An MPC node is usually run as a containerized server in Docker or Kubernetes. In the previous sections, we assumed that the MPC nodes were running as servers.

But it is also possible to run MPC nodes on mobile devices. For iOS and Android Blockdaemon provides libraries that contain both the TSM SDK as well as the MPC node itself, embedded in the library. This allows you to easily run an MPC node on iOS or Android.

Getting the iOS and Android Libraries

For Android you will need the library:

https://nexus.sepior.net/repository/libtsmclient/libtsmclientv2-61.0.2.aar

and for iOS:

https://nexus.sepior.net/repository/libtsmclient/libtsmclientv2-61.0.2.framework.zip

This fetches the TSM v61.0.2 libraries. You can see all the versions available here.

Contact our support team for the credentials needed to fetch these libraries.

Usage

Creating an SDK with an embedded MPC node can be done as follows:

let node = TsmNewEmbeddedClient(embeddedNodeConf, embeddedNodeLogConf, &err)

Client node = Tsm.newEmbeddedClient(embeddedNodeConf, embeddedNodeLogConf);

The embeddedNodeConf and embeddedNodeLogConf in the example above contain the configuration for the embedded MPC node. This is very similar to the configuration needed for standard containerized MPC nodes. See this section for more about configuring embedded MPC nodes.

Once the SDK is instantiated, you can do the usual operations on the resulting node , for example:

let sessionConfig = TsmNewSessionConfig(sessionID, TsmNewInt32Array()?.add(0)?.add(1)?.add(2), TsmNewIntBytesMap()?.set(0, v: self.node0PublicKey))                
let keyID = node.ecdsa()?.generateKey(sessionConfig, threshold: 2, curveName: curveName, desiredKeyID: "", error: &err)

SessionConfig sessionConfig = Tsm.newSessionConfig(sessionID, Tsm.newInt32Array().add(0).add(1).add(2), Tsm.newIntBytesMap().set(0, node0PublicKey));
node.ecdsa().generateKey(sessionConfig, threshold, curveName, "")

In this example, the session configuration consists of a sessionID , the public key of Node 0 (the node embedded in the mobile device), and that the session includes Node 0, Node 1, and Node2. The MPC session generates a key with a given curveName and threshold.

A Working Example

You can see a working example by checking out the following project:

export GOPRIVATE=gitlab.com/sepior
echo "machine gitlab.com login GITLAB_USERNAME password GITLAB_PASSWORD" >> $HOME/.netrc
git clone https://gitlab.com/sepior/multitenant-demo.git

Note: Replace GITLAB_USERNAME and GITLAB_PASSWORD in the above with the credentials received from our support team (this is the same credentials required for checking out the TSM Golang SDK).

The demo consists of a TSM with three MPC nodes. Node 1 and Node 2 run as backend servers in docker containers. Node 0 runs embedded on either Android or iOS, together with a Go service.

To get running, start the backend first with instructions in backend/README.md. Then start the mobile emulated embedded node for either iOS or Android with instructions in iosv2/README.md or androidv2/README.md. The embedded node configurations can be observed in the respective folders e.g. iosv2/ios-example/Defines.swift. The dynamic embedded node player index is 0.

Step through the functions in the app (seen in the figure to the left). The interactions can be observed through the mobile emulator log, within the node log on the app, and the logs of the builder vault nodes with "docker logs".

The project demonstrates both how an MPC node can run embedded in a library on a mobile device (iOS, Android), and how the MPC node running on the mobile device can be dynamically configured, such that your application can have many mobile devices, each with it's own key, secret shared among the mobile device and the two server nodes.

See also our mobile node Getting started tutorial.