The one thing that Chia Farmers are constantly asking about since pools launched is when XCH would get listed on their preferred crypto exchanges, whether it be Binance, Kraken, or others. There is a lot that goes into launching a new coin on an exchange, and this article is not going to cover them all. What we will discuss is the technical challenges that exchanges face when trying to launch XCH specifically.
As a modern cryptocurrency, Chia Network chose a modern signature algorithm to secure the blockchain. While Bitcoin use ECDSA for signatures, Chia uses BLS – the same as the Ethereum 2 Proof of Stake blockchain. There are a lot of advantages to using BLS – they are shorter for the level of security offered and they allow for signature aggregation.
However one of the main drawbacks to using BLS signatures is that they are new. They are very poorly supported by current Hardware Security Modules (HSMs). An HSM is a network connected appliance with a secure key store that allows authenticated access to use the keys store, without the ability to see them directly or export them. HSMs are a crucial component of a proper security setup, and a hard requirement for securing large amounts of crucial financial information. The current generation of popular HSMs is only right now starting to get firmware support for BLS signatures and not even all of them.
In Keybase, Gene has recently intimated that the primary reason we aren’t seeing Chia pop into more exchanges is because without BLS signature support in their HSMs it would be impossible to launch XCH without compromising their security standards. There are some HSMs with initial BLS signature support, the Ethereum Foundation worked with their partners to get it working when they launched their Proof of Stake chain and began planning their merge. But upgrading HSMs is a very complex task that will require a lot of planning and change management to avoid risking a total shutdown or even loss of keys.
In writing this article I did some initial research on BLS signatures and why HSMs are having some trouble integrating them. Turns out they aren’t, really. A lot of them have. Hashicorp (who run an HSM service called Vault) has an excellent blog post in the use of cryptography for Bitcoin and Ethereum. It looks like they have solutions and its just a matter of implementing them. But until they do it appears that only Securosys is advertising BLS support. None of the Big Three cloud providers offer it in their HSM service yet.
Because of the high value target of the signing keys for an exchange, expecting them to manage this in software with private keys store in server memory is unreasonable. You do not want your exchange using a software solution to sign your transactions. So once this problem is solved, I suspect getting XCH listed will fall back to the regular pitfalls of listing a new cryptocurrency. I am not worried, it will definitely happen.
The main worry I have from this is that Chia Network is not storing the prefarm keys in a proper HSM in a usable fashion. I hope they are least encrypted with a key stored in an HSM. I have reached out to Chia Network on this issue and will update when I get an answer about how they store their keys.