Supported Features
Core MPC actions
Advanced actions
In all core MPC actions, there is no point the full secret signing key is assembled and all actions are distributed!
Key generation
Create a new wallet in a truly distributed way
- A new wallet is generated collaboratively between the client and server.
- The private key is never assembled or known in its entirety by any party.
- Each party generates its own secret share, contributing to the overall private key.
- The corresponding public key (wallet address) is derived from these shares without revealing the private key.
- The process ensures that the complete private key never exists on any single device or at any point in time.
This distributed key generation forms the basis for all subsequent MPC operations, providing a secure foundation for the wallet with enhanced privacy and security guarantees.
Sign generation
Sign messages while maintaining the distributed nature of the private key:
- Collaborative signature generation occurs between the client and server.
- Each party uses its secret share to contribute to creating a valid ECDSA signature.
- The private key remains distributed and is never reconstructed during the signing process.
- The resulting signature is cryptographically identical to one created with a standard single-party wallet.
- Supports signing of arbitrary messages, typically transaction data on the blockchain.
This distributed signing process allows for secure transaction authorization while preserving the key's distributed nature, exemplifying the MPC wallet's enhanced security model.
Key Refresh
Proactively update the client's and server's secret shares without altering the wallet's public address or key. This process enhances long-term security of the MPC wallet.
Key Refresh Benefits
Key refresh is a critical security feature in MPC systems, offering several advantages:
- Forward security: Regularly refreshing shares maintains the system's security posture and invalidates the old compromised shares, at the event of share compromisation.
- Hardening Cryptanalysis : It reduces the attack vector of cryptanalysis since the potential adversary can obtain fewer signatures from the same secret key.
- Compliance with Key Rotation Policies: Helps meet regulatory or organizational requirements for periodic key updates.
By implementing regular key refreshes, the overall security of the MPC system is significantly enhanced, creating a dynamic security environment that's resistant to long-term attacks and information leakage.
Key Import
Convert an existing EOA (Externally Owned Account) into an MPC wallet by importing the private key. While this enhances security through distribution, it's important to note that the original private key has existed in full form. Therefore, we cannot provide the same level of security guarantees as with a natively generated MPC wallet. Secure management of the original private key remains the developer's responsibility.
Key Export
Users can convert their MPC wallet back to a standard EOA by exporting the full private key at any time. This process reconstructs the complete private key from the distributed shares. It's crucial to understand that once exported, the wallet loses the enhanced security benefits of MPC. The responsibility for securely managing the exported private key shifts entirely to the developers and users from this point forward.
Verifiable Backup
Create an encrypted backup of the server's key share using a verifiable encryption scheme. This advanced feature allows for the generation of a secure backup that can be publicly verified without compromising the encrypted data. Key aspects include:
- Encryption of the server's secret share for secure storage
- Public verifiability of the backup's correctness without decryption
- Assurance that the backed-up share corresponds to the active MPC wallet
- Enhanced disaster recovery capabilities while maintaining security
This mechanism provides a crucial balance between backup accessibility and continued protection of the distributed key, offering a robust solution for secure key recovery in case of server failure or loss.