Do this: Repeatedly hash a sequence of random numbers, each concatenated with a specific block of text, until the output has an initial string of, say, four zeros. Now stop and go look in the mirror: You are a block miner. Now take your hashed output with its initial zeros and concatenate it to some other block of text. Repeat the process above with random numbers until you see a new initial string of four zeros. Congratulations: You are a blockchain miner.
If you skimmed the above, then stop right now and go back and read it – perhaps with pencil and paper. Sketch out what I’ve described and you will see the pattern of blockchain mining appear before your eyes. As we all know, blockchain is an elegant means for maintaining the integrity of event records, and it has had considerable influence – obviously. And for most people, blockchain is synonymous with public access, as with Bitcoin, for example.
But public access is not a requirement. Efforts are beginning to focus on a shared ledger capability called a permissioned blockchain. Last week, I had the great pleasure to spend time with a young technologist entrepreneur named Assaf Cohen who was recently appointed CEO of Anqlave. The Singapore-based start-up is supported by the Anquan Capital group, which also created Zilliqa, the high throughput public blockchain platform.
Cohen’s team at Anqlave builds a permissioned blockchain offering, and I was interested to learn how this would work in a practical enterprise setting. What I learned from Cohen was that a plethora of great opportunities has emerged, especially in financial services. What I also learned, however, was the importance of an ecosystem of controls, including proper securing of keys using HSM-based tools and techniques.
“In a large bank, a permissioned blockchain might be set up where each branch serves as a node on the network,” Cohen explained. “This approach provides all the security and integrity advantages of blockchain for that bank, including protection of its transactions. But this also results in a distributed ledger for the bank that cannot be accessed by individuals or groups without proper authorization and need-to-know.”
This sounded reasonable to me, and would appear to be precisely the correct way to maintain a traditional distributed ledger. And this is a foundational notion, because shared ledgers are to banks as core networks are to telecom companies. “We are currently working with several large financial services companies who are utilizing this concept,” Cohen explained, and we both agreed that considerable upside exists here.
As we got into the details of the transaction security model, it also became clear that the cryptographic lifecycle was an essential component of the solution. Anqlave thus includes an HSM-based cryptographic appliance in its solution offering. The customizable tool is used to safeguard and manage keys in the context of the PKI-based operations required to run a permissioned blockchain in enterprise.
Specifically, the Anqlave HSM-based solution is called Data Vault, which is a key management system, leveraging Intel Software Guard Extensions (SGX) technology for hardware-based assurance. When code is executed in the SGX trusted execution environment (TEE), memory is encrypted, with the cryptographic key embedded in the CPU during the manufacturing process. This results in high assurance for TEE operation.
The company also offers a FIPS 140-2 derivative product called Crypto Vault that focuses on hot and cold wallet use cases. The idea is that key generation and transaction signatures are performed inside the vault, secured by the Intel SGX approach. A REST API is included in the Data Vault and Crypto Vault products to ensure easier integration of cryptographic operations with external partners or third parties.
Anqlave looks like a nice start-up with great promise, but it is too early for me to comment on whether their specific offering will see the hockey stick growth so coveted by young entrepreneurs. I can say, however, that Assaf Cohen is an articulate and capable technologist, and his enthusiasm for HSM solutions in the context of permissioned blockchain and digital wallet usage was infectious. I suspect prospective customers will see this as well.
So, if you have been looking at permissioned blockchain offerings or if you need help with your hot and cold wallet use cases, then it might be a good idea to include young Anqlave in the mix. While their base of operations has been in Singapore, the company is now expanding its reach to other parts of Asia, Europe, and now the United States. I am glad to see this expansion, and believe that banks should pay close attention.
As always, after you speak with the Anqlave team, please share with us what you learn.