The evolution of payment systems and the growing demand for fast, secure and efficient solutions, led the
Central Bank of Brazil (BCB)
to create the Real Digitalproject, a Central Bank Digital Currency (CBDC).
Learn about the relationship between Real Digital and
the technology behind the pilot project and the importance of using security devices such as the Hardware Security Module (HSM).
Real Digital and Hyperledger Besu: a strategic integration
To achieve the goals of agility, security and efficiency in the operations of the new currency, the Central Bank has been studying and testing various technologies and solutions, with Hyperledger Besu being one of the options under analysis.
The choice of Hyperledger Besu as a possible platform for Real Digital is strategic, because the solution, based on Ethereum and
developed by the Linux Foundation
Foundation, offers scalability and high performance, and is adaptable to public and private networks.
These characteristics allow for greater flexibility and adaptability to the specific needs of the Brazilian financial system.
The integration between the technologies involves the implementation of a distributed ledger platform (
Distributed Ledger Technology – DLT
), which allows the registration and tracking of tokenized financial assets such as the Real Digital.
The Benefits of Convergence
Hyperledger Besu supports smart contracts (
), which enable the automation of processes and transactions in the financial ecosystem, ensuring the security, transparency and efficiency of operations.
In this context, the integration between Real Digital and the Besu Hyperledger can bring several advantages, such as:
The platform facilitates communication between different systems and financial institutions, allowing information exchange and transactions to be carried out more quickly and efficiently.
The blockchain technology used by Hyperledger Besu guarantees the immutability of records and the authenticity of transactions, providing greater security and reliability to Real Digital.
In addition, the Central Bank announced that the network that is to operate the Digital Real will be the same as the SFN, which is considered to have a high level of security.
Hyperledger Besu, being an open source solution, allows customization and adaptation to the specificities and regulations of the Brazilian financial system, meeting the needs and requirements demanded by the Central Bank.
The integration of Real Digital with Hyperledger Besu enables the development and implementation of new digital financial products and services, stimulating innovation and competitiveness in the Brazilian financial market.
Hyperledger Besu: a solid, collaborative foundation for blockchain applications
The name “Besu,” as the technology is also called, is a Japanese word meaning “base” or “foundation,” reflecting the platform’s purpose to be a solid and reliable foundation for building enterprise blockchain applications.
In addition, Besu also suggests the idea of teamwork, as it is a shortened form of “besugo”, which means “snapper” in Japanese – a type of fish usually found in schools.
This connotation of teamwork is key, as the platform is designed to enable collaboration and data sharing between different parts of an enterprise blockchain network.
The Hyperledger Besu technology stands out for its advanced features and modular architecture. Some important features include:
Support for Smart Contracts
: Besu is compatible with the Solidity programming language and allows the creation and execution of smart contracts for process and transaction automation in the financial ecosystem.
Privacy and Confidentiality
: Hyperledger Besu enables the implementation of private transactions and confidential communication channels between network participants, ensuring the protection of sensitive data and information.
The platform facilitates integration with other networks and systems, promoting communication and information exchange between different financial institutions and allowing transactions to be carried out more quickly and efficiently.
Monitoring and Management
: Besu has tools and features that make it easy to monitor and manage the blockchain network, including support for JSON-RPC and GraphQL APIs, as well as graphical interfaces and performance analysis capabilities.
In practice, the Hyperledger Besu technology represents a robust and collaborative solution for building enterprise blockchain applications.
Its modular architecture, support for smart contracts, and concern for privacy and interoperability make this platform a solid and promising option for the implementation of innovative projects, such as Real Digital.
Securing the Digital Real: The Strategic Value of HSM in Protecting Cryptographic Keys
Transaction security is key to Real Digital’s success. The use of PKI (Public Key Infrastructure) in Hyperledger Besu allows certificates issued by a trusted authority to manage node and account identities in the following ways:
- Node Permission
Only authorized nodes can connect to other nodes on the network using TLS for communication, and an ICP certificate would further enhance the security of the network, as it already works for the SPB.
Using it for authentication would make the network even more reliable.
- Block Proposal Allowance
Only blocks proposed by authorized validators are accepted within an ICP chain, with a focus on ensuring the security and integrity of the network.
