Fortanix “Signing Provider for TMKMS”

The Fortanix Signing Provider for TMKMS solution provides operators of Tendermint or Evmos validator nodes a secure mechanism to maintain long lived keys online. 

Download Solution Brief

Background Image


As the world leader in the deployment of Trusted Execution Environments, Fortanix provides operators of Proof-of-Stake validator nodes that use the Ignite (formerly Tendermint) or Evmos stacks a mechanism to securely manage validator keys online. The main component of the solution is the integration that Fortanix has built into the Tendermint KMS project which is freely available under the Apache 2.0 license. The solution forms part of the Fortanix Secure Web3 Infrastructure suite of tools and is provided as a managed service.

In Proof-of-Stake (POS) blockchains such as the ones that rely on the Tendermint or the Evmos stacks, validator nodes do not expend resources to “mine” the next block. Rather, they validate and sign proposals and votes. The new requirement on the operators of validator nodes is to maintain long-lived keys online securely such that they are always available. Fortanix delivers on this requirement by ensuring that validator keys are generated and used inside a FIPS 140-2 level 3 compliant environment which is offered with high availability and protection against disasters.

tmkms 1

Online Long-Lived Key Management Problem

The most significant shift in blockchain technology is the shift from Proof-of-Work based blockchains to
Proof-of-Stake based blockchains. Proof-of-Stake based blockchains have a significantly lower energy footprint and offer transaction throughputs far more than Proof-of-Work based blockchains. There are other
benefits as well. For example, Proof-of-Stake blockchains offer deterministic finality in transaction processing
as opposed to probabilistic finality offered by Proof-of-Work based blockchains.

This transition to Proof-of-Stake is shedding light on an important problem. Validator keys are long lived keys
that need to be maintained securely over the long term. Also, they need to be maintained online because they
are used very frequently. High availability of keys is important and so is the ability to recover from disasters.

One mechanism to solve this problem is to offer secure, FIPS (Federal Information Processing Standard) 140-2 Level 3 compliant key management via an always online, geographically distributed platform.


The main benefit of the Signing Provider for TMKMS solution is that it ensures that Proof-of-Stake validators can maintain long lived keys securely online with high availability and disaster recovery. Moving forward, Fortanix intends to support Signing Providers for other Proof-of-Stake protocols such as Ethereum 2.0, Solana, Cardano, etc.

Ready to test Fortanix Runtime Encryption?

request a demo