sugii)
First of all, when creating a key for multi signature, it is necessary to create three keys if the key is 2 of 3. Since this key is hardware, it takes a backup because it is likely to be broken.
To make a backup, we also create it with the 2of 3 secret sharing method, so we need three sheets of keys for one key and three sheets in three places, so we need nine sheets of paper.
When this uses 3of 5 secret sharing method, it becomes 15 sheets.

(Overall data is released only to associate members)