BLS Signature and HSMs

Dear All,

My team has been working on designing a set of tools to deploy and monitor validator clients in any cloud.

A key element in this kind of deployment is the HSM component. To date (2019.09.16), there are not known support for the BLS12-381 curve and the BLS signature. Then a great task is start evangelizing cloud and hardware providers on this requirement.

Anybody in this forum is familiar with the steps it takes for both the curve and the signature scheme to be NIST / FIPS compliant? (any of them, either or both). Any pointer to cover this subject will be extemely appreciated.


PS: I plan to use that article’s url and this thread as the main redirection links for the subject of HSM support.

1 Like

This is a quick “BLS for busy people” guide. With a summary, some discussion and the links I’ve visited the most during my little information gathering.

BLS signatures can not be FIPS validated since BLS has not been validated as FIPS compliant by the US government.

At SKALE we are developing SGX based crypto wallet, which can be used to protect BLS. We are planning to opensource it soon.

Stan, thank you for your answer.

I have to gain further understanding on the topic of SGX. For now, It is correct to assume that I can build a secure enclave in a cloud (e.g. AWS), leveraging SGX?

You can use Microsoft Azure, AWS does not support it yet

It is basically a programmable HSM inside of Intel CPU

1 Like

SGX has many downsides and security issues exposed recently. AWS has developed their own Enclave technology called: Nitro Enclave