English module on
Blockchain Architecture
Powered by Zft
Powered by likha

Custody

Co-written by Raphael Bustamante, James de Jesus, and Gabriel Paningbatan
Key Takeaways
  • Custody is how we store our digital assets securely. 
  • Custodial wallets are like having a digital bank account which is managed by a company or a third party. 
  • Non-custodial wallets are like having your own digital safe where you're in control of everything, including the "keys" to access your digital assets. 
  • Hybrid wallets don't give all the control to one person or company but they spread the power to multiple parties to make things more secure.

Blockchain technology has changed how we deal with digital assets, like cryptocurrencies and NFTs. Instead of relying on traditional banks or intermediaries, we have new ways to manage these assets. One key aspect is "custody," or how we store these digital assets securely. To understand this, let's talk about two types of digital wallets: custodial and non-custodial.

Simply put, a custodial wallet is managed by a central entity, such as a company, while a non-custodial wallet is not. This difference in management affects the wallet’s privacy, security, level of control, and convenience for its user.

Custodial Wallets

Custodial wallets are like having a digital bank account. They're managed by a company or a third party, and this company holds the "keys" to access your digital assets.Imagine you have a piggy bank, but someone else has the key to open it. When you want to use your money, you ask them to open the piggy bank for you.

These wallets are user-friendly and easy for beginners. They're a bit like using online banking, where you don't have to worry about all the security stuff. The downside is you depend on this company for your assets. If the company goes out of business, they might take your assets with them. There's also a risk that the company could misuse your money or lose it because of security issues. They can even restrict your access if you don't follow their rules.

Think of a custodial wallet like an online wallet on an exchange, such as OKX. You create an account there, and they manage your digital assets for you.

Non-Custodial Wallets

Non-custodial wallets are like having your own digital safe. You're in control of everything, including the "keys" to access your digital assets. No company or person manages your assets for you. Imagine you have a secret key to your piggy bank, and only you can open it. No one else has access to your money.

However, the responsibility for the safety and security of your assets rests solely with you. As the famous saying goes, "not your keys, not your crypto.” This means that whoever has the private key is the true owner of the funds in that wallet. If you lose your keys, no one can help you recover your assets. It's like losing the key to your piggy bank - you can't open it anymore.

Non-custodial wallets can further be divided into two categories: hot wallets and cold wallets. A hot wallet is software-based and is typically accessible when connected to the internet. A cold wallet, on the other hand, is a USB device used to store digital assets and wallet keys. There is also a third option called a hybrid wallet, which we will discuss next.

Hybrid Wallets

Hybrid wallets are a bit different. They don't give all the control to one person or company. Instead, they spread the power to multiple parties to make things more secure. This type of wallet employs methods such as Multi-Party Computation (MPC), Threshold Signature Schemes (TSS), and Multi-Signature Wallets, each with its own set of advantages and disadvantages.

These hybrid methods are like adding extra layers of security to protect your digital assets.

  • Multi-Party Computation (MPC)

Multi-Party Computation (MPC) is like having a secret key, but instead of one big key, it's split into smaller pieces, or keyshares. These keyshares are held by different devices, like your friends each having a part of the puzzle. No single device has the whole key, making it very hard for anyone to steal it.

When you want to make a transaction, your friends (the devices holding keyshares) work together to sign the transaction. They each add their part, like putting their puzzle piece in place. Once all the friends have signed their parts, their pieces come together to create the complete key, which is used to approve your transaction on the blockchain.

MPC gives an added layer of security to blockchain transactions. Even though any of the keyshares can generate the public key, it is impossible to recreate the private key from a single keyshare alone. Because no individual party has the entire private key or seed phrase, there is no single point of failure. Therefore, even if one keyshare is compromised, the hacker will not be able to block approved transactions, validate falsified transactions, or steal the assets in the wallet address.

So, what happens if one of the devices involved has been hacked? The system then generates a new keyshare to be assigned to the replacement device without having to change the private key itself. In other words, even if the keyshares changed, the private key to the account remains the same.

MPC is like having a super-secure vault with a unique key divided among your friends. It's a smart way to protect your digital assets, especially for businesses with substantial crypto investments, because it adds layers of security and reduces the risk of losing everything if a single device is compromised.

  • Threshold Signature Scheme (TSS)

Imagine a digital fortress guarding your transactions from hackers – that's what the Threshold Signature Scheme (TSS) does. It's a type of teamwork where different devices come together to approve a transaction. Each device holds a secret piece of the key, and you need a certain number of these pieces to create the main key, which is used to approve transactions.

Unlike multi-party computation, TSS doesn't require all the pieces to sign every time. You can set a rule that only a specific number of key pieces are needed. And if more people join, you can change that number.

TSS has two ways to create these key pieces. One way is to split a single key into pieces and give each piece to a device. The other method, called Distributed Key Generation, doesn't even create a full key; it just makes many key pieces. No one ever has the whole key.

To make it even safer, TSS lets you change these key pieces regularly. It's like changing locks in your home. If someone steals one piece, the others can still be used to protect your assets and prevent unauthorized access.

Think of it like a super-secure bank vault that needs multiple keys to open. Only when a specific number of authorized key holders insert their keys simultaneously can the vault be unlocked. Even if someone takes one key, it's not enough to open the vault, and the other keyholders can change the rules to stop the thief.

This is how the Threshold Signature Scheme keeps your digital assets safe, making it tough for hackers to compromise your security.

  • Multi-Signature

A multi-signature wallet is like a grand orchestra led by a conductor, where your digital assets are the music. Each musician in the orchestra represents a unique key needed to make the "music" or transaction happen. In this case, each key is like a musician playing a part.

Unlike MPC or TSS, a multi-signature wallet doesn't split one big key. Instead, it assigns individual keys to all devices connected to the account. For a transaction to take place, all these devices must come together and sign it at the same time, just like the orchestra playing in harmony.

But there's a catch – because many keys are involved, using a multi-signature wallet can be a bit more expensive and take longer for transactions to go through. Plus, it requires good coordination among the people with these keys, especially if they're in different places.

Understanding custody in cryptocurrencies, blockchains, and NFTs is one of the most important things to keep in mind as you explore this space. 

Custodial wallets are convenient, but you have to trust the company managing them because they control your access to your assets. If they run into problems, you might lose your digital money.

In a nutshell, non-custodial wallets give you full control, but you have to be super careful with your keys. Hybrid wallets add more layers of security by spreading control among different parties, making it even harder for someone to steal your digital assets.

So, when it comes to digital wallets, choose the one that suits your needs and level of comfort, and always keep your keys safe!

Find out more about the dimensions in blockchain technology as you move forward through this course! 

ZFT is home for the new gen of Wealth Builders.

Learn how to trade with ZFT →

Think you've mastered "

Custody

" now?

Take the quiz!