Multi-Party Computation wallets represent a fundamental shift in how private keys are managed. Instead of a single private key stored in one place, MPC distributes key material across multiple parties who jointly compute transaction signatures without ever reconstructing the full key. This eliminates the single point of failure inherent in traditional wallet architectures and provides institutional-grade security without the on-chain complexity of multi-signature wallets.
How MPC Wallets Work
In an MPC wallet, the private key is generated as distributed key shares through a process called Distributed Key Generation (DKG). Each participant holds a share, and no single participant ever possesses the complete key. When a transaction needs to be signed, the participants engage in a multi-round cryptographic protocol to jointly produce a valid signature. The resulting signature is indistinguishable from one produced by a standard single-key wallet — the blockchain cannot tell the difference. This means MPC wallets work on any blockchain without requiring smart contract support, unlike on-chain multi-sig solutions that depend on chain-specific implementations.
MPC vs Multi-Signature
While both MPC and multi-sig require multiple parties to authorise transactions, they differ significantly:
- Chain agnosticism: MPC works on any blockchain since the signature produced is a standard cryptographic signature. Multi-sig requires smart contract support, which varies by chain and may not be available everywhere.
- Privacy: MPC transactions appear as single-signer transactions on-chain, revealing nothing about the signing policy. Multi-sig transactions expose the number of signers and approval threshold publicly.
- Gas costs: MPC signatures cost the same as single-key signatures to verify on-chain. Multi-sig verification requires additional on-chain computation, increasing transaction costs.
- Key rotation: MPC allows key shares to be refreshed without changing the wallet address. With multi-sig, changing signers often requires migrating to a new contract.
Threshold Signature Schemes
MPC wallets use threshold signature schemes (TSS), typically configured as t-of-n, where t shares out of n total are required to produce a valid signature. Common configurations include 2-of-3 for retail wallets (user device, recovery server, and backup share) and 3-of-5 for institutional custody (distributed across multiple secure locations). The threshold can be chosen based on security requirements and operational needs. Protocols like GG18, GG20, and CGGMP provide the cryptographic foundations, with implementations available from providers like Fireblocks, Fordefi, and open-source libraries such as tss-lib.
Implementation Considerations
Building MPC wallet infrastructure requires careful attention to the communication layer between key share holders, secure storage of individual key shares, and the ceremony for distributed key generation and share refresh. Latency is a consideration — the multi-round signing protocol takes longer than single-key signing, though modern implementations complete in under a second. Recovery procedures must be well-designed: if a key share is lost, the remaining shares must be able to generate a new set through proactive secret sharing. At Born Digital, we help crypto custody providers and wallet companies implement MPC infrastructure that meets institutional security standards while maintaining the user experience expected by modern blockchain applications.