kms/core/service/config/compose_1.toml at ba79db2201b64bac8aae86025a89332926647c31 · zama-ai/kms · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
# See default_1.toml for the documentation.

mock_enclave = true

[service]
listen_address = "0.0.0.0"
listen_port = 50100
timeout_secs = 360
grpc_max_message_size = 104857600 # 100 MiB

[aws]
region = "us-east-1"
s3_endpoint = "http://dev-s3-mock:9000"

[public_vault]
storage_cache_size = 1000

[public_vault.storage.s3]
bucket = "kms"
prefix = "PUB-p1"

[private_vault.storage.s3]
bucket = "kms"
prefix = "PRIV-p1"

[backup_vault]
[backup_vault.storage.file]
path = "./backup_vault"
prefix = "BACKUP-p1"

[threshold]
listen_address = "0.0.0.0"
listen_port = 50001

my_id = 1

threshold = 1
dec_capacity = 10000
min_dec_cache = 6000
num_sessions_preproc = 2

decryption_mode = "NoiseFloodSmall"

[[threshold.tls.auto.trusted_releases]]
pcr0 = "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
pcr1 = "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
pcr2 = "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"

[[threshold.peers]]
party_id = 1
address = "abcd.dev-kms-core-1.com"
mpc_identity = "dev-kms-core-1.com"
port = 50001
tls_cert.path = "certs/cert_dev-kms-core-1.com.pem"

[[threshold.peers]]
party_id = 2
address = "abcd.dev-kms-core-2.com"
mpc_identity = "dev-kms-core-2.com"
port = 50002
tls_cert.path = "certs/cert_dev-kms-core-2.com.pem"

[[threshold.peers]]
party_id = 3
address = "abcd.dev-kms-core-3.com"
mpc_identity = "dev-kms-core-3.com"
port = 50003
tls_cert.path = "certs/cert_dev-kms-core-3.com.pem"

[[threshold.peers]]
party_id = 4
address = "abcd.dev-kms-core-4.com"
mpc_identity = "dev-kms-core-4.com"
port = 50004
tls_cert.path = "certs/cert_dev-kms-core-4.com.pem"

[threshold.core_to_core_net]
message_limit = 70
multiplier = 2.0
max_interval = 60
initial_interval_ms = 100
max_elapsed_time = 300
network_timeout = 20
network_timeout_bk = 300
network_timeout_bk_sns = 1200
max_en_decode_message_size = 2147483648
session_update_interval_secs = 60
session_cleanup_interval_secs = 86400 # 1 day
discard_inactive_sessions_interval = 10800 # 3 hours (must exceed max preprocessing time ~44 min for Default params)
max_waiting_time_for_message_queue = 60
max_opened_inactive_sessions_per_party = 2000


# [threshold.preproc_redis]
# host = "redis://127.0.0.1"
#

[telemetry]
tracing_service_name = "kms-threshold-1"
tracing_endpoint = "http://jaeger:4317"
tracing_otlp_timeout_ms = 10000
metrics_bind_address = "0.0.0.0:9646"
enable_sys_metrics = true

[telemetry.batch]
max_queue_size = 8192
max_export_batch_size = 2048
scheduled_delay_ms = 500


[rate_limiter_conf]
bucket_size = 50000
pub_decrypt = 1
user_decrypt = 1
crsgen = 100
preproc = 25000
keygen = 1000
new_epoch = 1
reshare = 25