May 8, 2025
A hardened, tamper-evident backend infrastructure that secures the cloud layer of a multi-party computation platform, engineered for real-world signing, auditability, and zero-trust readiness.
Designing trust from the cloud up
As part of our full-stack MPC software platform, Regen Tech developed a security-hardened backend that acts as both a coordinating node and an enforcement layer for threshold signing policies.
This cloud backend isn’t just for demo coordination; it’s built for long-term deployment, with production-ready security controls, verifiable storage, and scalable messaging services for MPC operations across mobile, hardware, and browser parties.
The goal: to make the cloud trustworthy not through obscurity, but through cryptographic accountability.
Verifiable data integrity
To ensure that every log, action, and audit trail could be independently validated, we implemented:
Tamper-evident logs using Merkle chains to anchor operations
Blockchain anchoring of system snapshots to public networks
Independent watchers that can detect data manipulation or rollback attempts
At the core of this model is immudb, an immutable database with cryptographic verification of write history. This enables full row-level integrity without needing to rely on a single authority.
Anchoring for auditability
Every critical MPC session (key generation, signing, recovery) is recorded and periodically anchored to a blockchain. This ensures:
External validators can confirm the state history
Auditors have access to transparent system timelines
Compromised servers cannot rewrite or obscure logs
Clients can also opt for bring-your-own-chain (BYOC) anchoring, making it possible to integrate with enterprise blockchain infrastructure.
Secure by design
We implemented a zero-trust model across infrastructure, supported by:
Role-based access controls and device authentication
Encrypted peer-to-peer communication via our Messenger SDK
Built-in coordination with passkey-authenticated users
New devices joining an MPC group must meet strict registration policies enforced via the User Device Manager. All shard creation, relay, and recovery operations are validated through secure authentication flows.
Observability and resilience
The backend is equipped with real-time monitoring, fallback support, and rate-limited replay protection. All operations are observable by third-party clients using Merkle proof APIs and session transcripts.
The system also tracks fallback transport usage (e.g. switching from WebRTC to Socket.IO) and emits logs on transport choice, message delays, and signature coordination.
Foundation for trustless MPC
This backend is a foundational piece of the larger MPC platform. It powers:
Threshold signing and transaction policies for mobile, cloud, and hardware
Secure communication between MPC parties
Audit-ready compliance for production-grade deployments
As we continue to expand the platform, this cloud infrastructure will remain central to our secure, composable architecture, ensuring trust is built into every layer, not just the edges.