As the world leader in the deployment of Trusted Execution Environments, Fortanix provides operators of Ignite (formerly Tendermint) validator nodes a mechanism to prevent double-signing of Ignite proposals and votes. The main component of the solution is a Fortanix DSM plugin which validates that the proposals and votes are well formed, tracks the state of the protocol, and ensures that double-signing is prevented.
What is Fortanix Ignite One-Time Signer?
Fortanix Ignite One-Time Signer offers double-sign prevention logic implemented as a Fortanix Data Security Manager plugin for Ignite blockchain validator nodes. The plugin is executed inside Confidential Computing powered Trusted Execution Environment (TEE) and ensures that conflicting messages are not signed.
High-integrity signer as DSM plugin
Implement the double-sign prevention logic as a DSM plugin in a high integrity, secure environment.
Cluster-based architecture with HA/DR
The platform maintains high availability, based on a cluster architecture with in-built resilience. It also supports disaster recovery to avoid loss of digital assets.
Secure with quorum policies
The plugin is controlled by a quorum policy and no changes to the code are allowed without explicit permissions of the admin users that are part of the quorum policy.
Maintain keys online with SaaS
DSM is available as a global cloud service with centralized visibility and control. Validator keys can be securely managed and retrieved online.
How it helps?
Avoid double signing
Ensures that the Ignite blockchain validator node does not double-sign proposals and votes by implementing the double-sign prevention logic
Fortanix secures keys belonging to validator nodes, avoids double signing and mitigates the risk of validator node slashing – and the associated financial loss
The private keys are kept secured at rest, in motion and even when in use inside Intel® SGX enclaves ensuring confidentiality and integrity of the policies. FIPS 140-2 level 3 certified HSM delivers enhanced physical security.
Highly scalable with HA/DR
DSM is a highly scalable solution that can scale to thousands to millions of transactions. The solution minimizes availability risk while maximizing operational simplicity, by leveraging a distributed systems architecture that provides automated high availability and disaster recovery.