The Competitive Advantage of SuperNode

Guardian will soon deploy specialist SuperNodes inside it’s own network as well as other L1s and L2 to enable faster, smarter and ultimately greater transaction integrity.

One of SuperNode’s core functions is ZK reputational affirmation, (peer reviewed ZK cryptographic verification of the transaction, Reputational confirmation (peer parallel conformation via execution) and ZK reputational rollup. (Peer confirmation of batch of transactions). All conclude in settlement on L1 or L2 chain.

SuperNode protects intense workloads processing sensitive data
with confidential computing throughout their lifecycle — build, deployment, and management to fulfil compliance and regulatory requirements.

The need to protect sensitive PII, transactional, business data and intellectual property is continuing to grow and does not affect only large or regulated organisations.

The need for protection against internal and external threats is always present, while the cost of resolution and the number of data or security-related breaches is growing. The trend to run containerised applications in production has significantly increased in past years and is continuing to grow.

With SuperNode we have addressed the need for data and privacy protection during deployment and production. The protection against internal and external threats begins during development and continues in production environments. Our infrastructure continues to evolve and leverage the latest technologies. Key SuperNode concepts are the data- in-use protection and simplified management of deployment while assuring data confidentiality, integrity, and no interactive access to a deployed instance.

SuperNode leverages the next generation of workload isolation technology provided by IBM zSystems and IBM LinuxONE through IBM Secure Execution for Linux, a hardware-based security technology that is designed to provide scalable isolation. This further extends flexibility of confidential computing from an on premise Hardware Security Module (HSM) and FIPS4 secure enclave and secure Cloud and hybrid cloud environments designed for Zero Trust and total privacy protection.

Each container within a SuperNode gains the benefit of a Confidential Computing solution with an additional level of protection. SuperNode will only deploy container versions, which are validated at deployment through an explicit signing procedure.

SuperNode contains a harden and extended boot loader to start the embedded guest operating system with an integrated Container Runtime to simplify workload deployment and abstraction.

The usage of a Hardware Security Module (HSM) to protect keys is common for many use cases. As a Crypto Express adapter is accessed from within the isolated workload, protected by Confidential Computing provided through the Secure Execution for Linux technology, enables end-to-end asset protection or regulatory compliance regarding data privacy with a FIPS certified HSM).

To enable such solutions directly attach a Crypto Express adapter to a dedicated Secure Service Container LPAR and deploy the Crypto Express Network API for Secure Execution Enclaves provided as component of Hyper Protect Virtual Servers within. As the also provided Grep11 server is deployed in the Hyper Protect Container runtime EP11 operations are now performed in the HSM which communication is secured through an mTLS-protected network channel from the Trusted Execution Environment.

Our SuperNode Advantage

Each SuperNode contains the following specialised components:

→ Secure Enclave — Hardware segregated secure computation area with restricted and controlled administrative access and specialised CI/CD processes to control the introduction of any upgrades and releases. The secure enclave provides the perfect operational vault for asset tokenisation and its smart contract, ensuring ultimate consistency and security on every authorised action and at every point in the workflow.

→ Hardware Security Module (FIPS 4 compliant) — Provides ultra-secure management of cryptographic keys and performance of associated cryptographic operations such as digital signing.

→ Multi Party Computation (MPC) module — Used to co-sign transactions where multiple parties are required to complete the approval.

→ Policy Seeding Module — A method of publishing user, DAO or dapp policies selected by the relevant authorities to achieve a trust-based workflow. The workflow is constructed using your APIs and input data with the use of no code composable form templates, the results of which are validated and approved prior to construction are via smart contract artefacts generator which enable specific checks/validations, interacting with approvers/confirmers via registered devices with built in cryptographically. This module operates in the Secure Enclave.

SuperNode ensures the following:

→ Generation and execution of smart contracts compatible with EVM state maintenance between Guardian SuperNodes(validation nodes with additional cryptographic functions).

→ Approval and consensus functions between multiple parties. Key sharing and signing are cryptographically enforced according to the client’s defined policy rules operable across any chain. MPC: That’s keys can be placed in any combination on any device: mobile, cloud on NIST/FIPS 140–2 Level 4 HSMs.

→ The Most Secure, Scalable MPC Key Management: Private keys are shared between Guardian Policy shards under zero knowledge in secure enclave and the users key shards with the potential for multiple shards to be shared across multiple signers. The transactions are signed using our efficient MPC protocols, to ensure that no single device, service, contract or person ever has access to the private key.

→ SuperNode incorporates the threshold key generation and threshold signing, where it keeps the state of the transaction in its local memory and communicates with the validator. It generates and propagates the messages sent across the Mesh Network validators either through private or public channels.

→ Only transactions that comply with client defined policies will be signed. This is the client’s own logic web3 firewall.

→ Enabler for Hybrid Custody. This uses pre-agreed policies and workflows to allow providers, venues and platforms to ‘share’ custody with owners who retain full control, but only under a mutually pre agreed set of circumstances, that ensures every participants rights over digital assets are transparently, consistently, and fairly enforced according to the rules and conditions that everyone agreed to through multi-party consensus on any device.

As we’ve seen over the years, the best defense against cybercriminals is a multilayered one that can provide redundancy in the event that one of the security controls fails. That’s why today’s market requires a security control layer that layers MPC alongside numerous other on chain, off chain and hardware defences to make breaking in highly expensive and nearly impossible.

At Guardian, our “defence-in-depth” security fulfils these requirements, uniquely utilising FIPS Level 4, NIST 140–2 certified chip-level hardware isolation, confidential computing, distribution of sensitive information across multiple tier-1 cloud providers, and a highly customisable policy engine in addition to MPC. We’re using the fastest and most secure algorithm currently available in Sepior MPC — injecting a new degree of flexibility to the equation (we are the only provider capabling of MPC in a FIPS Level 4 secure enclave and in tandem siging through a hardware security module.

Find out more

If you’re interested in taking a more in-depth look at how SuperNode and Proof of Reputation can advanced your L1 or L2 you can visit our website.

Be part of Guardian Network:

Website: https://guardianlabs.org

• Follow us on Twitter @guardian_labs
• Join our discord guardianlabs: https://discord.gg/5rjbGkAp99