Node Configuration

Each MPC node in the TSM reads a toml configuration file when it starts up. The node attempts to read the configuration in the following order, until one of the attempts succeeds:

  1. Base64 decoding the contents of the environment variable CONFIG_BASE64
  2. Reading the file specified in the environment variable CONFIG_FILE
  3. Reading the file passed as argument
  4. Reading the file at the default file location /config/config.toml

A Minimal Example

As a minimum, a configuration file consists of:

Example configuration files for a TSM with three MPC nodes are found below. Here the three nodes are identified by player indices 0, 1, 2, respectively. They are all configured to use local SQLite3 databases. The nodes are configured to use direct node-to-node communication over port 9000 (i.e., no message broker). Each node includes the public keys of the other nodes in the configuration file, which means that the public keys need not be provided dynamically each time a new MPC session is started. The configuration specifies SDK authentication via API keys, with a single application called demoapp.

There are many more optional configurations. These are described in the following sections and in the comments of the sample configuration file at the end of this section.

[Player]
  Index = 0
  PrivateKey = "MHcCAQEEIJZ2T0ESxG34wA77rhn+9KMOrkz296jeDUOenHsLmWO/oAoGCCqGSM49AwEHoUQDQgAE0AyIB0e0A00Z+ovqDQ5mjffEqVabU/eEOwOOrkElnSX1qPkgIn5eLIOC7OWQq6dgZnJLjElg6R4vR5a91aAE8w=="

[Players.1]
  Address = "tcp://player1:9000"
  PublicKey = "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZsbGXaVTkx8iiXb7iDSBFs24xYdbe5jTRg57aU0F71BMxhlV46cKMsCDXARriCUBwApfCoAf/ByyJ7TpWRm4Rw=="

[Players.2]
  Address = "tcp://player2:9000"
  PublicKey = "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEJZx6N1ARYmc/6DQBL/47yRL/dMvWi5UQRUiqA05pdjLAb3eXO6yPioocnZNxsQjCerxcMJ2LnvELmK5L6Ovsqw=="

[Database]
  DriverName = "sqlite3"
  DataSourceName = "/tmp/tsmdb"
  EncryptorMasterPassword = "db0masterPassword"

[MPCTCPServer]
  Port = 9000

[[Authentication.APIKeys]]
  APIKey = "jbs3wZ2DAL44CQ9f4LvmEza/rS4k0xeCxB7tUXuiL5Y="
  ApplicationID = "demoapp"

[DKLS19.Features]
    GenerateKey = true
    Sign = true
[Player]
  Index = 1
  PrivateKey = "MHcCAQEEILWaOgXLxJUxodTrASskOfTN0y8RD/vuwuv/bOM+f2wroAoGCCqGSM49AwEHoUQDQgAEZsbGXaVTkx8iiXb7iDSBFs24xYdbe5jTRg57aU0F71BMxhlV46cKMsCDXARriCUBwApfCoAf/ByyJ7TpWRm4Rw=="

[Players.0]
  Address = "tcp://player0:9000"
  PublicKey = "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0AyIB0e0A00Z+ovqDQ5mjffEqVabU/eEOwOOrkElnSX1qPkgIn5eLIOC7OWQq6dgZnJLjElg6R4vR5a91aAE8w=="

[Players.2]
  Address = "tcp://player2:9000"
  PublicKey = "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEJZx6N1ARYmc/6DQBL/47yRL/dMvWi5UQRUiqA05pdjLAb3eXO6yPioocnZNxsQjCerxcMJ2LnvELmK5L6Ovsqw=="

[Database]
  DriverName = "sqlite3"
  DataSourceName = "/tmp/tsmdb"
  EncryptorMasterPassword = "db1masterPassword"

[MPCTCPServer]
  Port = 9000

[[Authentication.APIKeys]]
  APIKey = "QcV6NRHhpM7UaFaU3K9T34ud50/8zCvUvQkUR6oKHAg="
  ApplicationID = "demoapp"

[DKLS19.Features]
    GenerateKey = true
    Sign = true
[Player]
  Index = 2
  PrivateKey = "MHcCAQEEILWaOgXLxJUxodTrASskOfTN0y8RD/vuwuv/bOM+f2wroAoGCCqGSM49AwEHoUQDQgAEZsbGXaVTkx8iiXb7iDSBFs24xYdbe5jTRg57aU0F71BMxhlV46cKMsCDXARriCUBwApfCoAf/ByyJ7TpWRm4Rw=="

[Players.0]
  Address = "tcp://player0:9000"
  PublicKey = "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0AyIB0e0A00Z+ovqDQ5mjffEqVabU/eEOwOOrkElnSX1qPkgIn5eLIOC7OWQq6dgZnJLjElg6R4vR5a91aAE8w=="

[Players.1]
  Address = "tcp://player1:9000"
  PublicKey = "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZsbGXaVTkx8iiXb7iDSBFs24xYdbe5jTRg57aU0F71BMxhlV46cKMsCDXARriCUBwApfCoAf/ByyJ7TpWRm4Rw=="

[Database]
  DriverName = "sqlite3"
  DataSourceName = "/tmp/tsmdb"
  EncryptorMasterPassword = "db2masterPassword"

[MPCTCPServer]
  Port = 9000

[[Authentication.APIKeys]]
  APIKey = "88IU8yrT6+EGVD6vMoSAlHq2mjfMBd8IoNSWkh61pn4="
  ApplicationID = "demoapp"

[DKLS19.Features]
    GenerateKey = true
    Sign = true

📘

Note

The keys and passwords in the above example are only intended for demonstration. Generate your own keys and strong passwords if you deploy a TSM in production.