About Trustless MPC (tMPC)

io.finnet takes MPC and TSS technologies further with a platform called trustless MPC (tMPC).

With tMPC, key shares are generated and stored on signers' own devices, rather than on io.vault's servers. This eliminates reliance on io.finnet as a trusted party. Shares are never revealed to other signers or to io.finnet, so there is never any full private key during normal operation.

tMPC is cross-platform and multi-device. As a distributed system built on a secure messaging layer,
users of tMPC can choose their own retail devices with full-resolution screens and proven secure enclave hardware, making "blind signing" a non issue, and maximizing flexibility. Alternatively, it's possible to do server-side policy management and signing with the Virtual Signer.

tMPC is a fortress of proven parts that form the full asset management workflow of io.vault. This innovative technology stack introduces the concept of weighted signing (signer power), server-based signing (virtual co-signer), a robust and secure offline disaster recovery process, and many other novel and cutting-edge features like web3 dApp integration and centralized exchange (CEX) connectivity.

With tMPC, even in a disaster scenario where io.vault is unavailable, signers can recover funds by pooling their key shares and using an offline, open-source tool. The disaster recovery flow enables the reconstruction of the private key from a quantity of signer backup files and passphrases known as the threshold of shares.

By combining MPC, TSS, and tMPC, io.vault provides a robust, flexible, and trustless platform for secure management of digital assets. These cryptographic building blocks work together to enable high security with distributed trust and defence in depth.

At a company level, io.finnet is SOC 2 Type II certified as a provider of the tMPC software, ecosystem and tools.