TrioSession

A three-party threshold-signature session.

A TrioSession splits a private key across three parties in a 2-of-3 scheme: any two cooperate to sign, and no single party ever holds the whole key. On top of the operations a two-party session offers, it adds three-party capabilities — preSign/preSignFinal for low-latency signing, recover to rebuild a lost share from the other two parties, and hardDerivation for independent child keyshares. It supports ECDSA (secp256k1) and EdDSA (Ed25519); the pre-signature operations and hardDerivation are ECDSA-only.

The keyId model

Session operations are addressed by an opaque keyId string, not by keyshare bytes. The SDK reads and writes the actual share through the StorageClient you supply at construction, so your code never holds raw keyshare material. keygen, import, recover, and hardDerivation return a keyId; the remaining operations take one.

The stateless helpers on the SilentShard facade take keyshare bytes you read from your own StorageClient by keyId (see com.silencelaboratories.silentshard.trio.SilentShard.getKeysharePublicKey).

Usage

val session = SilentShard.ECDSA.trioInitiator(
messageSigner = myMessageSigner, // your hardware-backed identity key
cloudVerifyingKey = peerVerifyingKeyHex,
websocketConfig = WebsocketConfig(url = "wss://your-server.example.com"),
storageClient = myStorageClient, // the SDK persists keyshares here
)

val keyId = session.keygen().getOrThrow()
val signature = session.sign(keyId, message = messageHashHex).getOrThrow()

All operations are suspend functions and perform network I/O; call them off the main thread.

See also

for construction and stateless helpers.

for keyshare persistence.

for the staged/current keyshare lifecycle.

Types

Link copied to clipboard
object Companion

Properties

Link copied to clipboard

The public verifying key of this party's master signing key (hex format). Share with other parties to establish secure communication.

Functions

Link copied to clipboard
suspend fun delete(keyId: String): Result<Unit>

Removes a stored keyshare. After this call completes the supplied keyId is no longer resolvable through the SDK's operations.

Link copied to clipboard
suspend fun export(keyId: String): Result<ByteArray>

Reconstructs the full private key from the parties' shares — the way to move a key out of MPC, or to back it up.

Link copied to clipboard
suspend fun hardDerivation(keyId: String, derivationPath: String): Result<String>

Derives a new, independent child keyshare from an existing parent keyshare along a hardened BIP32 path. ECDSA only — EdDSA returns a failure.

Link copied to clipboard
suspend fun import(keysharePrivateKey: ByteArray): Result<String>

Imports a private key into three-party MPC and returns the resulting keyId.

Link copied to clipboard
suspend fun keygen(): Result<String>

Generates a new distributed key through three-party MPC and returns its keyId.

Link copied to clipboard
suspend fun preSign(keyId: String): Result<ByteArray>

Precomputes the message-independent part of a signature for fast finalization. ECDSA only — EdDSA has no pre-signature stage.

Link copied to clipboard
suspend fun preSignFinal(preSignature: ByteArray, message: String, derivationPath: String = "m"): Result<ByteArray>

Finalizes a preSign result into a signature over message. ECDSA only, like preSign.

Link copied to clipboard
suspend fun reconcile(keyId: String): Result<ByteArray>

Completes a staged keyshare, promoting it to the active share used for signing.

Link copied to clipboard
suspend fun recover(keysharePublicKey: ByteArray): Result<String>

Rebuilds a lost keyshare from the other two parties and returns its keyId.

Link copied to clipboard
suspend fun refresh(keyId: String): Result<ByteArray>

Rotates the keyshares of an existing key without changing its public key.

Link copied to clipboard
suspend fun sign(keyId: String, message: String, derivationPath: String = "m"): Result<ByteArray>

Signs a message hash with three-party threshold signing.