Digital assets have gained significant traction in recent years, owing in huge part to increased institutional adoption. 

With more institutions exploring digital assets to expand their investment portfolios, digital asset security is thus of paramount importance to any judicious institution.

Institutional protection of digital assets begins with safeguarding private keys, as they directly unlock access to digital assets stored on the blockchain. These keys are stored in wallets, which serve as the first line of defense for digital assets – it is thus pertinent that institutions scrutinize the design models of wallets to ensure the security of the assets that they invest in.

This article will therefore focus on the design models of institutional-grade wallets, serving as an introductory guide for institutions to plan and decide on an option that best fits their needs.

Design models of wallets

Unlike traditional wallets, cryptocurrency wallets do not store assets. As mentioned, wallets are instead the safehouses for keys that unlock access to digital assets stored on the blockchain. 

Common classifications of wallets

At present, wallets are commonly classified on how they are used. Two of the most common classifications are summarized as follows:

• Hot and cold: The most common way to classify wallets, these heat level descriptors indicate their connection to the Internet. Hot wallets are connected, while cold wallets are not.
• Self-custody and third-party custody: This classification segregates wallets based on who has the ability to move one’s funds. Third-party custody wallets hold private keys managed by a third party, which means that an external custodian manages funds. Conversely, non-custodial wallets are private key repositories that are self-managed by the institution or individual. This means that funds are internally managed by the institution or individual themselves.

While these classifications are useful on a high level, they do not account for the underlying security models of wallets. However, given that the security of digital assets is a top priority for institutions, a different kind of classification that focuses on the wallets’ design models should be highlighted.

There are three broad design models used for cryptocurrency wallets. Each model has varying levels of security, and they are as follows:

1. Single-signature wallets

The most basic type of wallet available, single-signature wallets require just one user to sign and authenticate transactions on the blockchain. Every wallet is paired with one private key, which is owned by a single user. This means that only this user’s signature is required to approve all transactions.

While single-signature wallets are suitable for retail investors who work with relatively smaller sums, they are not as ideal for institutions who manage much larger volumes of digital assets. 

Furthermore, retail investors typically only need one key to tie ownership of their wallet and assets to themselves. This is different for institutions, where multiple stakeholders are involved throughout the transaction process from the point of initiation to the final approval. Depending on the operational needs of the institution, each stage of the process may be handled by multiple stakeholders as well.

Single-signature is thus not ideal for institutions, as this model does not account for situations where multiple stakeholders are involved. 

To this end, single-signature wallets also carry the risk of a single point of failure, as there is only one private key in the equation. Should this key be lost or compromised, funds can be stolen or become permanently inaccessible. 

Institutions should therefore turn towards other design models that utilize multiple signatures to authorize transactions.

2. Multi-signature wallets

A step-up from single-signature wallets, multi-signature wallets eliminate the risk of a single point of failure as they require at least two or more users to sign transactions. Under this model, every wallet is paired with multiple private keys, each key responsible for applying a signature that represents its corresponding owner’s approval of the transaction that is verifiable on-chain. 

By requiring signatures from multiple keys, multi-signature wallets are made more secure as all key holders have to be accountable to each other. Without the requisite approvals from most or all of the key holders, digital assets cannot be accessed.

As ownership of the key(s) held by the institution can be distributed to multiple users, multi-signature wallets are thus best suited for institutions where funds are typically owned and managed across a few stakeholders. 

Under this setup, stakeholders maintain joint ownership of the institution’s key(s), and a majority consensus must be reached amongst them to apply the requisite signature to approve any transaction.

Multi-signature wallets have a range of quorums, with most designed to require a minimum threshold instead of all signatures to unlock access to assets. Below is an example of the different quorums available:

• 2-of-3: A minimum of two signatures are needed to unlock a three-signature wallet
• 2-of-2: Two signatures are needed to unlock a two-signature wallet
• 3-of-3: All three signatures are needed to unlock a three-signature wallet
• 3-of-4: A minimum of three signatures are needed to unlock a four-signature wallet

The n-of-m minimum threshold quorum (eg: 2-of-3 or 3-of-4) is the most ideal configuration for institutions. With a 2-of-3 wallet, for example, a mutually-trusted third party can be included to serve as the neutral intermediary between two parties. In turn, institutions are protected from the risk of losing access to their assets when potential disputes arise.

To further reinforce the security of the n-of-m wallet, institutions can augment at least one of their private keys with off-chain policy controls that give them greater flexibility over the addition and removal of employees. This design is especially useful if institutions work with blockchains where alterations to the private key can potentially change the entire wallet address.

On the other end of the spectrum are the n-of-n all-signature quorums (eg: 2-of-2 or 3-of-3). While mandating all signatures is feasible, this requires an extremely high degree of trust and diligence across all stakeholders. Institutions may consider choosing this configuration if they are not only confident of the trustworthiness of every key holder, but also willing to undergo the full operational procedure to require signatures from all of them to approve any transaction.

3. Multi-party computation (MPC)

Multi-party computation (MPC) wallets are similar to multi-signature wallets in that they enable multiple participants to authorize transactions. However, MPC wallets are different because they only utilize one private key, as opposed to the numerous keys used by multi-signature wallets.

This one private key is divided into three or more parts in a process known as sharding, with each shard (or key share) held by a different stakeholder. To sign a transaction, every stakeholder has to apply their individual shards to generate a collective valid signature that unlocks the wallet.

Similar to multi-signature wallets, MPC wallets ensure that there is never a single point of failure. This is done through the following set of guidelines:

1. Each stakeholder randomizes the way they encrypt their private key and data, never sharing these methods with each other.
2. Individual stakeholders participate in a decentralized wallet creation protocol, where they enter the public key that corresponds to their respective shards.
3. When a signature is requested for a transaction, a quorum of stakeholders participate in a distributed signing process where they individually sign to validate the transaction.

As MPC wallets are not locked to their initial quorum, they enable institutions to alter their configurations via a democratic agreement across the majority of its existing stakeholders.

Despite the flexibility and protection afforded by MPC wallets, they may not be the most ideal option for institutions due to the nascence of the technology. Levain still recognizes the value that MPC can potentially bring to institutions, and is actively exploring the technology. 

Secure your digital assets with Levain's multi-signature self-custody technology

To empower institutions to take charge of their digital assets, Levain has built a self-custodial, multi-signature wallet solution.

Rigorously designed to meet the institutional need for security without compromising autonomy and operational efficiency, Levain’s custody technology solution has the following features:

• Enterprise-grade multi-signature technology
• Storage of private keys in a tamper-resistant Hardware Security Module (HSM)
• Hot wallet to facilitate efficient transaction flows
• Reporting capabilities to visualize transaction history and fund performance
• Robust yet intuitive infrastructure to facilitate the easy generation, storage, and recovery of keys

Find out more about how Levain empowers your institution to take charge of its digital assets securely and transparently.

Get in touch at levain.tech/contact-us.