Player Index, Key, and Address
Each MPC player in Builder Vault is identified by a unique integer, called the player index, which is read from the configuration file.
Each configuration file must also contain a base64 encoded private key, which the MPC node uses for secure communication with the other MPC nodes. The other MPC nodes must know the corresponding public key.
As an example, if an MPC node has player index 2, then it's configuration file must contain:
[Player]
Index = 2
PrivateKey = "BA3E64=="The BA3E64== should be replaced by the base64 encoding of the player's private key.
The private key, along with the corresponding public key, can be generated using the following OpenSSL commands:
openssl ecparam -name P-256 -genkey -param_enc named_curve -outform DER -out private.key
openssl base64 -A -in private.key; echo
openssl ec -inform DER -in private.key -pubout -outform DER -out public.key
openssl base64 -A -in public.key; echoInstead of P-256 you can use P-384 or P-521 depending on the desired security level (128, 192, or 256 bits).
The address field defines how the node should communicate with the given reote player.
Remote Players
In addition to its own configuration in the [Player]section, there is a section for each of the other (remote) players. This section specifies how this player should communicate with the remote player:
[Player]
Index = 2
PrivateKey = "BA3E64=="
[Players.1]
PublicKey = "BA3E64=="
Address = "tcp://player1:9000?connectionPoolSize=2&connectionLifetime=1h&disableMultiplexing=false&symmetricConnection=false"
[Players.3]
PublicKey = "BA3E64=="
Address = "broker://"The public key of each remote player should match the private key in their respective configuration files.
The address field defines how this player should communicate with the remote player. You can specify one of the following schemes:
- tcp, tcps, ws, wss - Direct connections over TCP or WebSocket, with or without TLS.
- incoming - Indicates that this player should listen for an incoming connection rather than initiating one.
- broker - Indicates that communication with this remote player should happen through the configured message broker.
If the Address is left empty, the node will automatically choose either incoming or broker, depending on which MPC servers are enabled.
If the node cannot uniquely determine the correct scheme from the configuration, it will fail on startup and return an error.
It is possible to specify additional options for the connection:
| Option | Description |
|---|---|
| connectionPoolSize | Number of tcp connections to keep alive to this player if multiplexing is used. Default is two. |
| connectionLifetime | Maximum lifetime of a tcp connection to this player. Default is one hour. |
| disableMultiplexing | (MPCDirectServer only)This parameter controls if we should disable multiplexing with this player. Normally you want to use multiplexing to reduce the overhead of establishing connections, but if you rarely make connections to this player, there is no need to keep a long-lived TCP connection alive. If the player is behind a load balancer, you should also disable multiplexing. |
| symmetricConnection | (MPCDirectServer only) If this parameter is true, it means that the other player also has this node's address configured. To prevent both players connecting to each other at the same time, they use the session ID to determine who will establish the connection. |
Updated 4 days ago