The Crypto Valley Association (CVA) has published its ‘Trusted Key Ceremony Guidelines’ This is an initiative coming from the from CVA’s Cybersecurity Working Group. It aims to improve the protection of digital assets and achieve this in secure and credible ways.
Commenting on the announcement, Markus Perdrizat, Chair of Cybersecurity Working Group at CVA and Head of Blockchain Risk Assurance at PwC Switzerland said: “With more and more financial assets locked up in cryptocurrencies, the need for a set of best practice standards regarding key ceremonies for cryptocurrencies has never been more pronounced.
“Ultimately, the security of financial assets begins with the key ceremony – when the cryptographic secrets are created. From that point forward, the highest standards of security must be upheld. To this end, we are delighted to officially unveil our new guidelines to the world.”
The CVA’s Guidelines
The CVA developed the Guidelines to showcase best practices for safe and secure ‘key ceremonies’. It unveiled the guidelines during the ‘Demystifying Key Ceremonies’ ‘at’ an online event presented by the CVA’s Cybersecurity Working Group on July 7th. The online event provided a venue for the exploration of those best practices which, the CVA believes, define its emergence as a leading cryptocurrency and blockchain hub.
The developers of the Guidelines cumulatively possess extensive experience of the design, operation, and reviewing of key ceremonies for regulated institutional firms. Contributors to the Guidelines come from:
- security experts in digital asset custody technology – such as Taurus Group and Ledger Vault
- auditing firms – such as PwC
- various blockchain organisations
- financial institutions – such as SEBA Bank.
Emi Lorincz, Board Member at the Crypto Valley Association said: “The CVA Cybersecurity Working Group is firmly committed to setting the highest security standards and best practices with regard to product development, security audits, and key management within the blockchain and crypto realm.
“The publication of the Trusted Key Ceremony Guidelines gives expression to this ongoing effort and captures the far-reaching ambition of the CVA to strengthen security levels in the crypto-assets space more broadly, and to extend the accessibility of crypto assets.”
The mission
The mission of the CVA’s Cybersecurity Working Group was to:
- define and drive the adoption of security standards and best practices for blockchain projects
- provide a forum for Swiss-based blockchain security product and service companies
- promote adoption across the global market.
The CVA key ceremony guidelines were collected and edited by:
- Jean-Philippe Aumasson, Head of Security at Taurus Group
- Maria Sommerhalder, Crypto Custody expert at PwC Switzerland
- with contributions from the CVA Cybersecurity working group members.
“Traditionally there have been many ways to create private keys, and up until now, there has been no clear set of standards or guidelines. The siloed approach generally adopted by practitioners, opens up many potential attack vectors that undermine the security of assets.
“By leveraging the deep insights and ceremonial acumen of our Cybersecurity Working Group, we have collated what we consider to be the best practices for new entrants and experienced practitioners in the space to create safe and secure key ceremonies, while also providing a framework to improve existing processes. We look forward to discussing the content of this new publication in more detail during our online event and encourage people to attend,” concluded Perdrizat.
Key ceremonies
The objectives for a key ceremony include the following (from the Guidelines):
- “generate secrets securely, such that nobody before or after the ceremony can determine all or part of the secrets
- “perform backups in a secure way, that is, such that recovery is guaranteed to work, and that access to the backups is adequately restricted, monitored, and logged
- “be able to demonstrate, to customers and other stakeholders, that 1. and 2. Were carried out according to the documented procedure”.
What happens in a key ceremony? A key ceremony requires people with:
- assigned roles and responsibilities
- pre-established processes
- reliable technology components (software and hardware).
A key ceremony is, in effect, a procedure involving several operations performed by those participants with their defined roles and responsibilities. Typically, a key ceremony includes the following:
- “several participants meet in-person or virtually in order to carry out the required steps
- “all actions and exceptions to the protocol are recorded and noted by an independent witness
- “the hardware and/or software to be used is verified to be in a state suitable to generate secrets
- “(the) generation of secrets (occurs) using a pseudo-random generator
- “creation of backups (occurs) of the secrets, either by directly copying secrets to other media or devices, or by using some threshold secret-sharing scheme in order to distribute trust to multiple components and persons”.
Enterprise Times: what does this mean
Founded in early 2017, the Crypto Valley Association is a not-for-profit association established to support the development and dissemination of:
- cryptographic technologies
- blockchain
- other distributed ledger technologies.
It does this via support for startups and other companies in Switzerland. Internationally the CVA’s proclaimed purpose is to shape an open, free, and prosperous financial services industry of the future.
The CVA designed these new Guidelines as a set of best practices, in this case those associated with key ceremonies. The CVA’s hope is these will broaden the accessibility of crypto assets. The acid test will be whether others adopt, and implement, what the Crypto Valley Association proposes.