Authentication Reimagined @Silence Laborarories
Page cover

🕸️A.2 SilentShard: Cloud Node TSS SDK

SilentShard SDK to create a distributed ECDSA signature at the phone (by communicating with other MPC nodes hosted on the cloud).

Configuration & running

Environment

Standard PG environment

  • PGHOST

  • PGDATABASE

  • PGUSER

  • PGPASSWORD

Admin user and admin tokens

The initial migration creates database tables and creates user 'admin' with user_id 1.

Use ./script/register-admin-token.sh to insert into the database an admin token.

env PGDATABASE=name-of-database \
   ./script/register-admin-token.sh

The script uses openssl rand to generate a random token. You could pass your own token. A token is a hex string.

env PGDATABASE=name-of-database \
   ./script/register-admin-token.sh ["your-own-token"]

Server signing keys

Generate server signing keys


sigpair-admin sign-keys --path /path/to/server/signing/keys

Now we have to configure our server nodes to use this key.


env PGDATABASE=name-of-database \
   ./script/configure-signing-keys.sh /path/to/server/signing/keys

Extract server public key

Mobile clients have to verify messages send my server nodes.


sigpair-admin public-key --path /path/to/server/signing/keys

Output is base64 encoded public key. Use it to configure your mobile clients.

Installing Cloud MPC Node

europe-docker.pkg.dev/sincere-burner-379311/sigpair/sigpair:latest

Here is a simple docker-compose file to start DB and Server Node on your machine.

version: '3.1'

services:

  db:
    image: postgres:14
    restart: always
    environment:
      POSTGRES_PASSWORD: sigpair
      POSTGRES_USER: sigpair
      POSTGRES_DB: sigpair

  sigpair:
    image: europe-docker.pkg.dev/sincere-burner-379311/sigpair/sigpair:latest
    restart: always
    environment:
      PGHOST: db
      PGUSER: sigpair
      PGDATABASE: sigpair
      PGPASSWORD: sigpair
    ports:
      - 8080:8080
    depends_on:
      - db

Start Database Service

docker-compose -f docker-compose.yml up -d db

Wait for a few seconds for initializations...

Start Server Node

docker-compose -f docker-compose.yml up sigpair

The default entry point of the image executes DB migration, generates a fresh admin token and creates a signing key pair. One could run only the server node by configuring the appropriate entry point.

Configuration for Kubernetes might look like this:

apiVersion: batch/v1
kind: Pod
metadata:
  name: some-name
spec:
  template:
    spec:
      containers:
      - name: server-node
        image: sigtpair
        command: ['/usr/local/bin/sigpair-node']
      restartPolicy: OnFailure

For reference, reach out to us - we will share a reference file. It is an interface to cloud node functions to setup session ids and manage keyshare of the server side.

PreviousFull ExampleNextA.3 SilentShard: Flutter TSS SDK

Last updated