Discover in this IBM case study about our partner Irene Energy how Talium has developed an innovative service for securing private keys. Talium is described as 🚀 “a company with a reputation for delivering successful projects built on blockchain technologies” 🚀!
Our partner Irene Energy stores on behalf of its customers their private keys giving access to their “Digital Wallets” which allow them to pay for their energy supply service.
Securing these private keys is a key issue for the robustness and transparency of this service.
“It is relatively easy to encrypt data when they are idle, and even when they are in transit,” says Julien Brodier, CTO of Talium. “The problem we had to solve was to protect them during the execution of the transaction itself, when the private key is stored in memory. At this point, someone with root access to the server can read the decrypted key. ”
A traditional expensive HSM solution
To solve this type of problem, the traditional approach is to invest in specialized hardware with integrated hardware encryption, but these servers are expensive and Irene Energy knew that its customers could not afford this investment. a cloud platform that can offer the same level of protection, without the initial cost. ”
Talium “Found a Solution in the IBM Cloud Unlike many cloud architectures, IBM Cloud bare metal servers can use Intel technology called Software Guard Extensions (SGX).” SGX allows the creation of an encrypted “enclave” in the server memory, which allows applications to process data without other users of the system being able to read it.
“Without SGX, our platform would not have been viable,” says Guillaume Marchand. “SGX gives us access to performance memory encryption technology on affordable IBM cloud servers instead of expensive custom hardware.”
However, building applications that can take advantage of SGX is complex and time-consuming. To get its platform to market quickly, Irene Energy’s developers needed to find a shortcut.
“That’s when we heard about IBM Cloud Data Shield,” explains Julien Brodier. “It’s such an exciting proposition for us. It abstracts away the complexity of building SGX-enabled apps and lets us focus on building features that add business value, instead of worrying about low-level implementation details.”
“Cloud Data Shield has probably accelerated the development of our platform by six months,” says Guillaume Marchand, founder of Irene Energy. “We can get to market much sooner because we don’t have to build SGX-compatible components from scratch.”