Ever since the earliest of adventure games, where players could earn in-game assets, they’ve wanted a way to facilitate trade. It wasn’t possible with web 2-based games, because a centralized service ultimately owned and controlled the in-game assets. But technologies that were pioneered with Web3 services like cryptocurrency and NFT trading are enabling players to truly own, control, and trade their in-game assets.
But along with digital assets come the security and privacy challenges of Web3 digital asset ownership and the complexities of scaling and interoperating with blockchains. For instance, securing digital assets from theft and sophisticated attacks while protecting the privacy of sensitive gamer PII from hackers and preserving seamless gaming experiences are non-trivial challenges for developers.
Plus, your typical gamer doesn’t have time to set up a digital wallet or research how their favorite gaming platform is protecting their Eternal Obsidian Katana or Elixir of Immortality. They want to be able to play, earn, and trade items quickly. (There are side-quests to complete and balrogs to defeat, after all.)
To facilitate these transactions and protect players, developers need a way to authenticate ownership and verify the transfer of digital assets while lowering the bar for users and raising it for hackers.
From treasure chests to crypto keys
Cryptography can be a complex subject, but understanding the basics of facilitating digital signatures can help you appreciate how modern digital security works. It can be difficult to choose what makes sense for your project, especially if you’re not a cryptographic expert. There are a handful of implementation methods for protecting your secrets—both similar, but with subtle differences. Let’s break these down into simpler terms and see how they apply to digital assets like Web3 gaming.
The basics of digital assets
Imagine you have a digital treasure chest filled with valuable items, like rare collectibles or important documents. You want to make sure that only authorized people can access or verify these items. To do this, you use a special key that grants access to them and proves the authenticity of the items—guaranteeing they haven’t been tampered with.
Here’s how it breaks down:
Digital Assets: These are your valuable items in the digital treasure chest, like NFTs (non-fungible tokens), cryptocurrencies, important documents, or other digital items that need protecting.
Private and Public Keys: These are two parts of a special lock-and-key system. The private key is your unique key to lock (sign) the asset, and the public key is like the lock that anyone can use to verify the signature.
Signing the Asset: Whenever you want to transfer, or otherwise make a transaction around the protected asset, you use your private key to create a unique signature. This signature proves that the asset comes from you and hasn’t been altered. It’s like stamping your digital treasure chest with your unique seal.
Anyone can use your public key to check the signature on the digital asset. If the signature matches, it means the asset is authentic and hasn’t been tampered with.
Key sharding
Your digital asset isn’t the only thing that needs protection. Those private keys are very important and are often the target of compromise. After all, those who control the keys control the asset.
To make sure your private key (the one that can sign the asset) is super secure, some platforms are introducing a technique called key sharding. Here’s how it works:
Imagine you take your secret key that grants access to your chest of goodies and you tear it into several pieces and give each piece to a different friend. Only when a specific number of friends come together can they put the map pieces back together and find the treasure. The most popular version of this is called Shamir’s Secret Sharing, but there are some other emerging schemes like Multi-Party Computation gaining steam.
Little differences mean tough choices
The difference between the two is subtle and knowing the difference can impact your game platform’s development.
With Shamir Secret Sharing, the secret code that grants access to this sword is split into multiple pieces. Each piece is stored in different places (servers). Like our treasure map, only when enough pieces come together (like 3 out of 5) can the code be used to grant access to the sword. This method provides that even if some servers are compromised, the sword remains secure. Shamir’s Secret Sharing is easier to implement and highly flexible. But the server where the key shards come back together creates a point of vulnerability that needs to be secured. At Bolt, all key generation and sharding in Lock-Keeper take place inside of secure enclaves to mitigate this single point of vulnerability. Our approach guarantees that secrets are not exposed on the servers.
With Multi-Party Computation, on the other hand, the code to grant access to the sword is divided among several servers. Instead of bringing the pieces together, the servers work together to verify and grant access without ever combining the full code. This keeps the code secure at all times, even during the process of granting access. The secrets are safe through the entire process, but this scheme is more complex to implement and requires more computing resources.
Cryptographic complexity without the headaches
Making the choice of cryptographic security schemes is getting easier, though. Bolt Labs recently announced the general availability of Lock-Keeper, a done-for-you cryptographic Wallet as a Service infrastructure that handles the backend protection of digital keys for you and is transparent to users.
With Lock–Keeper’s infrastructure, adding the right level of security becomes easy because developers don’t have to choose between security and convenience. They can apply the level of security necessary depending on each asset. The infrastructure launched with Shamir’s Secret Sharing available immediately, to give developers access to an implementation of industry-standard security. And as more schemes and techniques, like MPC become available, they don’t have to rebuild their backend systems or rip and replace their cryptographic implementations.
Whether you’re securing a treasure chest or a secret recipe, flexibility of choice makes sure that your users’ valuable items in the Web3 world remain safe and secure. Bolt’s Lock-Keeper uses these advanced techniques to provide top-notch security for all your digital needs, making sure your assets are protected no matter their value.
For a demonstration of Lock-Keeper or to discuss adding it to your Web3 platform, contact Bolt Labs.