Silence Laboratories is a cybersecurity startup that builds authentication frameworks with a focus on usability and design science.
Its business solutions include distributed digital signing and authentication through a fusion of multi-party computation (MPC) based cryptographic algorithms with threshold signature schemes (TSS), and intelligent multi-modal signal processing.
KrASIA spoke with Jay Prakash, founder and CEO of Silence Laboratories, to find out what next-generation authentication entails.
This interview has been consolidated and edited for brevity and clarity.
KrASIA (Kr): How did the idea of setting up Silence Lab come about?
Jay Prakash (JP): My co-founder, Andrei Bytes, who is the CTO, and I, were doing our PhDs in Singapore. We were carrying out research mostly focused on cybersecurity authentication and finding vulnerabilities in general digital applications.
Over the past two years, we studied local banks in Singapore and discovered in-house vulnerabilities which were linked to scams. Leveraging our solutions to tackle these security issues, we launched our startup in March this year.
Kr: What are your major products?
JP: We operate under a B2B business model, and we’re targeting two segments.
One is fintech, and the other is in Web3, which is drawing a lot of attention from our customers. Basically, we work with companies in these two segments to improve authentication in cybersecurity.
Our products target digital asset custodians, digital wallets, and digital exchanges. Currently, the major wallets on exchanges all have single-point custodian private keys with some level of centralized signature process. What we are trying to do is decentralize this process.
We’ve also developed a set of codes that any enterprise can use, allowing companies to import our libraries to build applications on top of them to create safer authentication frameworks.
Right now, when you want to carry out a transaction, you need to use a private key that is secret to you, one that you can store on your phone or a browser. In some cases, some companies would store it for you in the cloud.
What we do is to split that private key into different parts and store them separately. Decentralization essentially rests on the premise of not relying on a single party, and we’re trying to build that infrastructure for decentralization.
The other feature of our solution is the use of environmental signatures or cyber critical signatures as additional authentication. For current authentication processes, all you need to do is to enter a code, and you will be prompted to approve the authentication request. But this method has vulnerabilities.
To tackle this issue, we leverage the use of sound and wireless waves to ensure that the login and token device are physically close to each other during authentication approval. For example, if the user is using sound transmissions, we will recall sound samples and compare them. The process entails the transmission of sounds in the environment from where you are logging in.
RELATED ARTICLE
Kr: What do you think is a major challenge in cybersecurity authentication today?
JP: There are some companies that claim to be decentralized but in reality, they are not. When it comes to cybersecurity, these companies have yet to adopt decentralized authentication and authorization. Be it in wallets or on exchanges, private keys are stored in one place, which leaves them vulnerable to cyberattacks.
Kr: Share with us your latest funding round.
JP: Last month, we closed a USD 1.7 million round in seed funding, led by pi Ventures. The round also included participation from imToken ventures and prominent angels like Daniel Ari Friedman, Mahin Gupta, CK Vishwakarma, Priyeshu Garg, Ashish Tiwari, and others.
We plan to use this funding to widen our product offerings towards decentralized security and enrich the technology stack, strengthen our team, and scale our go-to-market operations to help enterprises adopt state-of-the art authentication and authorization techniques.
Kr: What do you think next-generation authentication solutions will be like?
JP: There are two key elements that are missing in current solutions on the market. The first is one that balances security and usability. There is a tradeoff between these two considerations in current authentication solutions. Our objective is to develop an authentication solution that can achieve such a balance.
The second key element is the need to incorporate the physical context into the authentication process. It should be a fusion of cryptography (the art of writing or reading codes) with physical space. If that can be combined, authentication would be a lot more secure.
Kr: You’re planning to set up an applied cryptography and Web3 security corporate R&D center. Tell us more about the center.
JP: The center will be in Singapore, and we’ll carry out research on cryptography. We’ll be hiring PhDs and security engineers, who can tackle the problems highlighted by enterprises based on our discussions with them.
My observation is that there is still a mismatch in terms of the solutions that can be provided by academia and what the industry needs. So more research is needed to address authentication challenges.
Kr: What are your plans for expansion?
JP: In terms of our business plans, we’re still focused on the two verticals, which are fintech and Web3. We are working with a couple of major global players in wallet and exchange domains. Currently, we are working on 6-7 pilot projects in these areas.
Today, we have seven people on our team. We’re looking to increase that number to ten by the end 2022.