Introduction

When dealing with digital assets, a major risk faced is the loss of funds due to human error, hacks by malicious individuals, or theft by members. To solve these issues, Fireblocks was developed and equipped with a plethora of features and a multi-layer system that enhances security and mitigates risks associated with digital assets.

What is Fireblocks?

Source: Official website

Fireblocks is a platform for digital asset security, the development of decentralized products, and user asset management. It combines innovative technology, such as MPC cryptography and hardware isolation, to prevent internal fraud, cyber attacks, and human errors.

It achieves this through the use of digital asset custody, a special type of self-custody comprising multiple security layers and zero counterparty risks. It also facilitates high performance. The direct custody model is based on five fundamental principles regarding custody and risk:

• Create an environment with zero counterparty risk.
• Protect against internal and external attacks.
• Ensure continuity of business operations.
• Facilitating tight control and visibility of all transactions.
• Always deliver user-friendly, high-performance products and services.

History of Fireblocks

Source: Official website

The Fireblocks project was built by Micheal Shaulov, Pavel Berengoltz, and Idan Ofrat after they worked together on the task force created to investigate the 2017 hack by the infamous Lazarus Group on four Korean exchanges. From their investigation, they realized that cybercriminals have moved from hacking traditional finance to attacking digital assets. They also learned the complex reasons behind the lack of solutions to secure digital assets.

The three men spent over twenty years in cybersecurity, applying their expertise to mobility and other critical infrastructure before extending their expertise to the blockchain industry. They then joined hands to create Fireblocks, which protects digital assets from theft through innovative MPC technology.

How Does Fireblocks Work?

Source: Official website

To foster digital asset security, Fireblocks has set up a multi-layer security system consisting of four major layers: an MPC-CMP layer, a Secure Enclaves layer, the Policy Engine, and the Fireblocks Network. The platform was designed to provide advanced software and hardware defence against different hacking strategies.

The platform establishes a secure environment for storing, transferring, and issuing digital assets. It is designed to protect these assets from a range of cyber threats, human errors, and potential internal collusion.

The first security layer Fireblocks provides is the MPC-CMP, which uses the cryptographic technology called MPC (Multi-party Computation). The MPC (Multi-party Computation) is a digital technology that keeps bits of hidden information with all parties involved and then requires the private decentralized inputs of all the parties’ secured bits to solve problems.

The platform uses MPC because it is compatible with other platforms and does not require alteration. It is flexible, and lastly, it is cost-effective, as signing is done off-chain.

Fireblocks utilizes this technology through the MPC-CMP layer, which enhances the ECDSA and EdDSA signatures commonly used across all blockchains. This approach creates a new level of private key security, ensuring that the private key is never gathered into a single unit, effectively stopping hackers from accessing users’ assets.

The MPC-CMP layer not only enhances security but also accelerates transaction speeds, claiming to be eight times faster than the traditional Multi-Party Computation (MPC) due to the reduced number of transaction rounds required for signing. This layer is compatible with cold wallet storage, where key shares remain offline, thereby minimizing exposure to potential cyber threats.

Furthermore, the platform introduces an additional layer of security by distributing cryptographic MPC shares across multiple tier-one cloud environments, reducing the risk of breaches even if one of the physical data centers is compromised.

The Second Layer is the Secure Enclave, which is made possible through Intel SGX, a hardware-level enclave designed to secure specific code and data within the system. The primary responsibility is to safeguard the underlying infrastructure and the cryptographic algorithms, including MPC and ZKPs, while also protecting the sensitive components of the software from malicious insiders and hackers.

Since the MPC key shares are stored in the SGX, they cannot be accessed by malicious parties who gain control over the server. This is because the memory space and the data stored in the SGX Enclave are encrypted.

The third layer of security is the Policy Engine. This allows users to create certain rules that dictate how transactions are approved and executed. A rule can decide whether or not a transaction is blocked or approved. It can also determine if extra signers are required by applying filters like source, destination, asset, and amount.

The Policy Engine is also protected by the SGX, while the Fireblocks platform spreads out the process of policy verification across various MPC servers. Policy rules created are signed by a team of admins and are encrypted within the SGX. After completing the process, the engine is integrated within the SGX enclave, which safeguards it from tampering by both hackers and employees, ensuring the integrity of the implemented rules and the Policy Engine’s logic.

The platform’s final layer is the Fireblocks Network, which enables users to transfer assets securely, eliminating the risks associated with sharing deposit addresses. Instead, it makes use of automatic deposit address authentication and rotation, eliminating the need to copy and paste deposit addresses and authenticating them through test transfers and whitelisting procedures.

The network is vital to the system as it prevents loss of assets due to deposit spoofing or human errors like depositing an address for a counterparty the user is no longer a part of.

Features of Fireblocks

Aside from its security layers, Fireblocks also has several key features that help provide quality services to users, offering them several capabilities and functions. Some of these features include:

Hot, Warm, and Cold MPC-CMP Wallets

Fireblocks has three types of wallets: hot wallets, cold wallets, and warm wallets. These wallets are separated by where the third MPC share is placed and the process used for transaction approvals. In the case of the hot wallet, the third MPC key is managed by an API co-signer, allowing for automated transaction approvals.

