Skip to main content

MPC Protocol

Paratro implements a threshold signature scheme based on Multi-Party Computation (MPC) to secure wallet private keys. This page describes the cryptographic protocols used.

Overview

Traditional wallets rely on a single private key stored in one location. If that key is compromised, all funds are at risk. MPC eliminates this single point of failure by distributing key material across multiple independent parties.

Key Generation (DKG)

The Distributed Key Generation protocol creates key shares without ever assembling the full private key:
  1. Each party generates a random polynomial of degree t-1 (where t is the threshold)
  2. Parties exchange encrypted evaluation points
  3. Each party combines received points to compute their key share
  4. The public key is derived from the public commitments
Properties:
  • No single party learns the full private key at any point
  • The protocol is resistant to malicious participants (up to the threshold)
  • Key shares are verifiable — parties can confirm they received valid shares

Threshold Signing

When a transaction needs to be signed, the following protocol executes:
  1. Initiation — The signing request is created after policy approval
  2. Participant Selectiont out of n key share holders are selected
  3. Pre-signing — Participants generate nonce shares and commitments
  4. Signing — Participants compute partial signatures using their key shares
  5. Aggregation — Partial signatures are combined into a valid transaction signature
  6. Verification — The final signature is verified against the public key before broadcast

Supported Algorithms

AlgorithmChainsStandard
ECDSAEthereum, BSC, TRON, Polygon, Arbitrum, Optimismsecp256k1
EdDSA(Future support)Ed25519
SchnorrBitcoin (Taproot)BIP-340

Key Refresh

Key shares can be refreshed (rotated) without changing the underlying public key or wallet address:
  1. Parties run a new DKG-like protocol
  2. New shares are generated that correspond to the same public key
  3. Old shares are securely erased
  4. The wallet address remains unchanged
This limits the window of exposure if a key share is suspected to be compromised.

Security Guarantees

  • Threshold security — An attacker must compromise t or more parties to reconstruct the key
  • Forward secrecy — Compromising shares after a refresh does not reveal the previous shares
  • Verifiability — All protocol steps produce proofs that can be verified by other participants
  • No trusted dealer — Key generation does not require a trusted third party