Every blockchain starts with the foundation layer which establishes the basic ledger and validation system. While applications could be written directly on top of the foundation, the services layer facilitates a far more robust system which enables simplicity, security, and scalability. Without the services layer, these functions must be enabled in the application layer directly.
The BitGo Blockchain Services evolved from real world lessons in security and scalability when deploying blockchain solutions. Applications built atop the services layer benefit from this built-in security and scalability via a simplified API, enabling faster and higher quality development.
Indexing and Notification Services
The blockchain foundation processes the global transaction ledger used within the blockchain. While blockchain administrators are interested in the global state of the blocks and transactions, most users only care about transactions relating to themselves. Indexing services enable fast querying and organization of blockchain data, allowing users to quickly find their own transactions without needing to worry about all other data. Depending on the application, indexing can either be focused to a small set of the overall data or to the entire system.
Additionally, while the foundation of a blockchain manages both the verified & confirmed transactions as well as the new, yet unconfirmed transactions, the indexing layer can be attentive to both. Intelligently processing both the confirmed and unconfirmed transactions enables the services to account for new transactions consistently.
The blockchain foundation manages a large amount of complex data. However, most applications are only interested in a small set of that data. BitGo’s notification services enable easy filtering of the blockchain data as well as push notification delivery of that data to enable real-time applications to be readily built.
Creating and storing keys may be the most critical element of security in cryptography. Poorly chosen keys can be easily created by others1, and keys that are not stored properly can be stolen. To keep keys secure they must be safely provisioned and a definitive chain-of-custody must be understood at all times. Unfortunately, because keys can be easily stolen electronically, keys must always be stored in encrypted forms, and users are notoriously bad at maintaining strong passwords and remembering them. As such, much of the key management problem becomes a usability problem - how to strongly create, encrypt, and store passwords while providing failsafe mechanisms in case of human error. The BitGo platform solves these problems by use of multiple users, multiple keys, as well as storing keys encrypted in different forms.
Securing today’s online data is harder than ever, and no industry needs multi-signature security more than digital assets. Without multi-signature services, digital asset security suffers from a single-point of attack. If you secure your keys on your client, and your client is hacked, then you lose your digital asset; conversely, if you secure your keys in a service, and your service is hacked, then you lose your digital asset. Multi-signature technology radically reduces the risk of theft by forcing attackers to breach multiple, distinct systems. But with BitGo’s unique multi-signature security designs, are protected from many other vectors as well: coercion, forgotten passwords, lost keys, asset seizure, insider-theft, malware, death, and data loss (e.g. hard disk crashes).
In addition to the problem of security, multi-signature also offers unique benefits with respect to custody and control of assets. A key property here is that BitGo can manage one key which protects a digital asset without giving BitGo control over the asset itself. BitGo cannot transfer the asset without the owner’s signature as well. More generically, BitGo partners can also use multi-signature technology to keep custody of assets with their customers (if desired), and avoid the risks that come with taking custody of someone else’s asset.
Policy & Security
While the blockchain foundation layer provides the basic logic to cryptographically protect your assets, blockchains today know nothing about people. For example, many businesses have multiple users of a single account, each with different roles. A CFO, for example, may have full privileges in the account, while a controller may have very few. The BitGo Policy Engine enforces the human aspects of digital asset account security. For example, transactions larger than a certain size may require two people to authorize the transaction; or a particular account may be configured to only send assets to a particular set of other accounts so that attackers cannot force theft of funds to a foreign account.
In addition to policy enforcement, the BitGo policy engine also audits all events and approvals within your account. Whenever a user of an account makes a request, authorized users on the account see a record of that request. Approvals and denials are also recorded indelibly for auditing and security.
Accounts & Balances
The Wallet Service on top of the blockchain foundation organizes blockchain transaction data into logical wallets (or accounts), allowing you to easily create, configure, and use digital asset accounts that resemble a bank account. Using the wallet service, applications can easily add metadata to transactions and wallets for use with auditing and data sharing between users of the wallet. Finally, as the number of transactions in a wallet grows large, the wallet service helps manage the assets by intelligently combining and splitting the assets for easy, fast transactions.
While the Wallet Service aggregates and manages the transactions within a wallet, applications often also need summary information about the wallet, such as the current balance, the available balance, the pending balance, the number of transactions, and the date the wallet was last updated. These summaries are part of the accounts & balances service.
Blockchains, in their current form, evolved primarily from cryptography. The mathematics behind these blockchains ensure utmost security of the digital assets they protect. However, the cryptographic keys that enable these protections are unidentifiable by themselves. BitGo’s platform combines a unique legal and technical foundation whereby keys can be identified within the platform, while retaining full privacy of the holder. The identity service enables blockchain applications to benefit from the security of cryptography while also maintaining regulatory and risk compliance needed when interacting between people.
Because blockchain technology is so new, many application developers may begin building their applications without considering the full suite of services that will be required. As the application grows, it ends up needing more and more of these services, and the application layer is haphazardly updated to include these features in an ad-hoc manner. This process is time consuming and expensive. Building applications with the BitGo Blockchain Services enables developers to build faster and avoid these pitfalls while also enabling far stronger security and better usability.