Nash is proud to launch decentralized API keys based on secure multi-party computation (MPC). Now enabled for our non-custodial cross-chain markets, these new API keys bring custody of digital assets to a whole new level. Get started with our TypeScript APIs here!
This is the first time a cryptocurrency exchange can offer the kind of API keys institutional and algorithmic traders need to trade with no counterparty risk.
Institutions employ many individual traders who interact with exchanges through APIs. Each trader is given only partial access to the institution’s master account. No individual trader should be able to drain the institution’s wallet, make trades over a certain value or withdraw to an unknown address.
In traditional setups, traders will be given an API key with permissions attached, limiting their access to the institution’s master account. What’s more, if a security breach is detected, an institution can immediately revoke all keys.
On centralized exchanges, it is comparatively easy to configure APIs along these lines. Of course, because of their centralized nature, such exchanges remain a security weakness. According to Forbes, hackers stole over $4 billion in cryptocurrency during 2019, up from $1.7 billion in 2018.
Nash can now offer the kind of APIs institutions need, but with the significant benefit of being a non-custodial exchange. This has not been achieved before in the blockchain industry. On a DEX, a single user key always controls all assets – a security concern that is unacceptable for institutions and high-volume traders.
In combination with Nash’s state channel solution for high-speed cross-chain trading, including real Bitcoin trading, our decentralized API keys finally make secure, non-custodial cryptocurrency trading available to institutions.
How it works: Secure multi-party computation (MPC)
A blockchain approves or refuses a transaction by verifying its signature. A private key is one way of generating a valid signature. If you have the private key for an address, you can always sign transactions going out of that address.
However, there are other ways of generating signatures that do not give one party all the power. By splitting the generation of signatures between two parties, it becomes impossible for one party to approve transactions unilaterally.
This can be achieved using secure multi-party computation (MPC). With our new APIs, two parties must collaborate to generate a valid blockchain signature. Both Nash and a user have their own key. These keys each generate what is known as a “pre-signature”. The two pre-signatures are then combined into a single valid signature.
In this way, it is possible to generate API keys associated with specific permissions. If an institution wants to set a transaction limit and address whitelist for a trader, they can generate a key for that trader, specifying the desired restrictions. If the trader acts as they should, Nash will provide its pre-signature and a transaction will be accepted by the blockchain. If the trader attempts a forbidden action, Nash will withhold its pre-signature and the trader cannot do anything. Of course, Nash alone is also unable to issue or authorize any transaction – the system is designed such that the user is the only one capable of initiating transactions. It remains non-custodial.
MPC for user wallets
Nash plans to integrate our MPC-based APIs into our user wallet system. Rather than sign transactions with their full private key, users will be able to interact with their wallets through a version of the API, setting withdrawal limits. As a result, even if a user’s Nash login is compromised, an attacker will be limited in terms of the damage they can do.
With this planned upgrade, funds management on Nash will be as secure as a hardware wallet, at absolutely no cost. This is another technological advancement that paves the way for wider adoption of digital assets.
You can stay up to date with Nash by following our Twitter and Instagram. We also encourage all Nash Exchange token (NEX) holders to join our community platform, where they can talk directly with the team and receive reliable answers to questions.