Russia’s FSB Is Making Life Harder for Blockchain Companies

Blockchain technology was created to be borderless. But in the real world, borders still impose limits on this technology.

Everything related to cryptography in Russia falls under the supervision of the Federal Security Service, or FSB, which is the successor to the KGB. The FSB has a certification process for blockchain companies, which might cost over $100,000 and take more than a year, according to experts on the Russian enterprise blockchain market.

Last year, the Fintech Association, a consortium helmed by the Bank of Russia, reported obtaining the certification for Masterchain, its blockchain for banks. The process took about three years to complete, and it’s still not the end of story.

The Fintech Association is working on getting another certificate from the FSB, this time for a particular product on Masterchain. Going forward, any new iteration and implementation of the code using cryptographic elements needs to go through this process.

Other Russian enterprise blockchain projects, including Waves and Bitfury’s Exonum, are still working on getting certified as well – and they also may need more than a year.

The FSB’s certification process is challenging the borderless feature of blockchain technology in two ways. Globally, Russia is trying to get the cryptographic community to accept its encryption algorithm as a standard. Inside the country, the blockchain industry is trying to figure out what to do with a product that foreign partners might be reluctant to adopt.

Unofficial must

While there is no law directly stating that blockchain companies must be certified by the FSB, companies have strong incentives to do so. First, according to Russian law, documents that are signed electronically must use state-certified electronic signatures to be legally binding documents.

“If we’re talking about financial services, certification is a must, otherwise the transactions between [blockchain system] participants won’t have any legal significance. And the digital signature should be built into the blockchain system,” explained Anatoly Konkin, head of DLT at the Fintech Association.

Certification also could help convince big clients, in particular government agencies in Russia, that the system you’re building is secure, says Ivan Maslov, Bitfury’s head of development in Russia.

“If you are creating a system for a government body, it must be certified,” Maslov said.

“It’s an additional competitive advantage for [enterprise blockchain] vendors, which allows them to promise that the system will satisfy all the security requirements,” said Dmitri Plakhov, head of the technical committee of the Center for Distributed Ledger Tech at the Saint Petersburg State University.

The situation is not unique to Russia, notes Sasha Ivanov, CEO of Waves: “Using local cryptography for government-level blockchain projects is a reality that we will have to deal with, be it Russian, Chinese, or Western projects.”

The certification process in Europe, he adds, might take less time than in Russia, but the principle is the same.

Russian standard

For blockchain companies, however, the FSB certification process brings special challenges. Blockchain technology is supposed to be a transparent, agile and auditable system, but having certified cryptographic modules raises questions about transparency and reliability.

The easiest way to comply with the FSB requirements is to use a solution from a licensed vendor – but the code of such solutions is not open source and can not be audited. This is not obligatory, and Masterchain, for example, is using its own cryptography elements, Konkin said. However, an FSB-licensed company named Crypto PRO has been supervising the entire creation of Masterchain.

CryptoPRO is also one of the licensed providers of the GOST (GOvernment STandard) cryptography solutions certified by the FSB.

Bitfury’s Maslov explains that to get Exonum compatible with the requirements of Russian government bodies that the company is working with, Bitfury used software made by one of the FSB-certified providers. The software is responsible for data encryption, hashing and securing channels for the nodes to connect, Maslov said, but it’s up to the blockchain architect to decide what functions should be used.