VMware Blockchain uses decentralized key generation and multi-signature schemes.

During the initial system setup, each Replica node starts with an assigned set of bootstrap keys. An operator generates these keys, and they are used by the BFT consensus mechanism to agree on the published keys.

For the system to become operational and handle external requests, every Replica node must generate a new set of private and public keys. The keys must be published to the rest of the Replica Network using the previously assigned bootstrap keys and the consensus mechanism.

After the new key pair is published, the old one is deleted from all the Replica nodes. The new keys are saved on the VMware Blockchain reserved pages.

Every message transmitted on the Replica Network is then signed with the Replica node private key using the multi-signature scheme. To verify the signature, the receiver of the message must know the signing parties' exact order. The receiver also gets a bit-vector of signers with the message, which is transmitted with a multi-signed message.