S
Setu
Back to Documentation

Signing Infrastructure

Setu's distributed signing infrastructure enables secure, fault-tolerant transaction validation across chains

On This Page

ArchitectureTransaction Lifecycle

Core Components

  • Distributed Key Generation - No single party holds complete private keys
  • Multi-Party Computation - Transaction signing requires multiple participant approval
  • Threshold Cryptography - Only a subset of signers needed for valid transactions

Signing Architecture Diagram

Signing Architecture Diagram

Security-First Design

Built with defense-in-depth principles to protect against both external attacks and internal compromise

High Availability

Redundant signing nodes ensure cross-chain transactions proceed even if some nodes are unavailable

Fault Tolerance

Continues operating correctly even in the presence of failures or malicious behavior

Secure Key Management

Distributed Key Generation (DKG)

How Setu DKG Works

Setu employs a state-of-the-art DKG protocol where no single party ever possesses the complete private key material at any point in time. Private keys are generated collaboratively by multiple nodes.

  • Key shares distributed across multiple nodes
  • Quantum-resistant key generation algorithms
  • Periodic key rotation and refresh mechanisms

Key Management Lifecycle

1
Generation

Multiple parties jointly generate key shares without revealing their portions

2
Distribution

Key shares are securely distributed to authorized signing nodes

3
Rotation

Regular rotation of keys to minimize compromise window

Security Guarantees

Setu's key management infrastructure guarantees that even if up to threshold-1 participants are compromised, the system's private keys remain secure and unauthorized transactions cannot be signed.

Threshold Signing Protocol

How Threshold Signing Works

Setu uses a t-of-n threshold signing scheme, where any subset of t participants from the total n can collaborate to produce valid signatures, without ever reconstructing the private key.

Threshold Configuration

7 of 10

Production Environment

70% of signers required for valid transaction

3 of 5

Testing Environment

60% of signers required for valid transaction

Signature Verification

Network participants can verify signatures without knowing the key generation process

Transaction Validation

Multiple validators ensure transactions meet protocol requirements before signing

Censorship Resistance

No single validator can block legitimate transactions from being processed

Recovery Mechanisms

Node Failure Recovery

Setu's threshold design ensures the system remains operational even if some nodes fail. If a node is permanently lost, recovery involves re-sharing the keys among the remaining active nodes.

Disaster Recovery

In the event of a catastrophic failure, encrypted key backups and governance protocols allow for the secure restoration of the signing infrastructure.

Security Measures

Regular Audits

Codebase and cryptographic implementations undergo regular security audits by reputable third-party firms.

Formal Verification

Critical components of the signing protocol are formally verified to ensure mathematical correctness and security properties.

Access Control

Strict access controls and role-based permissions limit access to sensitive operations and key material.

Monitoring & Alerting

Continuous monitoring detects suspicious activity, triggering automated alerts and response protocols.

ArchitectureTransaction Lifecycle