Wallet Generation

CryptoCurrency Security Standard (CCSS) Aspect 1.02

 

1.02.1 Signing Configuration

Aspect Objective: This aspect defines the criteria for applying single-signer and multi-signer mechanisms to wallets. This ensures that the signing configuration aligns with the criticality of the wallet, risk exposure, and operation requirements.

Single-signer mechanisms will consider the following factors:

  1. The criticality of the wallet to the CCSS Trusted Environment.
  2. The potential impact of loss of customer funds controlled by the wallet.
  3. The risk of a wallet compromise in the defined threat model (Requirement 2.03.2.1).
  4. The effectiveness of existing security controls protecting the wallet.

Multi-signer mechanisms are considered best practice for enhancing security. However, multi-signer mechanisms can potentially impact transaction speed and operational efficiency, therefore single-signer mechanisms can align with the CCSS only if the criteria in 1.02.1.1 is met. Single-signer configurations may be adopted by full-custody providers to allow rapid fund management. To ensure strong protection and distributed control, multi-signer mechanisms are implemented in wallets that hold the majority of customer funds.

1.02.2 Key Material Redundancy

Aspect Objective: This aspect ensures the availability of funds, even if a signing key becomes inaccessible, by requiring redundancy in multi-signer configurations.

For wallets that implement a multi-signer mechanism, they must include at minimum one redundant key for recovery purposes. This redundancy guarantees that funds remain accessible if one operational key is lost, compromised, or unavailable.

One common method that is considered best practice is creating a wallet that requires 2-of-3 signatures to authorize transactions for flexibility and recovery assurance. 

1.02.3 Geographic Material Distribution

Aspect Objective: This aspect mitigates risks by separating key material geographically for multi-signer wallets. The risks that come with localized disruptions, including floods and break-ins, are minimized with key material separated across multiple locations. 

Although locations can reside within the same region or country, risk assessments evaluate the potential consequences of storing all key materials within a single geographic area. Distribution across multiple, secure regions enhances overall resilience.

1.02.4 Entity Key Material Distribution

Aspect Objective: This aspect ensures that control of key material is decentralized across separate business units and legal entities, reducing organizational and legal risks. 

For wallets implementing multi-signer mechanisms, key material must be stored by distinct operators within the same entity or by separate, trusted entities. These entities can be legal, accounting, or custody partners. This separation prevents a single organizational or legal disruption from affecting key material and disrupting fund availability.

Importantly, this distribution approach does not violate requirement 1.01.1.1, because separate entities do not meet the definition of an actor.

1.02.5 Wallet Generation Policy Documentation

Aspect Objective: This aspect focuses on creating a documented policy to ensure consistency and compliance regarding wallet generation processes. 

This policy document includes details of the company’s internal policies and procedures to provide transparency. It will also cover all relevant areas of wallet generation to limit errors. A documented policy ensures standardization and provides clear operation guidelines for users.

Click to learn more about the CCSS.

This article was written by Shreya Patel.

The CryptoCurrency Security Standard (CCSS) has been updated to version 9.0. See the updated CCSS here.

Systems certified under 8.1 are still valid.

View Now