Fortanix “Signing Provider for TMKMS”
Introduction
As the world leader in the deployment of Trusted Execution Environments, Fortanix provides operators of Proof-of-Stake validator nodes that use the Ignite (formerly Tendermint) or Evmos stacks a mechanism to securely manage validator keys online. The main component of the solution is the integration that Fortanix has built into the Tendermint KMS project which is freely available under the Apache 2.0 license. The solution forms part of the Fortanix Secure Web3 Infrastructure suite of tools and is provided as a managed service. In this briefing document, we highlight the benefits that our solution delivers to operators of validator nodes that have the need to securely maintain long lived keys online.
In Proof-of-Stake (POS) blockchains such as the ones that rely on the Tendermint or the Evmos stacks, validator nodes do not expend resources to “mine” the next block. Rather, they validate and sign proposals and votes. The new requirement on the operators of validator nodes is to maintain long-lived keys online securely such that they are always available. Fortanix delivers on this requirement by ensuring that validator keys are generated and used inside a FIPS 140-2 level 3 compliant environment which is offered with high availability and protection against disasters.
Online Long-Lived Key Management Problem
While The most significant shift in blockchain technology is the shift from Proof-of-Work based blockchains to Proof-of-Stake based blockchains. Proof-of-Stake based blockchains have a significantly lower energy footprint and offer transaction throughputs far more than Proof-of-Work based blockchains. There are other benefits as well. For example, Proof-of-Stake blockchains offer deterministic finality in transaction processing as opposed to probabilistic finality offered by Proof-of-Work based blockchains.
This transition to Proof-of-Stake is shedding light on an important problem. Validator keys are long lived keys that need to be maintained securely over the long term. Also, they need to be maintained online because they are used very frequently. High availability of keys is important and so is the ability to recover from disasters.
One mechanism to solve this problem is to offer secure, FIPS (Federal Information Processing Standard) 140-2 Level 3 compliant key management via an always online, geographically distributed platform.
Signing Provider for TMKMS
Fortanix DSM’s architecture allows us to quickly develop, integrate and reach maturity of PQC capabilities without disrupting core product functionality and requiring complex, service disrupting upgrade paths and potential hardware upgrades.
Fortanix already offers the LMS signing algorithm as part of our cipher suite and we are well underway in developing ‘not for production’ versions of PQC algorithms such as CRYSTALS-Kyber in preparation of NIST standardized implementations due in early 2024.
In addition, we have already completed a full internal enumeration exercise for the DSM product and have marked where and how public key cryptography is used in the internal Fortanix DSM architecture in preparation for transitioning Fortanix DSM to a fully PQC compliant product.
Figure 1: Validator keys are protected by Fortanix DSM SaaS.
Figure 2: Fortanix DSM SaaS is offered as a geo-replicated global service from multiple regions.
Benefits
The main benefit of the Signing Provider for TMKMS solution is that it ensures that Proof-of-Stake validators can maintain long lived keys securely online with high availability and disaster recovery. Moving forward, Fortanix intends to support Signing Providers for other Proof-of-Stake protocols such as Ethereum 2.0, Solana, Cardano, etc.
