Secure-Signer is a remote signing tool for Ethereum PoS validators, with the following features:
- Follows the Web3Signer specification
- Compatible with existing Consensus clients
- Designed to run on Intel SGX via the Occlum LibOS
- Provides protection from slashable offenses
Validator keys are safeguarded in SGX's encrypted memory and the hardware enforces that Secure-Signer can only sign non-slashable messages. This reduces validator risk from slashing either from accidents or if their system is compromised.
SECURE SIGNER IS UNDER DEVELOPMENT AND SHOULD NOT BE USED FOR PRODUCTION, unless you know what you are doing.
- Open source the alpha code
- Convert modules into their own open source crates
- Standardize the remote-signing specs
- Port to other LibOs's
- Support non-SGX TEEs
- API endpoint to GET EIP-3076 SlashProtection database
- Code review and audit
- Support DCAP remote attestation
- Only one validator key can be imported per API call
- footgun: if you import an existing validator key, you expose yourself to slashing risk either via stale SlashProtection database or if you run the same key across multiple clients. We recommend generating fresh keys within Secure-Signer to mitigate this.
Secure-Signer is funded via an Ethereum Foundation grant.
The following dependencies were used and some code might have been insipired by their design decisions as well:
- Occulum LibOS - BSD License
Secure Signer is released under Apache 2.0 License. See the copyright information here.