With a cold wallet, the third MPC key share is held on the user’s offline device, and transaction approvals require scanning a QR code from both ends. With the warm wallet, the third MPC key share is placed on the online device, and transaction approval is received on the Fireblocks mobile app.

Workspaces

Fireblocks offers a distinctive feature known as Workspace, enabling users to manage various accounts and digital assets while keeping track of their transactions. Each workspace operates on a separate BIP32-HD wallet structure, each with its unique security measures and transaction policies.

There are three types of workspaces, each with its own special capabilities, which play a vital role in what the user can or can not do on the platform:

• Mainnet Workspace: This is a workspace that allows users to conduct real-world financial operations on the Fireblocks platform. With the mainnet workspace, users can securely transfer digital assets, add other users, create one or several vault accounts, Whitelist new addresses, connect to supported exchanges, connect to other Fireblock Network Members, and Configure MPC-CMP devices.
• Testnet Workspace: This is a testing environment that tests user’s testnet assets for integration and trial purposes. It allows you perform the same actions as you would on the mainnet workspace but with real-world fees. As a testnet, it does not come equipped with the same features as the mainnet to prevent the user from losing real-world assets.
• Developer Sandbox: Developer sandbox workspaces are workspaces open for developers to sign up. They are geared towards development and experimentation, allowing developers to create APIs by automatically creating the CSR certificate needed to generate the private key in the browser.

Role-based Access Control

Fireblocks has a role-based access control feature that grants users certain permissions based on their roles. Based on their roles, users can gain access to parts of the platform, the types of actions they can perform, and the MPC key shares that they hold to sign transactions.

Admin Quorum

Fireblocks Admin Quorum is the lowest gathering of workspace admins required to approve certain workspace decisions. They can decide on approving network connections, adding new users or removing malicious ones, and, lastly, adding whitelisted addresses.

The platform, through the Admin Quorum is able to prevent loss of users assets through their votes, preventing theft and siphoning of funds by malicious admins.

Accounts

The accounts feature is made up of the three types of accounts Fireblocks has to offer:

• Vault Account: Vault Account is a unique on-chain wallet that allows users to store and transfer their digital assets securely. These accounts are protected by the user’s private key, which is secured by Fireblocks’ MPC-CMP architecture.
• Exchange Account: Exchange accounts allow users to leverage their exchange’s API credentials to safely transfer assets between exchanges and other Fireblock accounts.
• Fiat Account: Fiat Account enables users to transfer fiat currency within the user’s Fireblocks workspace and other network connections that support the fiat being traded.

Vaults

The Fireblocks Vault is the platform’s solution for managing wallets and addresses. With it, users can effortlessly create and oversee multiple vault accounts, each consisting of various asset wallets.

Asset Wallets

Asset wallets are specialized wallets designed to manage internal deposits linked to various asset types. Each asset wallet includes at least one deposit address specific to its type of asset. This service supports over 1,200 different assets.

Transaction Authorization Policy (TAP)

The Transaction Authorization Policy (TAP) serves as a framework of rules that define the boundaries for transactions within a user’s Fireblocks workspace. With TAP, users can manage various aspects of transactions, including who is permitted to execute them, the maximum transfer amount allowed at any one time, the timeframe during which transactions can occur, and the methods by which each transaction is authorized.

Additionally, these rules can be applied to transactions involving smart contracts, such as deploying, upgrading, or executing ongoing operations.

Use Cases of Fireblocks: Wallet-as-a-Service, Self-Custody Infrastructure, Tokenization, and Treasury Management.

Fireblocks has several features that ensure the platform provides the best services for users and developers. By making use of these features, developers can build different platforms for users. Fireblocks can be used to create the following:

Wallet-as-a-Service

With Wallet-as-a-Service, developers can easily create and integrate tailored, secure wallets into their applications. This API-driven solution offers robust MPC wallets, allowing developers to effectively create, manage, and secure wallets for countless users without the need to develop their own security infrastructure.

Self-Custody Infrastructure

Fireblocks’ Self-Custody Infrastructure is a safe and trusty way to store digital assets. It is equipped with a versatile API, multi-layer security, Multi-Party Computation (MPC), and an Intel SGX to ensure users’ funds are safe and readily available.

Tokenization

With Fireblocks asset tokenization is easier and safer. It provides a secure way for digitalization of assets and development of blockchain-based applications. The platform’s API provides advanced features for executing tasks like creating, managing, redeeming, and issuing tokens such as stablecoins or security tokens.

Developers can use the tokenization feature to tokenize any asset, mint new tokens, manage smart contracts, execute smart contract functions, secure custody of tokens, and much more.

Treasury Management

Treasury Management allows users to store their funds securely in hot and cold wallets, connect to exchanges, manage fund operations, and connect to trading counterparties. It gives users complete control over their assets across several wallets, allowing them to manage transaction risks and liquidity.

With Fireblock Treasury, developers can make secure transfers, easily move assets, set up governance rules, and protect fund operations.

Conclusion

Fireblocks offers users enhanced levels of security for their digital assets through innovative technology such as Multi-Party Computation (MPC), a Secure Enclaves layer, the Policy Engine, and the Fireblocks Network. These layers significantly improve platform security and eliminate loss of assets through hacking, theft, and human error. It provides a wide range of services for developers and users, making it an important tool for decentralized platforms.