Skip to main content

Airgapped Triples

The triples needed for ECDSA signatures are sensitive material.
To avoid materializing these in RAM on the participant 1 machine, the following approach can be taken.
It requires the signer binary, use the Download Server.

In the following, the sensitive step is when signer generate-triples is run, as at this point all the triples exist in RAM. The output encrypted triple files however are no longer sensitive, they can only be decrypted by the corresponding appliance node.

Loading and counting triples is only possible when the signer is stopped.

Collect node recipient keys

On each appliance node, run

signer identity --db ${TREASURY_HOME}/signer.db recipient

Collect the values, which will look like age1....

These are X25519 keys, against which the triples files will be encrypted.

Generate triples

On an airgapped or otherwise suitable secure machine:

signer generate-triples --recipients <recipient-1>[,<recipient-2>,...] k256 <number-of-triples>

Here, the recipients argument should be in the order participant 1, participant 2,... given as comma-separated values.

The curve parameter is always k256, the number of triples should be chosen keeping in mind that each ECDSA signature consumes two triples.

For signer versions below 24.6.3-pre.4, an additional --threshold <threshold> parameter is required, and should be set to the consensus cluster of the threshold, which is

  • 2 for cluster size 2
  • 3 for cluster size 4
  • floor(2 * n / 3) + 1 in for general cluster size n

As output, you will find files named like

triples-curve:k256-threshold:<threshold>-offset:0-count:<number-of-triples>-node:<participant>.age

Load triples

For each appliance node, copy the corresponding triple file to any location, stop the node, and run

signer load-triples /path/to/<triples-file>.age

After use, you can keep or dispose of the triples file - they are now in ${TREASURY_HOME}/signer.db.

If you copy the node's file to the ${TREASURY_HOME}/triples/ directory, it will be included in the backup process.

The snapshots themselves don't actually include the triples, due to the potential size.

Replenish triples

Ideally, this is an infrequent process.

On the airgapped machine, run

signer generate-triples --offset <total-triples-so-far> --recipients <recipient-1>[,<recipient-2>,...] k256 <number-of-triples>

For instance, after initially generating and loading 1M triples, offset would be 1M. Assuming 1M triples were replenish on top, offset would be 2M, etc. You can get this offset as the "of ..." value in signer count-triples mentioned below.

As in the initial distribution, copy the new triples files to the appropriate machines, stop the node, and run

signer load-triples /path/to/<new-triples-file>.age

Check triples

On each stopped node, can run:

signer count-triples

You will see output like

curve k256 threshold 1: 2000 of 2000 triples available (1000 signatures)