Audit Logging

An MPC node can be configured to do audit logging.

From a security perspective it is important that the audit log is kept separate from the MPC node itself. Blockdaemon delivers an audit log service that can receive audit log messages from the MPC nodes in a TSM. Each MPC node will offload its audit log entries to the audit log service. The Blockdaemon audit log service can be exchanged with any external service that accepts log entries in JSON format.

Even though every MPC operation produces audit log entries on multiple servers it is quite easy for non-technical auditors to get a system-wide view of the audit log with one entry pr (logical) operation.

The content of an audit log entry varies depending on the operation. Some fields, however, are common for all or at least most operations: timestamp, userID, operation.

Below is an example of an audit log view:

30/04/2020, 20:15:57AdminCreate useruserID=myUser
01/05/2020, 21:21:57myUserECDSAKeygenifyCwxrzzEaM3ePD40j6LtzQ7xo
01/05/2020, 21:22:29myUserECDSASignifyCwxrzzEaM3ePD40j6LtzQ7xochainPath=[4,1,1,1,2]