Backup Methods

Backing up the TSM can be done in several ways. Which one(s) you should choose depends on your particular needs which will be covered in more detail in the strategy section.

• Regular database backup You can back up the databases of each of the TSM nodes. To make sure that the node backup’s are consistent with each other when the backups are created, you should temporarily disallow creation of new keys and key resharing of keys in the TSM, until all MPC nodes have created their database backups.

📘

Backup and Presignatures

For security reasons, Builder Vault ensures that presignatures are deleted after use, in order to prevent signing twice with the same presignature. If you restore the MPC node databases from an old backup, make sure to call DeleteAllPresigs() before backing up, or when restoring the database. This prevents accidental reuse of a presignature.

• Key export/import The nodes can collectively export the shares of a given key. This requires interaction between the Builder Vault MPC nodes, so they have to agree on this operation. See more here.

• Key share import/export A node can create a backup of a specific key share. This can be done independently of the other nodes. More info here.

• Emergency Recovery Backup Finally, you can create an “emergency recovery” backup. This is somewhat similar to key export, but with emergency backup, a single backup is created that contains all the key shares wrapped under a public key. Furthermore, the encrypted backup comes with a zero-knowledge proof that lets you validate that the encrypted backup indeed does contain the correct private key. See more here.