Lux Financial
Infrastructure

Infrastructure

Vertically integrated infrastructure stack — KMS, MPC, IAM, post-quantum cryptography, and node deployment.

Infrastructure

Lux Financial provides a vertically integrated infrastructure stack for enterprise-grade banking operations including key management, multi-party computation, identity management, and post-quantum security.

Architecture Overview

Your Application

    Lux API

  ┌────┴────┐
  │         │
Lux IAM   Custody Layer
  │         │
  │    ┌────┴────┐
  │    │         │
  │  Lux KMS  Lux MPC
  │    │         │
  │   HSM    Threshold
  │          Signing

Lux Node

  ├── Post-Quantum Crypto
  └── Consensus Engine

Lux KMS

Enterprise key management with HSM integration.

  • HSM Integration: AWS CloudHSM, Azure Dedicated HSM, Thales
  • Key Rotation: Automatic rotation with configurable policies
  • Audit Logging: Complete audit trail for all key operations
  • Multi-Region: Global key distribution with regional isolation
import { LuxKMS } from '@luxfi/kms';

const kms = new LuxKMS({
  region: 'us-east-1',
  hsmProvider: 'aws-cloudhsm',
});

const key = await kms.generateKey({
  type: 'ECDSA_SECP256K1',
  usage: ['sign', 'verify'],
  rotation: '90d',
});

const signature = await kms.sign({
  keyId: key.id,
  message: transactionHash,
  algorithm: 'ECDSA_SHA256',
});

See Lux KMS for full documentation.

Lux MPC

Multi-party computation for self-hosted custody.

  • Threshold Signing: 2-of-3, 3-of-5, or custom threshold schemes
  • Key Sharding: Shamir's Secret Sharing for key distribution
  • Cold Storage: Offline key generation and signing
  • Recovery: Social recovery with trusted parties
import { LuxMPC } from '@luxfi/mpc';

const mpc = new LuxMPC({
  threshold: 2,
  parties: 3,
  keyShareHolders: [
    { id: 'party1', endpoint: 'https://party1.internal' },
    { id: 'party2', endpoint: 'https://party2.internal' },
    { id: 'party3', endpoint: 'https://party3.internal' },
  ],
});

const wallet = await mpc.generateWallet({ chain: 'polygon', currency: 'USDC' });
const signature = await mpc.sign({
  walletId: wallet.id,
  transaction: { to: recipientAddress, value: amount, data: transferData },
});

Supported Protocols

ProtocolCurveChains
CGGMP21secp256k1Bitcoin, Ethereum, EVM, XRPL
FROSTsecp256k1Bitcoin Taproot
LSSsecp256k1Dynamic resharing

Lux IAM

Enterprise identity and access management.

  • SSO Integration: SAML, OIDC, OAuth 2.0
  • Role-Based Access: Fine-grained permissions
  • Multi-Factor Auth: TOTP, WebAuthn, SMS
  • Audit Logging: Complete access audit trail

See Lux IAM for full documentation.

Post-Quantum Security

Future-proof cryptography via Lux Node.

  • ML-KEM: X25519MLKEM768, SecP256r1MLKEM768, SecP384r1MLKEM1024
  • Lattice-Based Crypto: CRYSTALS-Kyber, CRYSTALS-Dilithium
  • Hash-Based Signatures: SPHINCS+
  • Hybrid Mode: Combined classical + post-quantum
  • TLS 1.3: Post-quantum key exchange enabled by default
import { LuxNode } from '@luxfi/node';

const node = new LuxNode({
  network: 'mainnet',
  crypto: {
    mode: 'hybrid',
    pqAlgorithm: 'dilithium3',
    classicAlgorithm: 'ecdsa-secp256k1',
  },
});

const keypair = await node.crypto.generateKeypair({ algorithm: 'dilithium3' });

Node Infrastructure

ComponentDescription
BootnodeNetwork discovery and peer bootstrapping
ValidatorConsensus participation and block production
ArchiveFull historical data storage
RPCJSON-RPC and WebSocket endpoints
lux node deploy --type bootnode --region us-east-1
lux node deploy --type validator --stake 100000
lux node deploy --type archive --storage 10tb

Security Best Practices

Key Management

  1. Never store private keys in plaintext
  2. Use HSM for production key storage
  3. Implement key rotation policies
  4. Maintain secure key backup procedures

Access Control

  1. Implement least-privilege principle
  2. Require MFA for sensitive operations
  3. Regular access reviews
  4. Audit all privileged actions

Network Security

  1. Use private networks for internal services
  2. Implement network segmentation
  3. Enable DDoS protection
  4. Monitor for anomalous traffic

Monitoring & Alerts

import { LuxMonitoring } from '@luxfi/monitoring';

const monitoring = new LuxMonitoring({
  services: ['kms', 'mpc', 'iam', 'node'],
  alerts: {
    slack: process.env.SLACK_WEBHOOK,
    pagerduty: process.env.PAGERDUTY_KEY,
  },
});

monitoring.alert({
  name: 'high-value-transaction',
  condition: 'transaction.amount > 100000',
  severity: 'warning',
});

monitoring.alert({
  name: 'mpc-signing-failure',
  condition: 'mpc.signing.error',
  severity: 'critical',
});

On this page

InfrastructureArchitecture OverviewLux KMSLux MPCSupported ProtocolsLux IAMPost-Quantum SecurityNode InfrastructureSecurity Best PracticesKey ManagementAccess ControlNetwork SecurityMonitoring & Alerts