This allows other validators on the network to verify that the proposer is authorized to create a block on the network, ensuring that only blocks proposed by authorized validators are accepted. The importance of the block proposal permission is to ensure the security and integrity of the network.
Imagine if anyone could propose new blocks on the network, this could lead to malicious attacks, such as including fraudulent transactions or modifying previous blocks.
Block proposal permission, therefore, helps prevent these types of attacks by ensuring that only authorized validators can create new blocks.
Strengthening the security of cryptographic keys
Adding to the use of digital certificates, within an ICP chain, comes another important issue, which is where the cryptographic keys will be securely stored.
In a classic example, imagine that you install a high-security lock on your door to protect your home from possible intruders. However, instead of keeping the key in a safe and secure place, you leave it under the mat in front of the door.
With this approach, the lock becomes useless, since anyone can find the key and easily enter your home.
Even if you use a cloud platform, there is the recommendation of the Cloud Secure Alliance (CSA) in EKM-04 which says that the keys should not be stored in the cloud the data is in, so they should preferably be in HSM or in a cloud HSM external to the cloud infrastructure, such as DPoD.
The HSMs or DPoD provide advanced protection against physical and logical attacks, guaranteeing, through the use of encryption algorithms, the integrity and confidentiality of the cryptographic keys involved and, consequently, greater security in financial transactions, as is already the case with the SPB.
Increased efficiency in performing cryptographic operations
HSMs are optimized to perform cryptographic operations efficiently, improving transaction speed and decreasing latency in the system.
Performance being one of the fundamental requirements in the financial sector.
Compliance with safety regulations and standards
Using HSMs helps to comply with security regulations and standards set by the relevant agencies, such as LGPD and ISO 27001, ensuring legal compliance and enhancing the organization’s reputation.
This point, vital for the Digital Real and for the other services involving financial operations, are also important in Central Bank resolution 4893.
Centralized management and access control of cryptographic keys
HSMs allow centralized management of cryptographic keys, facilitating access control and the implementation of security policies.
Here, the essential point is to ensure that only authorized people can access and use the keys.
Redundancy and recovery of cryptographic keys
HSMs can be configured in clusters, providing redundancy and guaranteeing the availability of cryptographic keys even in case of hardware failures or other incidents.
This ensures continuity of operations and prevents loss of sensitive data.
Integration with the Besu Hyperledger platform
The HSMs are compatible with the Hyperledger Besu platform, making it easy to implement secure and efficient enterprise blockchain solutions for Real Digital.
The integration between the two technologies strengthens Real Digital’s infrastructure and enables the development of new financial services and products.
Indeed, the use of HSMs in the context of Real Digital and Hyperledger Besu can offer significant benefits in terms of security, performance, and compliance, and is an effective and proven solution for protecting cryptographic keys and ensuring the integrity of financial transactions.
The combination of these technologies creates a solid foundation for the evolution of digital payments and the expansion of financial services in Brazil.
Do you know Thales HSM Luna?
Thales HSM Luna
is a high-performance security device designed to protect cryptographic keys and perform cryptographic operations securely and efficiently.
Its robust architecture is built with physical and logical security mechanisms to prevent unauthorized access and extraction of sensitive information.
In addition, HSM Luna offers accelerated transaction processing, compliance with regulations and industry standards, centralized key management, and transaction traceability.
This solution is widely used by companies in various industries seeking to protect their digital assets and ensure the confidentiality, integrity, and authenticity of information.
Want to learn more about HSM and all the features it can offer to protect your information and ensure the security of your transactions? Contact Eval, a specialist in information security solutions.
Our team is ready to help you understand how an HSM can benefit your organization and present the best options available on the market. Click here to contact us!
EVAL has been developing projects in the financial, health, education, and industry segments for over 18 years. Since 2004, we have offered solutions for Authentication, Electronic and Digital Signature, and Data Protection. Currently, we are present in the main Brazilian banks, health institutions, schools and universities, and different industries.
With value recognized by the market, EVAL’s solutions and services meet the highest regulatory standards of public and private organizations, such as SBIS, ITI, PCI DSS, and LGPD. In practice, we promote information security and compliance, increase companies’ operational efficiency, and reduce costs.
Innovate now, lead always: get to know Eval’s solutions and services and take your company to the next level.
Eval, safety is value.