Cryptographic Operations
The Builder Vault TSM supports the following cryptographic signing operations:
| Operation | Curve |
|---|---|
| ECDSA | secp256k1 |
| ECDSA | P-224 |
| ECDSA | P-256 |
| ECDSA | P-384 |
| ECDSA | P-521 |
| Schnorr (EdDSA) | Ed25519 |
| Schnorr (EdDSA) | Ed448 |
| Schnorr (BIP340, "Taproot") | secp256k1 |
In addition, the TSM also supports other cryptographic operations:
| Primitive | Parameters | Operations |
|---|---|---|
| AES-ECB | Key size 128 | Encrypt, Decrypt |
| AES-CBC | Key size 128 | Encrypt, Decrypt |
| AES-CMAC | Key size 128 | Sign, Verify |
| AES-GCM | Key size 128 | Encrypt, Decrypt |
| AES-CTR | Key size 128 | Encrypt, Decrypt |
| HMAC-SHA2-256 | Key size 2048, 3072, 4096 | Sign, Verify |
| HMAC-SHA2-512 | Key size 2048, 3072, 4096 | Sign, Verify |
| RSA PSS | Key size 2048, 3072, 4096 | Sign, Verify |
| RSA OAEP | Key size 2048, 3072, 4096 | Encrypt, Decrypt |
| RSA PKCS#1v1.5 | Key size 2048, 3072, 4096 | Encrypt, Decrypt, Sign, Verify |
| RSA x.509 (raw) | Key size 2048, 3072, 4096 | Encrypt, Sign |
| ECDH | Curves: secp256k1, P-256, P-384, P-521 | Key agreement |
The AES, HMAC, RSA, and ECDH operations are currently only available in the Builder Vault SDKv1, and may only work for specific threshold settings.
MPC Protocols
Blockdaemon Builder Vault MPC solutions are based on public research (some of which was performed by the Blockdaemon team), this includes protocols from the following research papers:
- [MRZ15] Payman Mohassel, Mike Rosulek, Ye Zhang: Fast and Secure Three-party Computation: The Garbled Circuit Approach. CCS 2015: 591-602
- [DJNP+18] Ivan Damgård, Thomas Pelle Jakobsen, Jesper Buus Nielsen, Jakob Illeborg Pagter, Michael Bæksvang Østergård: Fast Threshold ECDSA with Honest Majority. SCN 2020: 382-400
- [DKLs19] Jack Doerner, Yashvanth Kondi, Eysa Lee, Abhi Shelat: Threshold ECDSA from ECDSA Assumptions: The Multiparty Case. IEEE Symposium on Security and Privacy 2019: 1051-1066
Additional Features
In addition to the cryptographic operations, the TSM has a number of features:
- Authentication using API keys, mTLS, OIDC
- Key Derivation (BIP32)
- Presignatures (non-interactive online signing)
- Key Lifecycle Management (key resharing, key deletion)
- Key Import/Export
- Key Share Backup
- Emergency Recovery Service
- Dynamic Node Configuration (MPC node multi-tenancy)
More information on these features is available in the online user manual.
Updated 2 months ago