Cryptographic Operations

The Builder Vault TSM supports the following cryptographic signing operations:

Schnorr (EdDSA)Ed25519
Schnorr (EdDSA)Ed448
Schnorr (BIP340, "Taproot")secp256k1

In addition, the TSM also supports other cryptographic operations:

AES-ECBKey size 128Encrypt, Decrypt
AES-CBCKey size 128Encrypt, Decrypt
AES-CMACKey size 128Sign, Verify
AES-GCMKey size 128Encrypt, Decrypt
AES-CTRKey size 128Encrypt, Decrypt
HMAC-SHA2-256Key size 2048, 3072, 4096Sign, Verify
HMAC-SHA2-512Key size 2048, 3072, 4096Sign, Verify
RSA PSSKey size 2048, 3072, 4096Sign, Verify
RSA OAEPKey size 2048, 3072, 4096Encrypt, Decrypt
RSA PKCS#1v1.5Key size 2048, 3072, 4096Encrypt, Decrypt, Sign, Verify
RSA x.509 (raw)Key size 2048, 3072, 4096Encrypt, Sign
ECDHCurves: secp256k1, P-256, P-384, P-521Key agreement

The AES, HMAC, RSA, and ECDH operations are currently only available in the Builder Vault SDKv1, and may only work for specific threshold settings.

MPC Protocols

Blockdaemon Builder Vault MPC solutions are based on public research (some of which was performed by the Blockdaemon team), this includes protocols from the following research papers:

  • [MRZ15] Payman Mohassel, Mike Rosulek, Ye Zhang: Fast and Secure Three-party Computation: The Garbled Circuit Approach. CCS 2015: 591-602
  • [DJNP+18] Ivan Damgård, Thomas Pelle Jakobsen, Jesper Buus Nielsen, Jakob Illeborg Pagter, Michael Bæksvang Østergård: Fast Threshold ECDSA with Honest Majority. SCN 2020: 382-400
  • [DKLs19] Jack Doerner, Yashvanth Kondi, Eysa Lee, Abhi Shelat: Threshold ECDSA from ECDSA Assumptions: The Multiparty Case. IEEE Symposium on Security and Privacy 2019: 1051-1066

Additional Features

In addition to the cryptographic operations, the TSM has a number of features:

  • Authentication using API keys, mTLS, OIDC
  • Key Derivation (BIP32)
  • Presignatures (non-interactive online signing)
  • Key Lifecycle Management (key resharing, key deletion)
  • Key Import/Export
  • Key Share Backup
  • Emergency Recovery Service
  • Dynamic Node Configuration (MPC node multi-tenancy)

More information on these features is available in the online user manual.