Key Derivation in HSM
Secubit uses a layered key derivation model that ensures wallet keys are never exposed outside of the HSM in plaintext and are always bound to cryptographic proofs of the walletβs identity. The HSM combines its root of trust (root hash) with a hardware-protected master key to seal and control wallet data, while the server stores only encrypted values.
The process works as follows:
-
Wallet identity commitment
Each wallet has a unique hash aka wallet hash derived from its metadata and validated against the Merkle root stored in the HSM. The wallet hash, together with the relevant parent hashes, establishes a proof of membership in the Merkle tree. -
Sealing with a master key
The HSM holds a hardware-protected master key. Using AES-256 encryption, the HSM combines the master key with the wallet hash to derive a wallet sealing key. This key never leaves the HSM in plaintext and acts as a per-wallet symmetric key used for encrypting or decrypting wallet seeds. -
Server storage of encrypted seeds
The Secubit server stores only encrypted wallet seeds in its database. These seeds are protected with the corresponding wallet sealing key, meaning that even if the database is compromised, no usable key material is exposed without the HSM. -
Key derivation
When a wallet needs to sign, the HSM uses the wallet sealing key to decrypt the wallet seed. From this seed, the HSM performs deterministic derivation according to BIP-32 or SLIP-10 standards. The derived private key (e.g., secp256k1 or ed25519) is then used for signing inside the HSM. -
Security boundary
At no point is the plaintext wallet seed or signing key available outside of the HSM. The server and database only see encrypted values, while the HSM enforces policies and produces signatures.
flowchart TD
subgraph HSM["Secubit HSM Store"]
R("root hash")
MK("π master key")
end
R --- P --- W
P("parent hashes")
W("wallet hash")
W ---> E
MK ---> E
E(["encrypt (aes256)"])
E ---> WSK
WSK("π wallet sealing key")
WSK ---> D
subgraph S["Secubit Server"]
DB[("database")]
end
DB ---> EWS
EWS("encrypted wallet seed")
EWS ---> D
D(["decrypt (aes256)"])
D ---> WS ---> DR ---> SK
WS("π wallet seed")
DR(["derive (bip32/slip10)"])
SK("π signing key")
Cryptography Specifications
Secubit supports industry-standard cryptographic curves and deterministic derivation schemes that match the requirements of different blockchain ecosystems.
-
secp256k1
The elliptic curve used in Bitcoin and Ethereum. Secubit uses this curve for ECDSA and Schnorr signatures. Key derivation for secp256k1 follows the BIP-32 standard for hierarchical deterministic (HD) wallets. -
ed25519
A modern elliptic curve designed for both speed and security. It is widely used in newer blockchain platforms. Key derivation for ed25519 uses the SLIP-10 scheme, which adapts hierarchical deterministic derivation to this curve. -
BIP-32 (Bitcoin Improvement Proposal 32)
Defines HD wallets specifically for secp256k1. From a single seed, an entire structured key tree can be derived, making account and address management efficient and reproducible. -
SLIP-10 (SatoshiLabs Improvement Proposal 10)
Provides deterministic derivation for ed25519. This enables account hierarchies and structured key management in ecosystems that rely on ed25519-based signatures.
| Curve / Standard | Purpose | Examples of Blockchains |
|---|---|---|
| secp256k1 + BIP-32 | ECDSA signatures, HD derivation | Bitcoin, Ethereum, Litecoin |
| ed25519 + SLIP-10 | EdDSA signatures, HD derivation | Cardano, Polkadot, Solana |
By combining these cryptographic standards with AES-256 sealing inside the HSM, Secubit ensures that wallet seeds are deterministically derived and cryptographically secure, with no plaintext key material ever leaving the secure hardware boundary.