/secure-signer

Secure-Signer

Primary LanguageHTMLApache License 2.0Apache-2.0

Secure-Signer

Secure-Signer is a remote signing tool for Ethereum PoS validators, with the following features:

Validator keys are safeguarded in SGX's encrypted memory and the hardware enforces that Secure-Signer can only sign non-slashable messages. This reduces validator risk from slashing either from accidents or if their system is compromised.

SECURE SIGNER IS UNDER DEVELOPMENT AND SHOULD NOT BE USED FOR PRODUCTION, unless you know what you are doing.


API

Users

Developers


Roadmap

  • Open source the alpha code
  • Convert modules into their own open source crates
  • Standardize the remote-signing specs
  • Port to other LibOs's
  • Support non-SGX TEEs

TODO

  • API endpoint to GET EIP-3076 SlashProtection database
  • Code review and audit
  • Support DCAP remote attestation

Known Limitations / Issues

  • Only one validator key can be imported per API call
  • footgun: if you import an existing validator key, you expose yourself to slashing risk either via stale SlashProtection database or if you run the same key across multiple clients. We recommend generating fresh keys within Secure-Signer to mitigate this.

Acknowledgements

Secure-Signer is funded via an Ethereum Foundation grant.

The following dependencies were used and some code might have been insipired by their design decisions as well:

License

Secure Signer is released under Apache 2.0 License. See the copyright information here.