Breakpoint 2023: Critical Security Considerations for Web3 Builders

Summary

At the Breakpoint 2023 conference, Thomas Przelomiec, a Sales Engineer at Fireblocks, outlined the critical security considerations that Web3 developers must address when building and managing platforms. The talk focused extensively on the importance of private key security, the use of multi-party computation (MPC) technology, and the practical applications of Fireblocks' solutions for both developers and end-users. Przelomiec also touched upon non-custodial wallet solutions and discussed the anticipated support for the Solana blockchain.

Key Points:

Fireblocks and Private Key Security in the Web3 Ecosystem

The presentation by Thomas Przelomiec emphasized the vulnerability to traditional private key storage solutions like MetaMask and Phantom and introduced Fireblocks' innovative approach using MPC technology. He differentiated between existing security methods and explained how MPC offers more security by splitting a private key into key shards that are stored separately and securely. Additionally, he explored the integration of these technologies with smart contracts, elaborating on the benefits of smart contract upgradability within the Solana ecosystem compared to Ethereum's immutability emphasis.

Non-Custodial Wallets and User Experience

Przelomiec moved on to describe how Fireblocks caters to the final consumer of Web3 applications through their non-custodial wallet solutions. He detailed the functionality of an SDK, enabling developers to seamlessly integrate private key management into their applications while providing an intuitive and safe experience for users to engage with Web3 without the burden of handling complex security details.

Facts + Figures

• Fireblocks works with institutional partners, including the Solana Foundation, Magic Eden, BNY Mellon, ANSI Bank, and the Israeli Stock Exchange.
• MPC technology forms the basis of Fireblocks' offerings, splitting private keys into three key shards, enhancing security.
• Transaction authorization policies with MPC provide granular control over asset transfers and contract interactions.
• Fireblocks' solution for smart contracts aims to offer a systemic approach to managing upgrades and security.
• The Solana ecosystem's design caters to an upgradeable infrastructure, offering a comparison to Ethereum's more static approach.
• Smart contract wallets are gaining traction, with concepts like automated yield strategies becoming a common narrative.
• Fireblocks' non-custodial wallet is designed with an SDK for developers to create a customized user experience.
• Upcoming support for Solana on Fireblocks' non-custodial wallets was announced, expected to be released in Q1.
• Fireblocks ensures that there's an 'eject process' for users to gain full custody of their assets if necessary.

Top quotes

• "So a whole lot of larger people use us to custody their own assets."
• "MPC technology is the evolution of the multi-sig, where you get a tremendous amount more security and flexibility."
• "The Solana ecosystem... was really designed with upgradability in mind."
• "Ultimately, you have some authority that sits underneath of that smart contract that has the ability to upgrade it."
• "You can see how you combine all these three layers together, and you get a very systemic approach to security."
• "So there's no passphrase they need to remember and manage."
• "If fire blocks disappears, the developer or our customer can hold our key share that we typically hold, so there's a backup condition there."
• "I look forward to talking to you all."

Questions Answered

What is Fireblocks and how does it contribute to the Web3 ecosystem?

Fireblocks is a technology provider that enhances the security of digital assets for institutional partners and enterprises. The company offers solutions that protect private keys using Multi-Party Computation (MPC) technology. By splitting a private key into secured shards and establishing transaction authorization policies, Fireblocks helps secure cryptocurrency transactions and smart contract management for Web3 applications.

How does Fireblocks' MPC technology improve private key security?

Fireblocks' MPC technology takes private key security to a new level by splitting a private key into multiple shards that never form a complete key at any point. This system of distributed security, combined with secure storage using Intel SGX enclaves and transaction restrictions, presents a significant improvement over traditional private key storage methods vulnerable to various security threats.

What is the advantage of upgradeable smart contracts in Solana's ecosystem?

The Solana blockchain is designed with upgradability in mind, allowing developers to enhance and improve their smart contracts over time. This flexible architecture is part of Solana's core ethos and contrasts with Ethereum's emphasis on immutability. Fireblocks' security solutions integrate well with this feature, enabling the secure management of the private keys associated with these upgradeable smart contracts.

What are non-custodial wallets, and how does Fireblocks' solution work?

Non-custodial wallets give users control over their private keys, as opposed to having them stored centrally by a third party. Fireblocks' non-custodial wallet solution provides users with a secure, user-friendly method of managing their assets through an SDK that developers can use to create tailored experiences. The wallet simplifies transactions and addresses many of the shortcomings associated with crypto wallet security.

How does Fireblocks ensure asset recovery for non-custodial wallet users?

Fireblocks ensures that users can recover their assets in a non-custodial wallet through backup and recovery conditions embedded in the solution. When a user secures their private key, it can be backed up to Fireblocks or another chosen location. If a user loses their device or needs to access their wallet from another device, they can restore access by downloading the necessary key shares.