Deployment models

The TSM can be deployed in different ways with different choices of active and passive nodes as well as node ownership.

Basic Deployment Model

In the basic scenario we have n (e.g. 3) active MPC nodes all controlled by the same SDK.


Basic deployment diagram

  1. The SDK is available in Go and as a shared library
  2. The connection between the SDK and a node is over http or https (the latter recommended) and is authenticated.
  3. The connection between the nodes is over TLS using public key pinning
  4. Each MPC Node is deployed as described below

Active MPC node

  1. The connection can be protected using TLS (depends on the database configuration)
  2. The data is protected using a master key, MK, which can be used and protected in different ways. Both our current choice has a Key Encryption Key (KEK) and MK stored in the DB as EKEK(MK):
    a) KEK is derived from a (strong) password stored in the MPC Node configuration file using PBKDF2.
    b) KEK is derived from a key file using SHA-256.