How MPC Wallets Work Under the Hood

Distributed Key Generation

At the core of an MPC wallet is the idea that a private key is never created in full. Instead, the process begins with distributed key generation, or DKG. In a DKG protocol, multiple parties participate in the creation of a cryptographic key without any of them ever learning the complete secret. Each participant generates a partial share and exchanges verifiable commitments with others. Through this process, the group collectively arrives at a public key that corresponds to the distributed private shares. Importantly, the full private key never exists at any single point in time or on any single device.

This distinction is crucial because it eliminates the risks that accompany conventional wallets, where the generation of a private key on a single machine creates an immediate vulnerability. If that machine is compromised, the entire wallet is at risk. By contrast, in MPC-based wallets, no party can misuse the system by themselves. Even the entity that initiated the wallet creation process cannot reconstruct the private key without cooperation from other participants. This property not only improves security but also shifts trust from individual devices toward collective protocols.

From Secret Sharing to Threshold Signatures

Earlier approaches to distributed key management often relied on Shamir’s Secret Sharing (SSS). In SSS, a secret such as a private key is divided into multiple shares, and any threshold number of shares can be recombined to reconstruct the secret. While this provided redundancy and resilience, it suffered from a fundamental weakness: at the moment of reconstruction, the full secret was exposed. If an attacker was present at that point, they could steal the key. Threshold signature schemes, which underpin modern MPC wallets, avoid this issue. Instead of reconstructing the key, they allow multiple participants to generate partial signatures on their shares. These partial signatures are then combined into one final, valid signature that the blockchain recognizes, without the full key ever coming into existence.

This shift from reconstruction to computation is a defining innovation. It transforms the role of secret shares from passive backups into active participants in the cryptographic process. The advantage is both practical and philosophical: rather than trusting that shares will only be combined under secure circumstances, the system ensures that they never need to be combined at all. This guarantees stronger security guarantees and makes the system inherently resistant to the most common forms of key compromise.

The Signature Workflow

When a user of an MPC wallet initiates a transaction, the signing process occurs as a collaborative computation. Each party holding a share uses it to compute a partial signature. These computations can happen across different devices, servers, or secure modules, depending on how the wallet is configured. Once the partial signatures are generated, they are transmitted to an aggregator that combines them into a single digital signature. The resulting output is indistinguishable from a standard cryptographic signature, such as one based on ECDSA or EdDSA, which are widely used across blockchains. Because of this indistinguishability, blockchains do not need to adapt to accept threshold signatures; they verify them just as they would any conventional signature.

From the perspective of the end user, this process is seamless. The user presses a button to authorize a transaction, and the system orchestrates the partial computations in the background. However, from a security standpoint, the difference is profound. No individual device, server, or participant can unilaterally produce a valid signature. The requirement for cooperation enforces distributed trust, meaning that even if one participant is compromised, the system remains secure so long as the threshold is not met. This arrangement balances usability with resilience, offering a wallet experience that feels simple while relying on complex cryptography behind the scenes.

Wallet Architectures and Share Distribution

MPC wallets can be architected in a variety of ways depending on the needs of users and institutions. In some designs, shares are distributed across multiple devices owned by the same user, such as a smartphone, a hardware security module, and a cloud service. This approach allows for redundancy while still ensuring that no single compromised device can endanger the wallet. In more institutional contexts, shares are distributed across different entities, such as separate departments within a company, multiple executives, or a blend of internal and external custodians. The goal is always the same: to minimize the risk that any one participant could misuse or lose control of the key.

Distribution also introduces governance possibilities. A wallet can be configured so that only a subset of parties is required to authorize a transaction. For example, three out of five shares may be sufficient to sign, while the other two act as backups. In other scenarios, different thresholds may apply depending on the size or type of transaction. Everyday transfers could require a smaller quorum, while high-value transfers may demand a larger subset. These rules are enforced not through organizational policy alone but directly through cryptographic protocols, making them tamper-resistant and transparent.

Proactive Security and Key Rotation

One of the advanced capabilities of MPC-based wallets is proactive secret sharing, which allows keys to be refreshed without changing the public key or exposing the underlying secret. Over time, cryptographic shares may become vulnerable if an attacker has slowly compromised individual devices. Proactive refresh protocols address this by periodically regenerating shares among participants in such a way that the new shares correspond to the same public key. This means that the wallet remains operational with the same address, but the secret distribution is continually renewed, reducing the chance of long-term compromise.

This mechanism offers a dynamic form of security absent in most traditional wallets. In conventional systems, a compromised key often requires migrating funds to a new address, a process that can be operationally complex and potentially disruptive. With proactive refresh, institutions can maintain the same wallet addresses indefinitely while cycling their internal security. This capability highlights how MPC not only matches but exceeds the security features of earlier models.