Technology Background

Technology Background

Public private key pairs

When holding digital assets directly in self-custody (i.e. not via an exchange or 3rd party custodian) the blockchain doesn't know your name - just a "public address" and your balance of assets is "owned" by this address.
In order to move your assets anywhere else you need the public address corresponding "private key" to "sign" any transaction, which is then verified by the blockchain network before the transaction is processed.

This private key is simply a string of characters (e.g. 310fe2e677a3ad28acb91d2645bb33882f015ab11e59dce9d2a72905979e3cb6) that is used to cryptographically prove ownership of its corresponding public address through cryptographic functions (i.e. "signing").

The issues arise around ownership, since there is no name attached to your public address and it is only controlled by the private key. Anyone who manages to gain access to this private key can take complete control of any assets associated with your public address and send them anywhere they like!

There are many examples of this, where both individuals and companies have had their private key compromised, resulting in a total loss of their assets.


TSS (threshold signature schemes) technology eliminates the use of a single private key and instead uses a customizable number of "secret shares" to accomplish the same feat of signing a transaction for a corresponding public address. In addition to being able to customize the number of secret shares you can also set a "threshold" which determines how many secret shares are required in order to generate a valid signature.

This means that you could have many different secret shares held in different locations, with different people, and if one of them was stolen no assets could be stolen as the threshold could not be reached by the attacker.

The Multi party computation (MPC) technology allows devices that contain their own secret shares to communicate with one another and produce a signature trustlessly, without ever disclosing to the other devices their own secret share.

The end result is a technology which allows us to eliminate the single point of failure normally associated with holding self-custody of digital assets. In addition, it allows users of our product to determine for themselves the level of security for each vault (number of shares, and required threshold) and distribute that signing power across multiple employees instead of relying upon one trusted person who may not be available.