Skip to content

cryptuon/nklave

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

13 Commits
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 

Repository files navigation

CI License: MIT Docs Crates.io

nklave

🌐 Site Β· πŸ“š Docs Β· πŸ“¦ crates.io package Β· πŸ”¬ Cryptuon Research

Policy-enforcing trust boundary for PoS validators.

Nklave is a signing security layer that makes slashable signing impossible by construction. It sits between validator clients and signing keys, enforcing slashing-prevention rules before any signature is produced.

β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”         β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”         β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚ Validator Clientβ”‚         β”‚            Nklave               β”‚         β”‚  Signing Keys   β”‚
β”‚                 β”‚  Sign   β”‚  β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”  β”‚         β”‚                 β”‚
β”‚  - Lighthouse   β”‚ ──────▢ β”‚  β”‚     Policy Engine         β”‚  β”‚ ──────▢ β”‚  - BLS (ETH2)   β”‚
β”‚  - Teku         β”‚         β”‚  β”‚  β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”  β”‚  β”‚         β”‚  - Ed25519      β”‚
β”‚  - Prysm        β”‚ ◀────── β”‚  β”‚  β”‚ Slashing Protection β”‚  β”‚  β”‚ ◀────── β”‚    (Cosmos)     β”‚
β”‚  - Lodestar     β”‚  Sig/   β”‚  β”‚  β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜  β”‚  β”‚  Sign   β”‚                 β”‚
β”‚                 β”‚  Refuse β”‚  β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜  β”‚         β”‚                 β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜         β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜         β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
                                         β”‚
                                         β–Ό
                            β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
                            β”‚   Append-Only Log     β”‚
                            β”‚   + Checkpoints       β”‚
                            β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜

Quick Start

Docker

docker run -p 9000:9000 ghcr.io/cryptuon/nklave

From Source

cargo install nklave-server
nklave --keys-dir ./keys --data-dir ./data

With Docker Compose

git clone https://github.com/cryptuon/nklave
cd nklave
docker compose -f docker/docker-compose.yml up

Features

  • Web3Signer Compatible - Drop-in replacement for existing validator setups
  • Slashing Protection - Enforces EIP-3076 and custom rules at the signing layer
  • Multi-Chain - Ethereum (BLS), Cosmos/CometBFT (Ed25519), extensible to others
  • Audit Trail - Append-only decision logs with cryptographic chaining
  • State Integrity - Rollback-resistant checkpoints prevent state manipulation
  • Embedded UI - Vue.js dashboard for monitoring and operations
  • High Availability - Primary/passive replication with automatic failover

Crates

Crate Description
nklave-core Core signing logic, BLS/Ed25519 keys, slashing protection rules
nklave-api Web3Signer-compatible HTTP API with embedded UI
nklave-storage Append-only logs, checkpoints, EIP-3076 interchange
nklave-server Main server binary with TLS, metrics, configuration
nklave-cosmos Cosmos/CometBFT remote signer protocol
nklave-cli CLI tools for key management and operations

API Endpoints

# Health checks
GET  /livez                          # Liveness probe
GET  /readyz                         # Readiness probe
GET  /health                         # Detailed health status

# Web3Signer API
GET  /api/v1/eth2/publicKeys         # List validator public keys
POST /api/v1/eth2/sign/:pubkey       # Sign a message

# Admin
POST /reload                         # Reload keys from disk
GET  /status                         # Server status
POST /admin/checkpoint               # Force checkpoint

Configuration

Environment variables:

Variable Default Description
NKLAVE_LISTEN_ADDR 127.0.0.1:9000 Server listen address
NKLAVE_KEYS_DIR ./keys Validator keystores directory
NKLAVE_DATA_DIR ./data State and logs directory
NKLAVE_KEYSTORE_PASSWORD - Password for encrypted keystores
NKLAVE_API_TOKENS - Comma-separated bearer tokens
NKLAVE_METRICS_ADDR - Prometheus metrics endpoint
RUST_LOG nklave=info Log level

Documentation

Full documentation at docs.cryptuon.com/nklave:

Contributing

Contributions are welcome. Please open an issue to discuss significant changes before submitting a PR.

# Run tests
cargo test --all

# Run with coverage
cargo llvm-cov --all-features

# Run benchmarks
cargo bench -p nklave-core

License

MIT License - Cryptuon Research Β· contact@cryptuon.com


Part of Cryptuon Research

nklave is one of 20 open-source blockchain-infrastructure projects from Cryptuon Research β€” blockchain theory, shipped as protocols.

Related projects: Tesseract Β· Switchboard Β· StreamSync

Docs: docs.cryptuon.com/nklave Β· Contact: contact@cryptuon.com

Releases

No releases published

Packages

 
 
 

Contributors