Skip to main content
Version: 1.2.2

Overview

What is a Vertex?

The Vertex is a deployable MPC signer that exposes a REST API that can be used to generate keys, manage keys and sign transactions and messages using MPC in a secure and distributed manner.
It is provided as a Terraform module.

Key points about the Vertex:

  • It may be deployed on-premise or in the cloud (AWS, GCP and Azure).
    • In the cloud, it supports running within Secure Enclaves (e.g. AWS Nitro Enclaves).
  • It is meant to hold 1 secret share of each distributed private key.
    • However, it can be used to hold multiple different shares for different keys.
      I.e. it can be used as 1 backend server with multiple clients (or other Vertex servers) connecting to it and creating many different keys with it.
  • It is interoperable with the Sodot MPC SDK, meaning clients running the React-Native or Web SDK can connect to the Vertex to generate keys and sign transactions.
  • It deploys as a cluster of machines that is horizontally scalable.
  • It uses the native KMS features of the cloud provider to encrypt the secret shares for storage.
  • Since it is provided as a Terraform module, its deployment can be easily be customized.
    • Internally, Helm charts are used to deploy the Vertex. Which can be used directly in existing Kubernetes environments.

Vertex Architecture

Below we provide a high-level overview of the Vertex architecture for AWS, GCP and Azure:

Using the Vertex

To start using the Vertex we recommend the following steps:

  1. Deploy the Vertex in your environment (AWS, GCP, Azure).
    For development purposes, you can deploy the Vertex on your local machine.
  2. Create Users - Users are identified by API keys, it is recommended to use different API keys for machines using the Vertex for different purposes.
  3. (Optional) Define Policies - Policies are used to restrict the signing operations that can be performed on specific keys.
    Policies are self-managed, meaning that any custom logic can be verified such as: Restricting the amount of funds that can be transferred in a single transaction, or restricting the number of transactions that can be signed in a given time period.
    Once a User is created, a default Policy can be assigned to that User, the Policy will be applied to all keys created by that User.
  4. Generate Keys - Key shares are stored by the Vertex and can be generated using the Vertex API.
    Once a Key Share is created, a Policy can also be attached specifically to that Key Share.
  5. Signing - Sign transactions using the Vertex API.
    The Vertex will run the MPC protocol and return the signature to the client.
    Before running the MPC protocol, the Vertex will verify that the message being signed is allowed by the Policy attached to the Key Share, in case a Policy is attached.