Overview
Sodot HFT Signer
The Sodot HFT signer is a deployable signer service compatible with high-frequency trading (HFT) environments.
It is designed to securely sign transactions and messages in a fast and efficient manner, ensuring that sensitive operations are performed with the highest level of runtime security and integrity by utilizing AWS Nitro Enclave technology.
How does it work?
- The Sodot HFT signer runs on a TEE (Trusted Execution Environment) colocated with your trading machine.
- Your trading machine can ask the HFT signer to sign orders and requests before they are sent to the exchange.
- The trading machine only has to replace the current
sign_payloadmethod used by the trading machine to use the sign method of the HFT signer SDK.
Why is this secure?
- The HFT signer runs inside an AWS Nitro Enclave, which provides a secure and isolated environment for executing sensitive workloads.
- The secrets are only stored in memory and are never persisted by the enclave, this is the key property that allows the HFT signer to take advantage of the full security benefits of the Nitro Enclave.
- The Exchange API Vault MPC cluster uses a distributed architecture to store the trading API secrets securely in a sharded manner.
- Each MPC signer (Vertex) validates the enclave's identity before allowing it to export the secret key share, it utilizes Nitro's hardware-based attestation capabilities to ensure that the enclave is genuine and unmodified.
Architecture
Below we provide a high-level overview of the HFT signer architecture for AWS.
