VMware Blockchain uses decentralized key generation and multi-signature scheme.

During the initial system setup, each Replica node starts with an assigned set of bootstrap keys. An operator generates these keys and they are used by the BFT consensus mechanism to agree on the published keys.

For the system to become operational and handle external requests, every Replica node must generate a new set of private and public keys. The keys must be published to the rest of the Replica Network using the previously assigned bootstrap keys and the consensus mechanism.

After the new key pair is published, the old one is deleted from all the Replica nodes. The new keys are saved on the VMware Blockchain reserved pages.

Every message transmitted on the Replica Network is then signed with the Replica node private key using the multi-signature scheme. To verify the signature, the receiver of the message must know the exact order of the signing parties. With the message, the receiver also gets a bit-vector of signers which is transmitted with a multi-signed message.