Nash launches decentralized API keys - Nash.io
April 3, 2020

Nash launches decentralized API keys

Nash launches decentralized API keys

Nash is proud to launch decentralized API keys based on secure multi-party computation (MPC). Now enabled for our non-custodial cross-chain markets, these new API keys bring custody of digital assets to a whole new level. Get started with our TypeScript APIs here!

This is the first time a cryptocurrency exchange can offer the kind of API keys institutional and algorithmic traders need to trade with no counterparty risk.

Institutions employ many individual traders who interact with exchanges through APIs. Each trader is given only partial access to the institution’s master account. No individual trader should be able to drain the institution’s wallet, make trades over a certain value or withdraw to an unknown address.

In traditional setups, traders will be given an API key with permissions attached, limiting their access to the institution’s master account. What’s more, if a security breach is detected, an institution can immediately revoke all keys.

On centralized exchanges, it is comparatively easy to configure APIs along these lines. Of course, because of their centralized nature, such exchanges remain a security weakness. According to Forbes, hackers stole over $4 billion in cryptocurrency during 2019, up from $1.7 billion in 2018.

Nash can now offer the kind of APIs institutions need, but with the significant benefit of being a non-custodial exchange. This has not been achieved before in the blockchain industry. On a DEX, a single user key always controls all assets – a security concern that is unacceptable for institutions and high-volume traders.

In combination with Nash’s state channel solution for high-speed cross-chain trading, including real Bitcoin trading, our decentralized API keys finally make secure, non-custodial cryptocurrency trading available to institutions.

How it works: Secure multi-party computation (MPC)

A blockchain approves or refuses a transaction by verifying its signature. A private key is one way of generating a valid signature. If you have the private key for an address, you can always sign transactions going out of that address.

However, there are other ways of generating signatures that do not give one party all the power. By splitting the generation of signatures between two parties, it becomes impossible for one party to approve transactions unilaterally.

This can be achieved using secure multi-party computation (MPC). With our new APIs, two parties must collaborate to generate a valid blockchain signature. Both Nash and a user have their own key. These keys each generate what is known as a “pre-signature”. The two pre-signatures are then combined into a single valid signature.

In this way, it is possible to generate API keys associated with specific permissions. If an institution wants to set a transaction limit and address whitelist for a trader, they can generate a key for that trader, specifying the desired restrictions. If the trader acts as they should, Nash will provide its pre-signature and a transaction will be accepted by the blockchain. If the trader attempts a forbidden action, Nash will withhold its pre-signature and the trader cannot do anything. Of course, Nash alone is also unable to issue or authorize any transaction – the system is designed such that the user is the only one capable of initiating transactions. It remains non-custodial.

MPC for user wallets

Nash plans to integrate our MPC-based APIs into our user wallet system. Rather than sign transactions with their full private key, users will be able to interact with their wallets through a version of the API, setting withdrawal limits. As a result, even if a user’s Nash login is compromised, an attacker will be limited in terms of the damage they can do.

With this planned upgrade, funds management on Nash will be as secure as a hardware wallet, at absolutely no cost. This is another technological advancement that paves the way for wider adoption of digital assets.


You can stay up to date with Nash by following our Twitter and Instagram. We also encourage all Nash Exchange token (NEX) holders to join our community platform, where they can talk directly with the team and receive reliable answers to questions.

Tom
Read more posts by this author.
All Posts

Compliance and Registration

Nash was the first Crypto Platform in Europe registered by the Financial Market Authority (FMA) of Liechtenstein. Nash is also registered with the De Nederlandsche Bank N.V. (DNB).
Icon illustration representing a book with transparent background.

Industry Leading Security

Nash’s Crypto Platform and Investment App uses state-of-the art, audited security measures and is fully non-custodial.
What makes Nash so safe
Icon illustration of a shield representing security on a transparent background.
Trustpilot logo icon
YouTube logo iconTwitter logo iconTelegram logo iconLinkedIn logo iconInstagram logo iconFacebook logo icon
Rates may vary over time. Crypto-powered earnings on Nash are not covered by any deposit guarantee schemes like bank savings accounts and involve risks unique to the underlying technologies: (i) Exploitations of the smart contracts used; (ii) Forex fluctations between your national currency and the US dollar, which underlies crypto earnings assets; (iii) USD stablecoins losing their peg. 
Nash is a trademark of Neon Exchange Aktiengesellschaft. Neon Exchange Aktiengesellschaft is an exchange bureau registered with the FMA of Liechtenstein (TT Exchange Service Provider Nr. 261096 as defined by the Token- und VT-Dienstleister-Gesetz / TVTG, 3 October 2019)
Nash Exchange B.V. is registered with De Nederlandsche Bank N.V. (DNB) as a provider of crypto services. DNB conducts supervision and monitors Nash Exchange B.V.’s compliance with the Money Laundering and Terrorist Financing Prevention Act and the Sanctions Act 1977. Nash Exchange B.V. is not under the prudential supervision of DNB nor under business conduct supervision of the AFM. This means there is no supervision of financial requirements or business risks and no specific consumer financial protections.
Neon Exchange Aktiengesellschaft is a partner of Modulr Finance B.V., a company registered in the Netherlands with company number 81852401, which is authorised and regulated by the Dutch Central Bank (DNB) as an Electronic Money Institution (Firm Reference Number: R182870) for the issuance of electronic money and payment services. Your account and related payment services are provided by Modulr Finance B.V. Your funds will be held in one or more segregated accounts and safeguarded in line with the Financial Supervision Act – for more information please see this link.
Neon Exchange Aktiengesellschaft also provides fiat-crypto exchange services. These are separate and unrelated to the account and payment services you receive from Modulr Finance B.V.