Skip to main content

Security Model

MPC Cryptography

Assumptions

  • The protocol runs over authenticated/private channels.
  • Point-to-point messages cannot be read or manipulated by external parties.
  • Broadcast messages cannot be manipulated.
  • Fewer than the threshold number of parties collude.

Protocol Guarantees

  • Key Generation (KeyGen)
    • Individual shares do not reveal the full signing key.
    • If fewer than the threshold collude, the full signing key remains hidden.
  • Signing (Sign)
    • Transcript data is insufficient to forge signatures.
    • Transcript data does not reveal the full signing key.
  • Key Refresh
    • Refresh rotates shares while preserving wallet identity and KeyGen guarantees.
  • Pre-signing (Pre-sign)
    • Inherits KeyGen/Sign guarantees for offline precomputation and final signing.
  • Export
    • Export intentionally centralizes key material at the caller and should be policy-gated.
  • Import
    • Security inherits KeyGen guarantees if the source centralized key is securely destroyed.

Network Security

Assumptions

  • Each party has the correct long-term public keys for peers via a trusted out-of-band channel.

Transport Instantiation

  • X25519 ECDH for key agreement
  • Pairwise ChaCha20-Poly1305 session keys
  • Distinct nonces per direction (send and receive)

Operational Risks

  • Any operator controlling threshold-many shares can authorize signatures or reconstruct key material.
  • Key refresh and recovery endpoints must be authenticated and authorized.
  • Import/export workflows increase key-centralization risk if not protected with strict access controls and audit trails.