Skip to main content

What is MPC?

Multi-Party Computation (MPC) is a cryptographic technique that allows multiple parties to jointly compute a function while keeping their individual inputs private. In blockchain wallets, MPC enables secure, distributed key management where no single party ever has access to the complete private key.

Core Concepts

Parties and Ceremonies

Party - An entity participating in an MPC operation (e.g., user device, Dynamic’s server, enterprise server) Ceremony - A coordinated event where parties come together to perform MPC operations like key generation, signing, or resharing Room - A unique communication channel on the MPC relay that allows all parties to securely communicate during ceremonies Quorum - The minimum number of parties required to complete an MPC operation (e.g., 2 out of 3 parties)

Digital Signatures and TSS

Digital Signature Scheme - A set of cryptographic algorithms (key generation, signing, verification) that ensure authenticity and integrity. Examples include:
  • ECDSA - Elliptic Curve Digital Signature Algorithm
  • EdDSA - Edwards-curve Digital Signature Algorithm
  • Schnorr - Schnorr Digital Signature Algorithm (BIP-340)
Threshold Signature Scheme (TSS) - An MPC implementation of a digital signature scheme that distributes signing authority across multiple parties. Only when the threshold is reached can operations be performed.

Key Management Operations

Key Generation

Key Generation Initialization - A preliminary process that creates encryption keys for secure communication between parties and assigns unique identifiers to each participant. Distributed Key Generation (DKG) - The core process where parties collaboratively generate key shares without any party seeing the complete private key. Key/Keyring - The complete set of all key shares that collectively represent the wallet’s signing capability. Key Share - An individual party’s portion of the distributed key, containing a public key and secret share. Secret Share - The private component of a key share that must be kept secure.

Key Maintenance

Resharing - The process of modifying the MPC configuration (e.g., changing from 2-of-2 to 2-of-3, adding new parties, or removing existing ones). Refreshing - Replacing existing key shares with new cryptographically equivalent ones without changing the wallet address, improving long-term security. Export - Creating a portable backup of a key share for recovery or migration purposes. Offline Export - Generating a backup share that can be stored independently of the online system.

Share Types

User Shares

Local Share - Stored directly on the user’s device (browser localStorage, mobile device storage). Device Share - A local share stored in the device’s secure enclave (e.g., iOS Secure Enclave, Android Keystore). Cloud Share - Stored in cloud storage services like Google Drive, iCloud, or OneDrive. Can be managed programmatically using the useWalletBackup hook. Export Share - A file-based backup stored locally on the user’s device (base64 encoded). Backup Share/Cold Share - Any user share stored in a durable, server-side location for recovery purposes.

Server Shares

Dynamic Share - Generated and encrypted within Dynamic’s Trusted Execution Environment (TEE), stored in Dynamic’s database. Customer Share - Enterprise-controlled shares stored on customer infrastructure using the Node SDK.

Security Architecture

Trusted Execution Environment (TEE)

Dynamic uses AWS Nitro Enclaves to provide isolated, attested execution environments where sensitive operations like key decryption and signing occur.

MPC Relay

A secure communication infrastructure that manages party coordination, encrypted data transmission, fault tolerance, and rate limiting.

Encryption and Storage

Server Share Encryption - Generated in Evervault enclaves, encrypted by the enclave, and stored outside the vault in Dynamic’s database. User Share Encryption - Can be encrypted with user-provided passcodes, device-based authentication (passkeys), or cloud storage encryption keys. Dynamic Client Key Share Service - When backed up with Dynamic using our client key share service, user shares are encrypted through Evervault’s encryption proxy for enhanced security.

Why MPC Matters

For a comprehensive overview of the benefits and advantages of MPC, including security benefits, user experience improvements, and developer advantages, see our dedicated Why MPC Matters page.