MPC quorums distribute wallet private key shards across multiple devices so that no single device holds the complete key. As an owner or administrator, you create quorums, manage their membership, restructure eligible quorums, and coordinate key resharing when needed. This guide covers the full quorum lifecycle.
- Go to Controls in the console sidebar and select the MPC Quorums tab.
- Select Create quorum.
- Select the quorum type:
| Type | Description |
|---|---|
| Mobile | Uses mobile devices only. Each signing request requires manual approval on the device. |
| Cloud | Uses CloudSign instances only. Signs transactions automatically when quorum conditions are met. |
| Mixed | Combines mobile and CloudSign devices for flexibility. |
- Enter a name and optional description for the quorum.
- Select the key shard holders — choose the devices that hold key shards. You must select at least 2 devices.
- Set the required signatures — the minimum number of devices that must participate to sign a transaction. This must be at least 2 and no more than the total number of shard holders.
- Select a backup and recovery kit (for Cloud and Mobile quorums). If you don't have a kit yet, select Create backup kit to create one first.
- Review the confirmation summary and select Create.
Each quorum member receives a notification asking for their approval. The quorum becomes available after all members accept. The acceptance window is 60 minutes.
Set the number of required signatures to a majority of the total shard holders. For example, in a quorum of 3 devices, use at least 2 signatures. This helps prevent a minority of compromised devices from signing transactions.
Choose your quorum size and threshold based on your security and availability needs:
| Configuration | Security | Availability | Use case |
|---|---|---|---|
| 2-of-3 | Moderate | High | Small teams, sandbox testing |
| 3-of-5 | High | High | Production operations |
| 4-of-7 | Very high | Moderate | High-value wallets |
- Go to Controls > MPC Quorums.
- Select a quorum to view its details: name, ID, threshold, creation date, backup kit, and the list of key shard holders with their device types and owners.
Key resharing rotates the key shards held by each device without changing the underlying wallet private key. The wallet address and blockchain identity remain the same.
Wallet-as-a-Service (Palisade) doesn't currently expose a customer-initiated reshare action in the console, and it doesn't reshare keys automatically on a schedule. If your security program requires key resharing, contact Palisade support or your account team to coordinate it.
- Security policy or compliance requirement - coordinate key-share rotation when your internal policy requires it.
- Personnel changes - consider resharing after a team member with device access leaves the organization.
- Security incident - contact Palisade immediately if you suspect key shard exposure.
- Contact Palisade support or your account team.
- Identify the quorum and wallets that require resharing.
- Schedule a maintenance window and confirm the expected signing availability for affected wallets.
- Make sure the required quorum devices are online if Palisade requires device participation.
- After Palisade confirms completion, create a new backup for the affected quorum.
After a successful reshare, previous key shards no longer participate in signing. Treat devices that held previous key shards as containing obsolete sensitive material until you decommission them through your device lifecycle process.
After a reshare, backups created before the reshare no longer contain valid active key shards. Create a new backup immediately after every reshare. See Configure backup and recovery.
See Key resharing for the full technical reference.
Key restructuring changes the quorum's membership, size, or threshold. Unlike resharing, restructuring can add new devices, remove existing devices, and change the number of required signatures.
| Scenario | What changes |
|---|---|
| A team member leaves | Remove their device from the quorum |
| A new team member joins | Add their device to the quorum |
| You need stronger security | Increase the quorum size and/or threshold |
| A device is lost or compromised | Replace the device with a new one |
| Operational needs change | Adjust the signing threshold |
Restructuring is currently available for Cloud quorums running CloudSign version 1.10.0 or later.
- Go to Controls and select the MPC Quorums tab.
- Select the quorum you want to restructure to open its detail page.
- Open the Actions menu (three dots next to the status badge) and select Restructure quorum.
- Review the current membership and make changes:
- Add new devices to the quorum.
- Remove existing devices (you must retain at least as many original members as the current required signatures threshold).
- Review the proposed changes in the confirmation dialog.
- Type the quorum name to confirm.
- Select Confirm.
During restructuring, the quorum and all wallets that use it can't sign. Plan restructuring during a maintenance window. You can't reverse the process after it starts.
When restructuring removes a device, the removed device no longer participates in the active quorum. Treat any key material on that device as obsolete sensitive material until you block, delete, or decommission the device through your device lifecycle process.
See Key restructuring for the full technical reference, including detailed examples.
- Separate key shard holders — distribute devices across different team members to enforce separation of duties. Make sure no single person controls enough devices to meet the signing threshold alone.
- Document your quorum design — record which devices belong to each quorum, who controls them, and the reasoning behind your threshold choices.
- Review resharing requirements — if your security policy requires key-share rotation, coordinate resharing with Palisade. The console doesn't reshare keys automatically.
- Create backups after every reshare — old backups become invalid after a reshare. Always generate a fresh backup immediately.
- Test recovery procedures — verify in sandbox that you can recover from a lost device by restructuring the quorum.
- Plan restructuring carefully — because restructuring puts wallets in maintenance mode, schedule it during low-activity periods and communicate the maintenance window to your team.
- MPC quorums — Reference documentation
- Key resharing — Full resharing reference
- Key restructuring — Full restructuring reference
- Manage devices — Approve and manage devices before adding them to quorums
- Configure backup and recovery — Back up key shards after resharing