Increased Shielded Key Security for ICON Validators

With the ongoing expansion of ICON’s cross-chain framework, currently featuring xCall integrations across BTP and IBC, it is crucial to consider the security of node operations. Recently, there have been several hacking incidents in the blockchain industry that raise an alarm over the security concerns of blockchain networks. In turn, the primary impetus behind the creation of Shielded Key is to safeguard the private key of Validators (P-Reps) for node operations on the ICON network.

What is Shielded Key?

Shielded Key is a remote signing daemon that enables P-Reps to securely sign endorsement and node activities using various key management systems. The development team has prioritised the implementation of the solution with prominent cloud service providers such as AWS KMS, Azure Key Vault, GCP Key Management, and Hashicorp Vault. Consequently, Shielded Key aims to establish an isolated key signing environment where private keys are unable to be exported while effectively executing node operations in a secure manner.

How Shielded Key works?

Below is a standard flow on how the solution works:

1. An ICON operation request is sent to Shielded Key.
2. Shielded Key decodes and checks whether the operation is permitted based on the predefined policy.
3. Shielded Key sends the operation request to the vault for signing.
4. Upon receiving the signature from the vault, Shielded Key validates the signature.
5. Shielded Key returns the signature to the remote signer client.

Summary

With the release of such a key management solution, the team is going to collaborate with the ICON Foundation to deliver a pioneering key management solution to the ICON blockchain. With the introduction of future node penalty and reward modifications, such a movement will not only increase the security aspect of the ecosystem but also allow P-Reps to confidently manage their node activities to ensure a smooth operation for a maximum reward production. Please check our website at https://shieldedkey.com/ for the latest development progress.