Secure-Signer is a remote signing tool for Ethereum PoS validators, with the following features:
- Follows the Web3Signer specification
- Compatible with existing Consensus clients
- Designed to run on Intel SGX via the Occlum LibOS
- Provides protection from slashable offenses
Validator keys are safeguarded in SGX's encrypted memory and the hardware enforces that Secure-Signer can only sign non-slashable messages. This reduces validator risk from slashing either from accidents or if their system is compromised.
SECURE SIGNER IS UNDER DEVELOPMENT, see DockerHub for the latest enclave image.
Secure-Signer is funded via an Ethereum Foundation grant.
The following dependencies were used and some code might have been insipired by their design decisions as well:
- Occulum LibOS - BSD License
Secure Signer is released under Apache 2.0 License. See the copyright information here.