Key Derivation in HSM
Secubit uses a layered key derivation model that ensures wallet keys are never exposed outside of the HSM in plaintext and are always bound to cryptographic proofs of the walletโs identity. The HSM uses its hardware-protected wrapping key to encrypt and control wallet secret, while the server stores only encrypted values.
The process works as follows:
-
Wallet identity commitment
Each wallet has a unique hash aka wallet hash derived from its metadata and validated against the Merkle root stored in the HSM. The wallet hash, together with the relevant parent hashes, establishes a proof of membership in the Merkle tree. -
Encryption with a wrapping key
The HSM holds a hardware-protected wrapping key. This key never leaves the HSM in plaintext and acts as a symmetric key used for encrypting or decrypting wallet secrets. -
Server storage of encrypted secrets
The Secubit server stores only encrypted wallet secrets in its database. These secrets are protected with the HSM wrapping key, meaning that even if the database is compromised, no usable key material is exposed without the HSM. -
Key derivation
When a wallet needs to sign, the HSM uses the wrapping key to decrypt the wallet secret. From this secret, the HSM performs deterministic derivation according to BIP-32 or SLIP-10 standards. The derived private key (e.g., secp256k1 or ed25519) is then used for signing inside the HSM. -
Security boundary
At no point is the plaintext wallet secret or signing key available outside of the HSM. The server and database only see encrypted values, while the HSM enforces policies and produces signatures.
flowchart TD
subgraph HSM["Secubit HSM"]
SEK("๐ wrapping key")
end
SEK ---> D
subgraph S["Secubit Server"]
DB[("database")]
end
DB ---> EWS
EWS("encrypted wallet secret")
EWS ---> D
D(["decrypt (aes256)"])
D ---> WS ---> DR ---> SK
WS("๐ wallet secret")
DR(["derive (bip32/slip10)"])
SK("๐ signing key")
Cryptography Specifications
Secubit supports industry-standard cryptographic curves and deterministic derivation schemes that match the requirements of different blockchain ecosystems.
-
secp256k1
The elliptic curve used in Bitcoin and Ethereum. Secubit uses this curve for ECDSA and Schnorr signatures. Key derivation for secp256k1 follows the BIP-32 standard for hierarchical deterministic (HD) wallets. -
ed25519
A modern elliptic curve designed for both speed and security. It is widely used in newer blockchain platforms. Key derivation for ed25519 uses the SLIP-10 scheme, which adapts hierarchical deterministic derivation to this curve. -
BIP-32 (Bitcoin Improvement Proposal 32)
Defines HD wallets specifically for secp256k1. From a single secret, an entire structured key tree can be derived, making account and address management efficient and reproducible. -
SLIP-10 (SatoshiLabs Improvement Proposal 10)
Provides deterministic derivation for ed25519. This enables account hierarchies and structured key management in ecosystems that rely on ed25519-based signatures.
| Curve / Standard | Purpose | Examples of Blockchains |
|---|---|---|
| secp256k1 + BIP-32 | ECDSA signatures, HD derivation | Bitcoin, Ethereum, Litecoin |
| ed25519 + SLIP-10 | EdDSA signatures, HD derivation | Cardano, Polkadot, Solana |
By combining these cryptographic standards with AES-256 encryption inside the HSM, Secubit ensures that wallet secrets are deterministically derived and cryptographically secure, with no plaintext key material ever leaving the secure hardware boundary.