Guides
Start typing to search…

About Trustless MPC (tMPC)

Next-generation MPC security without custodial risk

io.finnet takes MPC and TSS technologies further with a platform for trustless MPC (tMPC).

At io.finnet, we allow you to generate your public/private key material and distribute it between N number of signers, all with an individual amount of Signing Power. When signing a transactions, the threshold must be reached by a number of approved signers with enough total Signing Power to complete the transaction. The key cannot be used unless enough signing power is contributed to the signing ceremony.

This allows you to enforce your own cryptographically secured, signature approval policies. Try it out with our interactive widget:


Threshold & Signers

Set the Vault Threshold

The amount of approvals required to sign a transaction or reshare request

2Threshold

Add Signers

Each signer added may participate in the approval and signing process for all transactions and changes made in this vault

Signer
Signing Power
AM
Alex Morgan
iPhone 15 Pro (a1b2)
1
Total: 1 Signer
1/2 Threshold not met

With tMPC, key shares are generated and stored on signers' own devices, rather than on io.vault's servers. This eliminates reliance on io.finnet as a trusted party. Shares are never revealed to other signers or to io.finnet, so there is never any full private key during normal operation.

tMPC is cross-platform and multi-device. As a distributed system built on a secure messaging layer,
users of tMPC can choose their own retail devices with full-resolution screens and proven secure enclave hardware, making "blind signing" a non issue, and maximizing flexibility. Alternatively, it's possible to do server-side policy management and signing with the Virtual Signer.

tMPC is a fortress of proven parts that form the full asset management workflow of io.vault. This innovative technology stack introduces the concept of weighted signing (signer power), server-based signing (virtual co-signer), a robust and secure offline disaster recovery process, and many other novel and cutting-edge features like web3 dApp integration and centralized exchange (CEX) connectivity.

With tMPC, even in a disaster scenario where io.vault is unavailable, signers can recover funds by pooling their key shares and using an offline, open-sourcetool. The disaster recovery flow enables the reconstruction of the private key from a quantity of signer backup files and passphrases known as the threshold of shares.

By combining MPC, TSS, and tMPC, io.vault provides a robust, flexible, and trustless platform for secure management of digital assets. These cryptographic building blocks work together to enable high security with distributed trust and defence in depth.

Secure Multi-Party Computation (MPC)

MPC is a subfield of cryptography that enables multiple parties to jointly compute a function over their inputs while keeping those inputs private. In the context of digital asset custody, MPC allows a private key to be split into shares distributed across multiple parties.

Key properties of MPC:

  • Each party only has access to their own secret share, not the full private key
  • To reconstruct the private key and sign a transaction, a threshold number of parties must contribute their shares
  • Even if some shares are compromised, the private key remains secure as long as the threshold is not met

io.finnet uses MPC to generate key shares when a new vault is created. These shares are then distributed to the signers in the vault's signing party.

Threshold Signature Schemes (TSS)

TSS is a cryptographic primitive that allows a group to collectively sign a message or transaction, as long as a threshold number of participants agree. This provides both redundancy and security. Rather than operating on single signatures, TSS instead uses a customizable number of "secret shares" to accomplish the same feat of signing a transaction for a corresponding public address. In addition to being able to customize the number of secret shares you can also set a "threshold" which determines how many secret shares are required in order to generate a valid signature.

This means that you could have many different secret shares held in different locations, with different people, and if one of them was stolen no assets could be stolen as the threshold could not be reached by the attacker.

Combined with MPC, the end result is a technology which allows us to eliminate the single point of failure normally associated with holding self-custody of digital assets. In addition, it allows users of our product to determine for themselves the level of security for each vault (number of shares, and required threshold) and distribute that signing power across multiple employees instead of relying upon one trusted person who may not be available.

In a TSS setup:

  • A private key is split into N shares, held by N parties
  • Any M out of N parties can collaborate to produce a valid signature (M <= N)
  • The private key is never reconstructed in full, maintaining security

When a transaction is initiated from an io.vault, the TSS scheme springs into action:

  1. The transaction is distributed to all signers in the vault's signing party
  2. Each signer uses their key share to partially sign the transaction
  3. Once enough signers (meeting the threshold) have participated, the partial signatures are combined into a valid final signature
  4. The signed transaction is broadcast to the blockchain network

By using TSS, io.vault ensures that no single party can unilaterally sign transactions, and compromising a subset of signers does not compromise the entire system. The threshold can be customized per vault based on the desired balance of security and availability.

Updated 17 days ago