Cubist co-founders Fraser Brown and Deian Stefan co-authored a blog post with Amazon Web Services (AWS) Blockchain Development Architect <a href="https://www.linkedin.com/in/daviddornseifer/" target="_blank">David-Paul Dornseifer</a>. The post, which describes how we used AWS Nitro Enclaves to build our CubeSigner key management platform, went live on the AWS Database Blog today. <br> ## Key features and design points <br> AWS is the foundation of CubeSigner because it’s the only cloud provider that gives us the primitives we need to address the security, correctness, and availability challenges faced by Web3 teams managing private keys—including Ethereum validator operators. <br> When building out CubeSigner for validators, we had three main goals:<br> <ol> <li>Prevent attackers or malicious insiders from stealing or misusing Eth1 and Eth2 keys.</li> <li>Protect operators from slashing by enforcing to-spec behavior.</li> <li>Help operators achieve their latency, reliability, and availability targets.</li> </ol> <br> Our system uses: secure hardware—Nitro Enclaves and KMS—to keep keys locked away from attackers; a policy engine backed by DynamoDB to prevent slashing; and AWS’s highly reliable, highly available services to make sure validators are always online. <br> ## Keep reading to learn more The blog post describes CubeSigner's high-level architecture in the context of how we designed it to protect Ethereum validator operators from insider threats, validator compromise, operational mistakes, and client bugs. It covers:<br> <ul> <li>The challenges of running Ethereum validators and the associated security and slashing risks.</li> <li>The idea of tackling these challenges using a remote key management solution and the underlying goals a key manager must be built around to meaningfully reduce risk.</li> <li>The high-level design of the CubeSigner system.</li> </ul> <br> Delve into the full post <a href="https://aws.amazon.com/blogs/database/use-aws-nitro-enclaves-to-build-cubist-cubesigner-a-secure-and-highly-reliable-key-management-platform-for-ethereum-validators-and-beyond/" target="_blank">here on the AWS Database Blog</a>. <br> <a href="https://aws.amazon.com/blogs/database/use-aws-nitro-enclaves-to-build-cubist-cubesigner-a-secure-and-highly-reliable-key-management-platform-for-ethereum-validators-and-beyond/" target="_blank"><img src="https://cdn.prod.website-files.com/638a2693daaf8527290065a3/66736f33a5dfdc3f7cdbc412_aws-blog-cubist-cubesigner-key-management-ethereum-validators.jpg" alt="Use AWS Nitro Enclaves to build Cubist CubeSigner, a secure and highly reliable key management platform for Ethereum validators and beyond"></a>