Airgapped Triples
The triples needed for ECDSA signatures are sensitive material.
To avoid materializing these in RAM on the participant 1 machine, the following approach can be taken.
It requires the signer binary, use the Download Server.
In the following, the sensitive step is when signer generate-triples is run, as at this point
all the triples exist in RAM. The output encrypted triple files however are no longer sensitive,
they can only be decrypted by the corresponding appliance node.
Loading and counting triples is only possible when the signer is stopped.
Collect node recipient keys
On each appliance node, run
signer identity --db ${TREASURY_HOME}/signer.db recipient
Collect the values, which will look like age1....
These are X25519 keys, against which the triples files will be encrypted.
Generate triples�
On an airgapped or otherwise suitable secure machine:
signer generate-triples --recipients <recipient-1>[,<recipient-2>,...] k256 <number-of-triples>
Here, the recipients argument should be in the order participant 1, participant 2,... given as comma-separated values.
The curve parameter is always k256, the number of triples should be chosen keeping in mind that each
ECDSA signature consumes two triples.
For signer versions below 24.6.3-pre.4, an additional --threshold <threshold> parameter is required,
and should be set to the consensus cluster of the threshold, which is
- 2 for cluster size 2
- 3 for cluster size 4
floor(2 * n / 3) + 1in for general cluster sizen
As output, you will find files named like
triples-curve:k256-threshold:<threshold>-offset:0-count:<number-of-triples>-node:<participant>.age
Load triples
For each appliance node, copy the corresponding triple file to any location, stop the node, and run
signer load-triples /path/to/<triples-file>.age
After use, you can keep or dispose of the triples file - they are now in ${TREASURY_HOME}/signer.db.
If you copy the node's file to the ${TREASURY_HOME}/triples/ directory, it will be included in the backup process.
The snapshots themselves don't actually include the triples, due to the potential size.
Replenish triples
Ideally, this is an infrequent process.
On the airgapped machine, run
signer generate-triples --offset <total-triples-so-far> --recipients <recipient-1>[,<recipient-2>,...] k256 <number-of-triples>
For instance, after initially generating and loading 1M triples, offset would be 1M. Assuming 1M triples were replenish
on top, offset would be 2M, etc. You can get this offset as the "of ..." value in signer count-triples mentioned below.
As in the initial distribution, copy the new triples files to the appropriate machines, stop the node, and run
signer load-triples /path/to/<new-triples-file>.age
Check triples
On each stopped node, can run:
signer count-triples
You will see output like
curve k256 threshold 1: 2000 of 2000 triples available (1000 signatures)