Blockchain wallets on AWS: Secure, smart, and scalable (BLC403)

Overview of Blockchain Wallets

  1. Different Types of Blockchain Wallets:

    • Custodial Wallets: Managed by third-party companies (e.g., Binance, Coinbase) that handle security and recoverability. Suitable for staking, trading, and investment.
    • Non-Custodial Wallets: User-controlled wallets (e.g., MetaMask, Ledger, Safe Global). Optimize user control and ownership, but require managing keys and recoverability.
    • Smart Wallets/Programmable Wallets: Managed by a company through a customizable smart contract. Can solve user experience issues and provide features like social logins and multi-factor authentication.
  2. Institutional Grade Wallets:

    • Hot Wallets: Wallets with programmatic access, usually with HSM-based security. Used for staking, settlement, and online custody.
    • Warm Wallets: Similar to hot wallets, but require additional human approval for transactions, often using advanced crypto algorithms like MPC/TSS.
    • Cold Wallets: Fully offline wallets, usually using offline HSMs. Provide the highest degree of security and are suitable for offline custody.

Building Blockchain Wallets on AWS

  1. Core Building Blocks:

    • Secure and robust Key Management Service (AWS KMS, Cloud HSM, or Secrets Manager)
    • Fine-grained access management (AWS IAM, CloudTrail)
    • Efficient compute layer (Lambda, EC2, Nitro Enclaves)
    • Advanced monitoring and logging (Amazon CloudWatch)
    • Low-latency APIs (Cluster Placement Groups, Enhanced Networking)
  2. Example Implementations:

    • Hot Wallet: KMS-based, serverless solution using Lambda.
    • Cold Wallet: Cloud HSM-based, offline solution accessed through a dedicated EC2 instance.

Nitro Enclaves for Blockchain Wallets

  • Nitro Enclaves provide strong isolation, security, and flexibility for blockchain wallets.
  • Enclaves can run their own encryption keys and use cryptographic attestation to prove their identity.
  • Allows secure processing of private keys within the enclave, without exposing them to the parent EC2 instance or external entities.
  • Enables cost-efficient, large-scale key management operations.

FireBlocks' Approach

  • FireBlocks uses Nitro Enclaves to securely host their MPC (Multi-Party Computation) cosigners.
  • The customer sets up an S3 bucket, EC2 instance with Nitro Enclave, and a KMS key. FireBlocks' provided image attests to the KMS key and can decrypt the encrypted MPC shard stored in S3.
  • This setup allows for a flexible, secure, and rapid development process, while maintaining a high level of trust in the build process.

Your Digital Journey deserves a great story.

Build one with us.

Cookies Icon

These cookies are used to collect information about how you interact with this website and allow us to remember you. We use this information to improve and customize your browsing experience, as well as for analytics.

If you decline, your information won’t be tracked when you visit this website. A single cookie will be used in your browser to remember your preference.

Talk to us