As a enthusiast and a part of industry builder, I will try my best to make the offort to build the ecosystem better. In the post, I will share my experience on how to design a secure module for digital asset exchange. Wish it will help to build business bases on and crypto economy. If is there any other better solution, please don’t hesitate to give feedback.
Digital Asset management are crucial, especially for institutions those business build on . A typical usage case is crypto exchange or over the counter trade platform (OTC), many thousands of traders withdraw or depisit their digital asset without the limitation of time and space, bank-level security and hight available architecture is the basic requirement for start the business.
Hot Wallet Warm Wallet And Cold Wallet
Common knowledge of would not introduce in the post, but we should learn the three kinds of wallets between exchange business system.
- Host Wallet: Be used only for send transaction from system, should keep sufficient but not too much amount of funded to service withdrawals. It should have tight policies limiting the amount of coin, that’s to say small amount withdrawals should as automate as possible but large funded withdrawals should require admin approval before withdrawed coins can be sent.
- Warm Wallet: Be used for all deposits to system, request an address to send funds to when a new users joins. Customers recharge funds to Warm should be withdrawed to cold automatly or regularly in time.
- Cold : Be used for storing the most of fund of system, at least 7/10 as i think, and recharging funds for Warm . Cold is also refer as offline , because it’s intended to be run on a device which doesn’t connect to any network.
In conclustion, private keys to be stored securely, smart risk control withdraw system and deposit onchain confirmation are three key considerations when we talking about design philosophy of crypto system architecture. If we have to make priority of those security factors for develoment, the importances of those keys gradual reduction by the conclustion above listed, the most important is private key storing.
Architecture Based On Actually Usage Case
Holding their own private keys is the main reason to embrace . Currency transference is cumbersome by traditional finance way, especially Cross-border remittances. There are many differences business logic between individual or institutions when using digital asset . Online service where import pubkic keys keeps track of transaction and balance, and every time need to send coin, signing service signs the transaction.
How to design digital asset module dependents on where private keys you . There are three modes basically: Store private key in mobile phone, full-node or secure network program environment.
- Decentralized mobile APP holds the key and signs raw transaction. when create by mobile app, the pubkic key is registered to network program (webservices mostly). network program interacts with p2p network to get information from blockchain (maintain UTXO, query Ethereum accounts balance and tx nonce, transactions history etc..) and broadcast new transactions. Those onchain wallets satisfy most personal usage.
- Blockchain node with provides full-service, directly creates and signs raw transaction in network environment. System integration with full-service node manages wallets by JSON-RPC interacted with blockchain full node. The wallets private keys are stored together with blockchain , meanwhile, exposed to the less secure open network environment. There are many hacked cases caused by JSON-RPC connections, like: , . I think using the original implemented by blockchain node is the bad practice. Someone suggested that bitcoin-core should separate Node and from functions: and there is a refator pull request:
- To increase security, private keys can be generated and stored by a separate program operating during a more secure environment, we call it signing program. Another part of the full-service is network program that construct raw transactions and broadcast signed transactions. The complete process is that network program creates unsigned transactions and transfers the unsigned transactions to signing program by sucure way (QRcode or any other secure transport protocol), and then signing program gives the signed transactions back to the networked program, finally the networked program broadcasts the signed transactions to the peer-to-peer network.
Signing Program And Network Program
The chapter is the key point of the post. There are four components of full-service.
- The first is wallets management, the private keys are generated by -core(Signing program) program and stored by levelDB
- The second is external endpoints, withdrawal process and generation, -gateway(network program) constructs raw transactions and provides external endpoint for business system, transport data by using gRPC protocol between -core and -gateway components.
- The third component is -monitor program, which subscribes best block(new block) event and push to MQ(RabbitMQ).
- The last is -consumer, which combines with two MQ consumers, one is maintain UTXOs for our system wallets(UTXOs base blockchain) and the other is deposits handle consumer(users notifications).
Published at Sun, 17 Mar 2019 02:48:16 +0000
