Security
Key Management and Security

Key Management and Security

At Kaiju Wallet, the security of user private keys is of paramount importance. We employ a robust and multi-layered approach to key management, leveraging advanced technologies to ensure that private keys are stored and used securely.

Isolated Key Management Service

Upon creation of a wallet with Kaiju Wallet, user private keys are stored in a fully isolated key management service (KMS). This service is hosted in a separate virtual private cloud (VPC) with no inbound or outbound internet access, ensuring that keys are protected from external threats.

Use of Shamir's Secret Sharing Algorithm

To enhance the security of key storage, we utilize Shamir's Secret Sharing Algorithm. This algorithm splits the private key into multiple shares, which are distributed and stored separately. Only a subset of these shares is required to reconstruct the key, ensuring that even if some shares are compromised, the key remains secure.

AWS Nitro Enclaves and KMS Integration

Our KMS is only accessible to AWS Nitro Enclaves, which provide an isolated compute environment to protect and securely process highly sensitive data. These enclaves have limited functionality and can only communicate with the outside world through secure local sockets. This isolation ensures that data and applications inside the enclave cannot be accessed by processes, applications, or users (even root or admin of the parent instance).

Communication Security

All communication between the client and the enclave occurs exclusively through HTTPS, ensuring data integrity and confidentiality. The Kaiju Key Management Service communicates with Kaiju-Core VPC via private link, and interactions with AWS services like AWS Secrets Manager, AWS KMS, AWS Elastic Container Registry, and AWS System Manager are kept private via interface VPC endpoints.

Cryptographic Attestation

AWS Nitro Enclaves provides cryptographic attestation to ensure that isolated sensitive data processing can only be done within the boundary of the enclave. This attestation process verifies that the enclave is running the expected code and has not been tampered with, providing an additional layer of security for key management operations.

By combining these advanced security measures, Kaiju Wallet ensures that user private keys are stored and used in the most secure manner possible. This comprehensive approach to key management significantly reduces the risk of unauthorized access and ensures the integrity of user transactions.

User Authentication and AuthorizationCloud Security