Stronghold is a collection of multipurpose libraries for securely managing passwords, personal data, and private keys.
The Official Repository: https://github.com/iotaledger/stronghold.rs
The internet can be a dangerous place, and 2020 seems to be a year where literally anything goes. Whether deep-fakes, DDoS attacks, ransomware, clipboard leaks, zoom insecurity or the dark-patterns of browser fingerprinting — these risks touch all of our digital lives each and every day. At the IF, we are painfully aware of the extent to which third-party dependencies can introduce risks.What we have learned from the perpetual attacks on our ecosystem is that security must be a guiding principle in Distributed Ledger Technologies, not an afterthought. We need to be vigilant about our entire stack and operations. The mindset of “security-first” must affect not only our practices but also drive our software design decisions.
As a foundation committed by charter to the dual notions of contributing to open-source and furthering education, we are morally compelled to put our energies into improving the greater good — not merely our own lot.
In this context of being a “good digital citizen”, the best thing we can do is to offer a means to enhance the security posture of all types of software, including cryptocurrencies, distributed ledger technologies, and even financial infrastructure like exchanges and custody wallets. Specifically, we seek to strengthen the working environment for developers, enhance the security of applications, and give everyone better options for securely storing and safely using high-value digital secrets.
There are many challenges involved in securely managing digital secrets like passwords, vehicle access codes, and wallet seeds:
- High-value secrets like private keys need to be encrypted at rest, using modern and secure algorithms
- Such secrets need to be purged from device memory immediately after use
- Users must be able to configure systems to their security needs
- Applications need to run on any type of hardware from phones to cars, where possible leveraging Trusted Execution Environments.
- Must be extensible with hardware security like Yubikey and Ledger Nano
- Must use as few external dependencies as possible
- Must be fully audited by third-party security professionals
- The underlying libraries need to be managed by a reliable and active maintainer
Stronghold, in a nutshellStronghold is a secure software implementation with the sole purpose of isolating digital secrets from exposure to hackers and accidental leaks. It uses versioned, file-based snapshots with double-encryption that can be easily backed up and securely shared between devices. Written in Rust, it has strong guarantees of memory safety and process integrity. The high-level developer-friendly libraries integrate the IOTA protocol and serve as a reference implementation for anyone looking for inspiration or best-in-class tooling. The low-level libraries have no notion of cryptocurrency embedded within them and can be used in their entirety without the high-level libraries. In other words, anyone from any industry can use it.
At IOTA, we will begin rolling out the IOTA Stronghold to secure the new wallet. In the next phase, we will have tight integration with IOTA Identity. We look forward to working with exchanges to discover new patterns of usage for Stronghold and are also excited about the many possibilities it brings to our work with smart contracts.
For the Technical ProfessionalsThe primary task of Stronghold is to isolate the activity of “privileged” functions from other programs. For example, a primary goal is to create a software enclave where private keys are used to sign messages without revealing those keys to other functions. In the near future, we expect to move the Stronghold stack to Trusted Execution Environments (TEE) and integrate it into custom hardware.
It is based on a suite of low-level libraries known as Stronghold Engine that provide tooling and algorithms to build secure systems in Rust in a way that can be embedded and deployed to devices regardless of architecture and operating system. This collection of libraries deals with the obfuscation, encryption, usage, and sharing of secrets between devices. It has been in research and development for the past 8 months — beginning at https://ionary.dev — and it culminated in a successfully completed grant from the IOTA Ecosystem Development Fund. Its code can be reviewed here at GitHub and its principal author, Tensor, has prepared both a retrospective about its development as well as an .
Stronghold is written in stable Rust and has four primary components:
- low-level, modular libraries for building a secure blackbox of versioned data with a file-backed snapshot-oriented persistence layer that enables users to securely share their data between devices (beta quality)
- high-level libraries that integrate IOTA with the low-level libraries and expose them in an intuitive way (pre-alpha, currently in active development)
- an actor-model interface for security-focused applications that use Rust (pre-alpha, currently in active development)- FFI bindings to other programming languages like C, Java and Node.js (available soon)
What will you do with Stronghold?
Because of its composability, there are many exciting applications that can be built using Stronghold — not just cryptocurrency wallets. Its low-level engine is totally use-case agnostic and so flexible that the encryption algorithms can be swapped out at your leisure, composed in new ways, and extended with other parts of virtually any stack. The high-level libraries will be so solid that you can entrust them with doing things the right way.
Here are just a few ideas of the possibilities to help you get your juices flowing: