Wallet Silos are concept developed by ImmutaSwap to prevent private keys from being compromised while still being able to automate digitally signing transactions. A wallet silo is a cloud-based microservice that contains an encrypted private key and does not contain the decryption key. The purpose of the wallet silos is to accept a decryption key and a stream of bytes to encrypt. If the right conditions are met, these silos will use the key to decrypt the encrypted private key, then digitally sign the bytes.
ImmutaSwap will enforce Wallet Silo security by doing the following:
- Only a single authorized personnel member will have access to and be capable of deploying software to a wallet silo.
- Only a single pristine computer for the sole purpose of wallet silo development will be used by the authorized developer.
- The wallet silo development computer will be stored in a vault when not in use.
- Silos must verify the identity of the requestor and only sign requests if authorized.
- Silos must be hosted on a different server from the app which contains the decryption key.
- Silos must be hosted using a different host provider than the app which contains the decryption key.
- Silos must have a kill switch that will prevent the silo from returning a valid signature until it is unlocked by a trusted developer.
The following diagram illustrates how Wallet Silos work at a high level. Note that additional security measures are taken which are not shown on this diagram.