IBM, once the most vocal supporter of enterprise blockchain, is now focusing on establishing valuable partnerships with crypto custody firms.
IBM, which was an early supporter of permissioned blockchains, is now carefully positioning its hardware security and cloud computing capabilities around the storage of cryptocurrencies and digital assets.
IBM’s cryptographic key management infrastructure is becoming a complementary technology to a growing list of crypto custody firms such as Hex Trust, Protego Trust, Custodigit, Unbound, Onchain Custodian, and, most recently, Swiss custody firm Metaco, with much less of the fanfare that accompanied its enterprise blockchain experimentation.
This is significant because IBM works with numerous banks and large financial institutions, almost all of which have become aware of the concept of crypto assets and are looking for suitable and secure ways to handle them.
IBM was publicly linked to cryptocurrency custody in 2020 through Promontory Financial, a wholly owned consulting firm by Big Blue that was heavily involved in Wyoming’s special purpose depository institution (SPDI) charter. Promontory was also involved in the awarding of a national charter to custody firm Anchorage Digital.
But it wasn’t until 2016, right around the time the 110-year-old computing behemoth was diving into enterprise blockchain, that IBM’s head of digital asset infrastructure, Peter DeMeo, began paying close attention to the technology. Indeed, IBM’s extensive foray into enterprise blockchain was a learning experience for DeMeo, who warns against replicating the same level of expectation that came with it.
In an interview, DeMeo stated, “IBM could certainly offer a custody stack and do ‘IBM, the custodian.'” “However, doing so correctly necessitates organizational commitment.” I also witnessed what happened with blockchain. Essentially, we began early and built a large P&L around it. While there have been some successes with permissioned blockchains, they have not been huge moneymakers.”
Partnerships, rather than competing with existing crypto custody firms, are a more natural next step for IBM, according to DeMeo. “We’re basically going to be layer zero for blockchain technology for others to build on top of, and we provide a set of tools to do so.”
IBM currently provides hardware security modules (HSMs) to many of the world’s banks – physical computing environments for protecting keys and encrypting various functions that can become inoperable if tampered with.
However, “hardware is dead” is a narrative that has recently gained traction, particularly among the cryptocurrency and Web 3 development communities, according to Adrien Treccani, founder and CEO of Metaco, in an interview. Now, he says, it’s all about the cool and extremely practical things you can do with software, such as splitting up keys into fragments and securing them without the use of hardware.
However, problems arise when it comes to the governance policies and authorization processes governing access to cryptographic keys, which, according to Treccani, is frequently performed on a standard server.
“Your system’s weak point becomes this piece of the authorization process before you get access to the keys, and that’s one of the challenges that companies like ours face on a daily basis,” Treccani explained.
Large institutional players interested in crypto want bank-grade computing, he says, with a special purpose operating system on adapted security hardware handling and attesting to the integrity of everything: code deployment, execution, maintenance, auditing, and so on.
“IBM invested in so-called’confidential computing’ very early on, and has done so both for their on-premise Linux One mainframes, which pretty much every bank in the world uses, and also for their cloud capabilities,” Teccani said.
Working with a storied company like IBM has been “super helpful” from the perspective of an institution-focused crypto custody provider, according to Calvin Shen, Head of Business Development at Hong Kong-based Hex Trust, the first crypto custody firm to begin working with IBM in 2019.
“Hex Trust was relatively new to some of these big banks, who may have seen us as a startup,” Shen explained in an interview. “However, when they were doing their due diligence, we would say, ‘hey guys, we’re building on our IBM Linux one platform,’ and that made those institutions feel at ease.”
Banks and financial institutions are now being drawn in by innovative security techniques such as multi-party computation, in which private keys are split and stored in different locations. Having said that, those same institutions must be able to demonstrate complete control over their assets at all times.
According to IBM’s DeMeo, this is really a workflow issue that most crypto custody firms haven’t really thought through. There is a need to manage policy around what administrators can do, thereby preventing internal collusion – for example, changing the rules around digital signature thresholds. Another component is “secure build,” which means preventing backdoor attacks when adding software.
“We have a technical environment where you can deploy your stack, where you write it, and we handle the rest,” DeMeo explained. “We also have a way to put stuff into that environment that has been thoroughly tested.” Last but not least, when it comes to key management, we’re talking about having keys encrypted 100 percent of the time and never exposed to the internet – a world-class cold storage facility.”
An additional danger As with Unbound, BitGo, Curv, ShardX, and GK8, IBM addresses the increasingly common possibility of an institution’s custody tech partner being acquired. This can result in the headache of relocating highly sensitive digital asset functions.
“If you’re a bank and you bet your dollar on any of these guys, you’ve got a seed migration problem because you have to do something else,” DeMeo explained. “We develop the ability to do off-chain seed migration, retaining the seed rather than creating a new one.”
It is not a binary choice. When it comes to cutting-edge crypto custody, the debate over whether hardware security modules, multi-signature, or multi-party computation (MPC) offer the best security technology is pushing the envelope.
“HSM versus MPC does not have to be a binary choice,” Hex Trust’s Shen explained. “MPC on HSM is the next big thing.” That is on the way, and people are well aware of this hybrid.”
Treccani agreed, noting that some of Metaco’s clients prefer to use MPC for hot wallets and HSM for cold storage, often in tandem, and that this has fueled exploration in this overlapping area.
“The qualities of MPC are elegantly complemented by the qualities of hardware if you can embed one in the other,” Treccani said. “I don’t want to say too much because this technology isn’t officially available yet, but I believe the next step is MPC within HSM.”
Infiltrating the foreign exchange market
IBM’s primary market for its digital asset suite continues to be banks that already use its LinuxOne mainframes and can deploy a digital assets stack that connects to their core banking system without the need for additional infrastructure.
Despite the reputational damage and significant losses that could result from collusive attacks and inside jobs, cryptocurrency exchanges have yet to be convinced of the benefits of using IBM technology.
While he is now having considerable success courting banks and larger fintech firms interested in exploring digital assets, DeMeo is perplexed that IBM has not been able to generate any traction with the more established crypto exchanges.
After all, the cost of an IBM mainframe is a drop in the bucket for a company like Binance, according to DeMeo, and when you “peel back the onion,” most crypto exchanges have few controls in place to prevent a rogue chief technology officer from disappearing with all the funds.
“I personally don’t get it,” DeMeo said. “Invest in this technology, and your chances of experiencing this type of attack will be greatly reduced.”
Disclaimer: These are the writer’s opinions and should not be considered investment advice. Readers should do their own research.