Entropy & Segregated Client Accounts

Security Series • Aug 4, 2020

This article is part of a short series about security at Knox. You can find more details on our website on the security page.

Private key management starts with good entropy, a fundamental requirement for secure key generation and signing. Without high-quality entropy, a Bitcoin private key can never be safe at any phase in its lifecycle. Compromising on such a critical step exposes all derived private keys to the fatal risk of theft. This concern is generally easily overlooked. What makes good entropy? And why does it matter in the first place? Why is the entropy source and root key segregation such an essential information security practice for Bitcoin key storage agents?

The entropy source is randomness used to create strong private keys.

Entropy is a measure of the amount of true randomness produced when generating a private key, guarding against any potential collision with other attempts. Good entropy will make it exceedingly unlikely for an attacker to ever guess a key. It should be probabilistically implausible—almost impossible. Entropy is a measure of how random the resulting number is. Further, using a high-entropy seed that is distinct for each client’s private keys is essential for proper client segregation. A shared custody infrastructure provided by a key storage agent, also called omnibus architecture, gathers multiple clients on the same entropy source, which concentrates risk.

Omnibus custody where one single seed is shared across clients.

All Knox client accounts are segregated at the root entropy level, using 512-bits of entropy per seed. Each Knox customer wallet is backed by 4 different seeds in a 3 of 4 multisignature scheme. This is true wallet segregation that is the most conservative design for a Bitcoin custodian maintaining a full signing quorum. To create high-quality entropy for each client private key, the source of randomness must be carefully considered. Knox uses a blend of physical and digital entropy to do so. Combining 32 physical dice rolls with a Pseudo Random Number Generator (PRNG) running on an offline machine, entropy is generated by Knox agents in dual control pairs. The resulting entropy is used to derive a master key pair. Each client account has four of these entropy and key generation ceremonies held in distinct physical locations, with distinct personnel, prior to being combined into vaulted HSMs operating a 3 of 4 multisignature cold storage system.

Omnibus accounts where root entropy is shared across clients should not be used to safeguard multiple clients' keys. It concentrates risk. Using similar root entropy to derive public key pairs in a shared hierarchical deterministic (HD) wallet is a practice used by multiple custody providers in the industry. HD wallets make it convenient for a single user or trusted set of users to manage keys derived from the root master key that relies on a single source of entropy. We believe that sharing such sensitive key material between unrelated users is a security tradeoff that is not worth the amount of risk that it originates. If the root key is ever compromised or deemed weak, it would mean that all the other customers who have funds down the omnibus structure would be instantly exposed. Concentrating Bitcoin holdings from many distinct clients increases the incentive for attackers to attempt to brute force the root seeds, unlocking all subsequent funds. Custodians employing such practices put customers’ Bitcoin holdings at risk.

Segregated custody where each client wallet has a unique seed.

All Knox clients enjoy the security of Bitcoin multisig in a 3-of-4 scheme. Each of the private keys are derived from independent entropy sources and are stored in independent hardware security modules, vaulted, and used in a physical location distinct from the rest of the multisignature HSM quorum. This extreme level of segregation across the entire key lifecycle protects all customers, isolating their funds in completely different Bitcoin vaults, even though they are all managed by Knox adhering to a documented custody risk management registry.

True wallet segregation with distinct entropy sources, offline key storage and multisignature allows Knox to have an insurance policy covering up to 100% of the value held for all clients. Each customer has their own distinct 3-of-4 multisig wallet paired with personal access keys to authorize their withdrawal and general wallet operations, essentially locking Knox out of its own vaults. That way, no one can steal customers' funds at Knox.

Segregated entropy is one fundamental security principle established at Knox. We will be sharing more details about additional technology building blocks as part of a series on security at Knox. More details on knoxcustody.com