Introduction
As the world leader in the deployment of Trusted Execution Environments, Fortanix provides operators of Proof-of-Stake validator nodes that use the Ignite (formerly Tendermint) or Evmos stacks a mechanism to securely manage validator keys online. The main component of the solution is the integration that Fortanix has built into the Tendermint KMS project which is freely available under the Apache 2.0 license. The solution forms part of the Fortanix Secure Web3 Infrastructure suite of tools and is provided as a managed service.
In Proof-of-Stake (POS) blockchains such as the ones that rely on the Tendermint or the Evmos stacks, validator nodes do not expend resources to “mine” the next block. Rather, they validate and sign proposals and votes. The new requirement on the operators of validator nodes is to maintain long-lived keys online securely such that they are always available. Fortanix delivers on this requirement by ensuring that validator keys are generated and used inside a FIPS 140-2 level 3 compliant environment which is offered with high availability and protection against disasters.
Online Long-Lived Key Management Problem
The most significant shift in blockchain technology is the shift from Proof-of-Work based blockchains to Proof-of-Stake based blockchains. Proof-of-Stake based blockchains have a significantly lower energy footprint and offer transaction throughputs far more than Proof-of-Work based blockchains. There are other benefits as well. For example, Proof-of-Stake blockchains offer deterministic finality in transaction processing as opposed to probabilistic finality offered by Proof-of-Work based blockchains.
This transition to Proof-of-Stake is shedding light on an important problem. Validator keys are long lived keys that need to be maintained securely over the long term. Also, they need to be maintained online because they are used very frequently. High availability of keys is important and so is the ability to recover from disasters.
One mechanism to solve this problem is to offer secure, FIPS (Federal Information Processing Standard) 140-2 Level 3 compliant key management via an always online, geographically distributed platform.
Signing Provider for TMKMS
Fortanix DSM (Data Security Manager) SaaS is a FIPS 140-2 Level 3 compliant platform for secure key management. It offers a unique security architecture where validator keys can be generated and used inside the geographically distributed, hardware protected secure environment.
The Fortanix Signing Provider for TMKMS solution includes an integration of Fortanix DSM SaaS into Tendermint KMS (TMKMS) which is an open-source project freely available under the Apache 2.0 license.
TMKMS implements double-sign prevention which is critical for Proof-of-Stake blockchains. For any proposal or vote, TMKMS validates that double signing is not being attempted and then signs the proposal or vote by invoking the sign operation offered by DSM SaaS which manages validator keys.
Benefits
The main benefit of the Signing Provider for TMKMS solution is that it ensures that Proof-of-Stake validators can maintain long lived keys securely online with high availability and disaster recovery. Moving forward, Fortanix intends to support Signing Providers for other Proof-of-Stake protocols such as Ethereum 2.0, Solana, Cardano, etc.