What is custody?
Custody, in a general sense, refers to the safekeeping and management of assets on behalf of someone else. In the context of digital assets and cryptocurrencies, custody refers to the control and management of private keys, which are essential for accessing and managing digital assets. Private keys are cryptographic codes that grant ownership and control over specific cryptocurrency addresses on a blockchain. These keys are mathematically linked to corresponding public addresses, which are used to receive funds or verify ownership. An often heard phrase “not your keys, not your wallet” is referring to custody.
We previously wrote about custodial vs. non-custodial wallets in detail. This blog post deals with the higher level concept of custody in general.
Centralized vs. Decentralised Custody
Custody can be divided into two main categories:
1. Centralized Custody
Centralized custody involves relying on a trusted third party or institution to hold and manage your digital assets on your behalf. In this model, you typically deposit your assets into an account or wallet controlled by the custodian, such as a cryptocurrency exchange or a financial institution. The custodian is responsible for safeguarding your assets, maintaining security measures, and facilitating transactions when you request them. Examples of centralized custody solutions include popular cryptocurrency exchanges like Coinbase, Binance, BitGo or traditional banks that offer custodial services for digital assets.
- ✅ Convenience of Delegated Security: Centralized custody providers typically implement robust security measures, including offline storage and multi-factor authentication, to safeguard users' assets. This approach offers convenience, as users can delegate the responsibility of securing their assets to a trusted entity.
- ✅ Regulatory Compliance: Centralized custodians often comply with regulatory requirements, such as know-your-customer (KYC) and anti-money laundering (AML) regulations. This can provide a sense of legitimacy and regulatory oversight for users.
- ⛔ Single Point of Failure: Since centralized custody relies on a single entity, it introduces a single point of failure. If the custodian experiences a security breach or becomes insolvent, users' assets may be at risk. Also, high-value assets being held in a single location can be attractive targets for hackers.
- ⛔ Limited Control: With centralized custody, users must trust the custodian to act in their best interests. Users typically have limited control over their assets, as they are subject to the custodian's terms and conditions. For example, they can freeze assets or restrict withdrawals.
2. Decentralized Custody (Self-Custody)
Decentralized custody, on the other hand, emphasizes user control and eliminates the need for a trusted intermediary. In a decentralized custody model, you hold your own private keys and have full control over your assets, typically stored in a personal wallet. For example, in the Ethereum ecosystem those are called externally owned accounts (EOA). Externally owned accounts (EOAs) are accounts that are controlled by private keys, typically generated using a seed phrase. Typically these accounts are managed with a wallet.
- ✅ Enhanced Security: Decentralized custody relies on cryptographic techniques and smart contracts to secure users' assets. By eliminating a central point of failure, the risk of hacking or theft can be significantly reduced.
- ✅ User Empowerment: In a decentralized custody model, users hold their private keys and can interact with the blockchain directly, without relying on intermediaries.
- ⛔ Complexity and Responsibility: Requires users to manage their private keys securely. This responsibility can be daunting for users who are not familiar with cryptographic principles. Any mistake or loss of private keys can result in the permanent loss of assets.
- ⛔ Scalability and User Experience: Decentralized custody solutions are still in their early stages of development, and they often face challenges related to scalability and user experience.
Hybrid approaches and technical solutions: Secure Multi-party computation (MPC) and Account Abstraction
One hybrid approach known as multiparty computation (MPC) allows multiple parties, each having their own private data, to perform computations without disclosing any private information or related secrets.
Through MPC, the need to store private keys and other sensitive information, such as authentication credentials, in a single location becomes unnecessary. The private key is divided into fragments, encrypted, and distributed among multiple parties. These parties independently compute their respective portions of the private key shares to generate a signature without revealing the encryption to others.
Account Abstraction in custody combines the on-chain usability of self-custody with some security advantages of centralized custody by introducing smart contracts as accounts. This can be achieved by upgrading externally owned accounts (EOAs) to be controlled by smart contracts or enabling smart contracts to initiate transactions. In April 2023, the Ethereum Foundation deployed ERC-4337 as a smart-contract based Account Abstraction solution on Ethereum Mainnet and other networks that does not require any consensus-level changes, which will take longer to implement but allow for more seamless Account Abstraction integration into decentralized applications.
The lines between decentralized and centralized custody can become blurred, with or without the knowledge of the user. For example, in May 2023 Ledger, which offers self-custody hardware wallets such as the "Nano X," recently launched a new firmware update that allows for social recovery of your seed phrase using ID verification in case you lose it. This update is significant because it involves sending the seed phrase to third parties who can reconstruct it after you provide your ID. This raises many questions and concerns regarding trust and security. That is why it's crucial to be well-informed about the pros and cons of every custody solution when making decisions about custodying assets.