MPC Wallets
Paratro uses Multi-Party Computation (MPC) to secure wallet private keys. Instead of storing a complete key in one location, the key is split into multiple shares distributed across independent parties. A configurable threshold of shares must cooperate to sign any transaction.How It Works
- Key Generation — A distributed key generation (DKG) ceremony creates key shares without ever assembling the full key
- Share Distribution — Key shares are distributed across multiple independent parties (Paratro servers, client devices, backup storage)
- Threshold Signing — When a transaction is approved, the required threshold of parties participate in a signing ceremony to produce a valid signature
- No Full Key — The complete private key is never reconstructed at any point in the process
Threshold Configurations
| Configuration | Signing Requirement | Use Case |
|---|---|---|
| 2-of-3 | 2 out of 3 key shares | Standard operations |
| 3-of-5 | 3 out of 5 key shares | High-value wallets |
| Custom | N-of-M | Enterprise requirements |
Creating an MPC Wallet
Key Share Management
Key shares can be stored across different locations for redundancy and security:- Paratro Cloud — Managed infrastructure with HSM protection
- Client Device — Mobile app or hardware device held by key stakeholders
- Backup Share — Encrypted backup in customer-controlled storage
Key Rotation
Paratro supports proactive key rotation — key shares can be refreshed without changing the wallet address or requiring on-chain transactions. This limits the window of exposure if a share is compromised.Security Properties
- No single point of compromise — Compromising one share does not reveal the key
- Fault tolerance — Wallets remain operational even if some shares are unavailable (below threshold)
- Auditable signing — Every signing ceremony is logged with participant details
- Chain agnostic — The same MPC protocol works across all supported blockchains