📎Private Key Solutions
Private Key Never Appears
Last updated
Private Key Never Appears
Last updated
Private Key Management Architecture
In traditional blockchain wallet private key generation, a public-private key pair is generated, with the public key being made public and corresponding to the asset account, while the private key is managed by privileged personnel. MPC distributed private key shard generation is completely different from traditional private key generation. The private key is not generated locally by a single person, but all participants execute an MPC key generation protocol based on a pre-specified threshold t and number of participants n. After the protocol is completed, everyone can obtain their own private key shard and a common public key. This public key corresponds to the asset account, and the corresponding private key never appears. Therefore, the assets corresponding to the public key are collectively managed by all participants. After the key shards are completed, each person only holds one private key shard. In order to obtain the real private key, an attacker needs to obtain no less than the threshold number of private key shards to recover the real private key.
After the user creates a wallet, the private key is divided into three parts. Shard 1 is saved on the user's device, Shard 2 is backed up to iCloud or Google Drive, and Shard 3 is saved on a trusted 1BitPay SGX server. Any transaction requires the distributed completion of the private key shards stored in different locations to complete the signature and be added to the blockchain, ultimately completing the transfer of assets.
When a wallet sends a transaction, the MPC multi-signature protocol must be jointly run by participants who satisfy the threshold. During the operation of the protocol, the private key shards of all participants will not be leaked.
To improve security, a set of key shards will execute a key refresh protocol every certain period of time. After the protocol is completed, each person will receive a new private key shard, and all old private key shards will be invalidated. This operation can effectively prevent attackers from stealing each person's private key shards separately to recover the private key. Because after each key refresh, all old private key shards are invalidated, causing attackers to start over and exponentially increasing the difficulty of the attack. In the event that a user accidentally loses their private key shard, they can also apply for a shard refresh to recover their private key shard after undergoing strict security verification.
