protocols

TRISA

​​TRISA stands for Travel Rule Information Sharing Alliance. TRISA is a decentralized protocol supported by centralized governance. Any VASP can connect; there are no hidden servers or firewalled API endpoints. This article covers factors to consider when choosing TRISA as a Travel Rule messaging protocol provider.

How does TRISA work?

TRISA applies a peer-to-peer messaging mechanism with a centralized-based Certificate Authority (CA) model to identify and verify VASPs. It also serves as a dictionary for their public key certificates to establish secure communications between VASPs. 

Figure 1: Mutual Authentication with X.509 Certificates and a Certificate Authority [TRISA]

According to TRISA’s whitepaper, these certificates should have an expiration date. They should also be subject to revocation by the CA through an Online Certificate Status Protocol (OCSP) mechanism or revocation list.

TRISA operates a hosted certificate authority (CA) which issues certificates to VASPs to authenticate each other. The TRISA CA will issue X.509 test certificates to enable authentication interoperability testing among VASPs. These certificates will first be issued to TRISA members. Access TRISA’s whitepaper to learn more.

Is TRISA an open-sourced industry alliance network, a closed network, or a commercial solution?

TRISA is an open-sourced protocol created by Blockchain Forensics/Analytics company CipherTrace

Is TRISA a fully integrated Travel Rule solution provider?

TRISA is a messaging protocol. VASPs will still need to partner with a fully integrated Travel Rule solution provider or build additional components to integrate TRISA.

Is TRISA interoperable with various protocols and Travel Rule solutions?

Per TRISA’s whitepaper, the project integrated InterVASP’s IVMS101–the industry-standard Travel Rule data format–on June 1st, 2020. 

What is TRISA’s governance model?

CipherTrace is the primary member of the TRISA Alliance, which governs TRISA and approves certificates. There may be other unnamed members.

Does TRISA support non-custodial wallets?

TRISA does not support communication with non-custodial wallets.

Is TRISA live?

We are uncertain if TRISA is live; yet, there have been mentions of testnets.

What is the level of industry support for TRISA?

TRISA has a good response from regulators, alongside excellent initial support from a number of VASPs

What is TRISA’s membership fee structure?

TRISA charges a verification fee that VASPs must pay to receive an operational certificate. Further implementation costs are paid through CipherTrace subscription fees or through the implementation of other service providers.

Does Notabene support TRISA? 

Notabene is evaluating adding support for TRISA. One concern we have is that it is currently centered around a single vendor and may not be seen as sufficiently open by the industry.

What are the benefits of using TRISA?

  • High availability

There is no single point of failure after VASPs get the X509 certificate

What are the drawbacks of using TRISA?

Closed solution

  • TRISA is currently centered around a single vendor, which will cause interoperability issues in the long run

Inflexible technology

  • X509 certificates are archaic and inflexible.
    TRISA utilizes the TRIXA form, akin to the Wolfsberg Principles, to establish and maintain a set of best practice guidelines to perform VASP due diligence.

Fractured focus

  • CipherTrace is primarily a Blockchain Forensics company. Time will tell if they dedicate enough resources and extend development support to flesh out TRISA.

Integration

  • Intense work is required to integrate each Travel Rule messaging protocol into TRISA

Privacy Concerns

  • As CipherTrace is primarily a Blockchain Forensics service provider and has close ties to law enforcement agencies, some VASPs have data privacy concerns.


Notabene is investigating how we can use our Decentralized Identity technology to solve these drawbacks for VASPs supporting TRISA.

Has there been a testnet using TRISA?

TRISA has a current testnet. View TRISA’s testnet on Github.

What are the steps to implementing TRISA?

  1. Register for TRISA EV Certificate from supported CA
  2. Setup TRISA endpoint
  3. Register in TRISA directory
  4. Implement VASP selection code in Sending UX
  5. Implement TRISA Transaction sending flow
  6. Handle TRISA Address Verification requests from originating VASP
  7. Handle incoming Transactions from TRISA

Notabene will be able to help with all of the above.

TRISA for Developers

TRISA is based on certificate authorities due to concerns from their customers regarding the new FATF guidelines. TRISA is full-featured and under semi-active development. Most development occurred in 2020 and has since stalled.

What are the Specs?

The TRISA protocol supports the following:

  • Go language reference implementation.
  • x509 EV based identification of VASPs with custom TRISA fields
  • Supports all cryptocurrencies
  • Centralized VASP Directory run by CipherTrace
  • Originating VASP’s customer selects beneficiary’s VASP in UX through directory search
  • Uses native blockchain address format for customer requests
  • Direct server to server messaging based on gRPC
  • Integration with PayID
  • Support for InterVASP IVMS-101 Message Standard

TRISA Open API Documentation

TRISA has frequent and recent GitHub activity. Visit TRP’s GitHub page to see the latest commits. 

Requesting changes on TRISA

As a closed network solution, all changes will be decided by and implemented by TRISA.

Relevant links:

TRISA | Travel Rule Information Sharing Architecture for Virtual Asset Service Providers Whitepaper v8