Backing up the TSM can be done in several ways. Which one(s) you should choose depends on your particular needs.
- Regular database backup You can back up the databases of each of the TSM nodes. To make sure that the node backup’s are consistent with each other when the backup’s are created, you can temporarily disallow creation of new keys on the TSM by calling
adminClient.Pause()and, once backup is done,
Backup and Presignatures
For security reasons, the TSM ensures that presignatures are deleted after use, in order to prevent signing twice with the same presignature. If you restore the MPC node databases from an old backup, make sure to call
DeleteAllPresigs()before backing up, or when restoring the database. This prevents accidental reuse of a presignature.
Wrapped key share export/import The nodes can export the shares of a given private key wrapped under a public key. This requires interaction between the TSM nodes, so they have to agree on this operation. See more here.
Key share backup/restore A node can create an unencrypted backup of a specific key share. This can be done independently of the other nodes. Since the share is exported unencrypted, you have to protect the share by other means. More info here.
Unencrypted Key Share Backup and Resharing
Exporting an unencrypted key share is a local operation that does not involve communication between the MPC nodes. This means that care must be taken if you use this together with our key resharing feature. If you re-install a key share on a single MPC node from an old backup that was exported in an earlier reshare epoch, this will make the entire key unavailable, since the key shares on the MPC nodes are then no longer related. The solution is to either avoid using local share backup with resharing, or to make sure that you take a new share backup after each reshare operation.
- Emergency Backup Finally, you can create an “emergency recovery” backup. This is somehow similar to wrapped key share export, but with emergency backup a single backup is created that contains all the key shares wrapped under a public key. Furthermore, the encrypted backup comes with a zero-knowledge proof that lets you validate that the encrypted backup indeed does contain the correct private key. See more here.
Updated 6 months ago