Blockchain startup Cubist has publicly launched a new “wallet-as-a-service” (WaaS) product, seeking to tackle the wallet management challenges behind making account keys both readily available and secure.
The CubeSigner WaaS “lets users request signatures through revocable signing sessions instead of giving direct access to raw keys,” according to Cubist’s press release. The release went on to state that the key manager “keeps keys both constantly safe and instantly available, even in the presence of insider threats and breaches.”
The announcement also confirms that CubeSigner is in production as a key manager for Ethereum validators, expanding its accessibility to teams working on diverse applications such as wallets, consumer loyalty programs, games, trading and custody platforms, and more, across almost any chain.
CubeSigner currently supports Secp256k1, Ed25519, BLS, and Stark curve signing, and Cubist says its product can be readily extended to support new signature schemes.
The project’s website highlights CubeSigner’s “hot wallet speed” in addition to its “cold wallet security”, and already includes companies such as Ankr, Ava Labs and Everstake as part of its clientele.
“We built CubeSigner so that no one has to choose between fast, safe, and easy to use,” said Riad Wahby, Co-Founder and CEO of Cubist in the release. “As a result of the Cubist team’s decades of academic and industry work securing production systems, CubeSigner protects keys with best-in-class security. With its flexible social login, built-in minting services, powerful key recovery, and broad chain support, CubeSigner represents a quantum leap for the Web3 ecosystem.”
After working with customers across several verticals, CubeSigner’s functions have evolved to support a large range of custody setups.
Customers can offload risk by including a qualified custodian or trustee, making self-custody easy for organizations. Users can also use CubeSigner to create Web2-like wallets, where end users control their own keys, use CubeSigner’s primitives for social login, seedless account recovery, and more.
Lastly, any application can establish per-key usage guidelines – such as mandating two-factor authorization for significant transactions – and each CubeSigner deployment includes real-time monitoring for potential session breaches, suspicious behavior, and signing requests that breach usage policies.
In March, Cubist, co-founded by computer science professors at Carnegie Mellon University and University of California San Diego, raised $7 million in a seed round led by Polychain Capital with participation from venture capital and strategic investors including dao5, Amplify Partners, Polygon, Blizzard and Axelar.
The company’s first product, a non-custodial Web3 private key manager, was released shortly after in April. In a press release, the company said the key manager was designed to “help infrastructure engineering teams secure and programmatically manage their private key.”
Cubist’s non-custodial key manager allows validator operators to lock their keys in secure hardware and use short-lived revocable privileges—instead of the keys themselves—for automated transaction signing and validation message processes.
Read the full article here