for Tendermint blockchains • Signatory: multi-provider digital signature library for Rust • yubihsm.rs: pure Rust client for Yubico YubiHSM2 • Abscissa: security-oriented Rust application framework
"Raft for BFT" • Designed for Proof-of-Stake: security through network of validators / block proposers which sign blocks (Ed25519) • Application Blockchain Interface (ABCI): pluggable applications with arbitrary validation logic • Multiple production networks deployed: Cosmos Hub, IRIS Network, Terra Tendermint
Ledger, and software-backed keys • Centralized signing service for multiple networks: validators can spin up new Tendermint networks without having to provision additional HSM hardware • Double-signing prevention: prevents validators from signing repeatedly at the same block height (and getting slashed) • Deployed in production: by multiple Tendermint validators Tendermint KMS
signatures with support for both ECDSA and Ed25519 algorithms • Support for popular Rust signing crates: wrappers for the following: • ed25519-dalek • ring • secp256k1 (FFI wrapper for libsecp256k1) • sodiumoxide (FFI wrapper for libsodium) • HSM-friendly abstractions: supports the following HSM options • YubiHSM2 • Ledger (Tendermint only) Signatory
Secure Connection (SCP03) protocol with USB support • Most commands supported: ECDSA, Ed25519, key wrapping (encrypted export/import), HMAC, auditing • Mock HSM support: software reimplementation of the YubiHSM2 for testing and CI
THE EARTHS MAGNETIC FIELD X THE INFORMATION WAS GATHERED AND TRANSMITTED UNDERGRUUND TO AN UNKNOWN LOCATION X DOES LANGLEY KNOW ABOUT THIS ? THEY SHOULD ITS BURIED OUT THERE SOMEWHERE X WHO KNOWS THE EXACT LOCATION ? ONLY WW THIS WAS HIS LAST MESSAGE X THIRTY EIGHT DEGREES FIFTY SEVEN MINUTES SIX POINT FIVE SECONDS NORTH SEVENTY SEVEN DEGREES EIGHT MINUTES FORTY FOUR SECONDS WEST X LAYER TWO Kryptos K2
features while minimizing dependencies • Strong focus on security (particularly dependencies) • Particularly interesting for blockchain applications 0 ∞ S C I S S B https://github.com/iqlusioninc/abscissa/
gumdrop • components: ECS-like component architecture with hooks into the application lifecycle • configuration: parses TOML configurations files using serde • error handling: generic Error type based on the failure crate • logging: integrated logging subsystem based on the log crate • secrets management: optional Secret type (from the secrecy crate) which can be used to represent secret values parsed from configuration files or elsewhere • terminal interactions: support for colored terminal output 0 ∞ S C I S S B