Ethereum Custody@PostFinance PoC

In collaboration with PostFinance AG and under the guidance of Dr. Thomas Bocek at the Department of Computer Science, OST, this semester assignment explores and enhances the custody solution of PostFinance’s digital assets offering. Given the increasing demand for secure storage of assets such as Ethereum, this work focuses on developing a robust self-managed custody solution that ensures the availability, confidentiality, and integrity of private keys.

The Proof of Concept (PoC) conducted as part of this project demonstrates a Custodian backend application, offering a RESTful HTTP API. This API enables the creation of secure single- and multisig wallets, facilitates buy and sell orders, and executing Ethereum transactions with these wallets. The private key material is securely stored in a Hardware Security Module (HSM) using the Securosys CloudHSM, specifically chosen for this project. Communication with the Ethereum network occurs through a self-operated full node setup, utilizing Besu as the execution client and Teku as the consensus client.

In addition, the project includes an analysis and elaboration of a secure method for signing transactions, employing multisig smart contracts in conjunction with a combination of hot and cold wallets.

While the project demonstrates feasibility, it is crucial to continue addressing privacy concerns and ensuring a privacy-compliant solution, especially within the context of a financial institution. Furthermore, it is important to evaluate which components should be developed and operated in-house versus outsourced, especially considering the addition of various other blockchains, as the development and maintenance burden could become substantial.

Overall, the established foundation, including the Custodian application, the chosen HSM, full node setup, and signing strategy using multisig smart contracts, lay the groundwork for a secure self-managed custody solution.

Keywords: Digital Asset Custody, Ethereum, Hardware Security Module (HSM)