This page provides definitions for key terms used in Palisade's Multi-Party Computation (MPC) and Threshold Signature Scheme (TSS) implementation.
A cryptographic protocol that allows multiple parties to jointly compute a function over their inputs while keeping those inputs private. In the context of digital asset custody, MPC enables distributed key management where no single party ever has access to the complete private key.
An approach within MPC that allows a cryptographic signature to be generated without ever reconstructing the private key. Multiple parties collaborate using their individual key shares, and only a predefined quorum is required to produce a valid signature. TSS ensures that key management is:
- Resilient to breaches – Compromising some key shares does not compromise the key
- Free of single points of failure – No single device holds the complete key
- Protected from insider collusion – Multiple parties must cooperate to sign
The specific TSS protocols implemented by Palisade:
- DKLS19 (2020) – "Secure Two-Party Threshold ECDSA from ECDSA Assumptions" – A protocol for secure two-party threshold signing
- DKLS23 (2023) – "New Threshold Signatures and DKG with Dishonest Majority from Lattices" – An advanced protocol with improved security guarantees
In TSS-based MPC, a quorum refers to the group of participants that can collaboratively generate a valid cryptographic signature. The quorum is defined by:
- The total number of participants (n)
- The threshold of participants required to sign (t)
For example, a "2-of-3 quorum" means 3 participants hold key shares, and at least 2 must participate to sign.
The minimum number of key shares required to produce a valid cryptographic signature. In a (t, n) scheme:
- n = Total number of participants holding key shares
- t = Minimum number of participants needed to sign a transaction
The system never reconstructs the key itself; the signing process is distributed, meaning no single party ever sees or controls the full private key.
A secure process where participants collaboratively generate key shares using a Distributed Key Generation (DKG) protocol. During a key ceremony:
- Participants collaborate to generate key shares
- No single place constructs or stores the full private key
- Each participant receives a unique key share
- The protocol establishes the threshold configuration
The key ceremony is critical for security as it defines the trust model and ensures the integrity of the MPC setup.
An individual participant's key share used in the signing process. Unlike simple secret sharing schemes, these shares are not just passive fragments—they actively participate in threshold signing operations. Key properties:
- No individual shard can reconstruct the private key alone
- Participants use shards in distributed computation during signing
- You can refresh shards without changing the underlying key (see Key resharing)
The process of generating new key shares while keeping the original private key unchanged. This is similar to secret rotation in software systems. Benefits include:
- Previously compromised shares become obsolete
- The cryptographic identity (private key) remains the same
- No disruption to wallets or smart contracts
See Key resharing for detailed information.
The process of redistributing key shares among a new set of participants without reconstructing the private key. Use cases include:
- Expanding the quorum (e.g., 2-of-3 to 3-of-4)
- Replacing a participant
- Adapting to organisational changes
See Key restructuring for detailed information.
A cloud-hosted MPC co-signer that securely generates and stores key shares according to the Threshold Signature Scheme. CloudSign:
- Operates as a participant within a quorum
- Enables secure, programmatic transaction signing
- Assists in disaster recovery by contributing to key reconstruction
- Signs transactions automatically based on configured policies
A CloudSign node is a single participant in a quorum, designed for automated, high-throughput signing.
An iOS mobile application that acts as a participant in an MPC quorum. Key features:
- The device generates key shares on-device and stores them in the Secure Enclave
- Introduces conscious human intent into transaction approval
- Requires explicit human interaction for sign-offs
- Can assist in disaster recovery by participating in key reconstruction
MobileSign ensures that transactions require human review and approval before signing.
A hardware-based security feature in iOS devices that provides an isolated environment for storing sensitive data like key shares. The Secure Enclave:
- Is physically isolated from the main processor
- Provides hardware-level protection for cryptographic keys
- Ensures key shares cannot be extracted from the device
The process by which multiple quorum participants collaborate to generate a valid signature without reconstructing the private key. Each participant:
- Receives a signing request
- Contributes their key share to a distributed computation
- Produces a partial signature
When the threshold number of partial signatures combine, the system produces a complete, valid signature.
The process by which quorum participants approve a transaction before signing:
- CloudSign nodes can approve automatically based on policies
- MobileSign devices require explicit human approval
- Participants must obtain the threshold number of approvals before signing proceeds
| Term | Definition |
|---|---|
| HSM | Hardware Security Module – tamper-resistant hardware for cryptographic operations |
| DKG | Distributed Key Generation – protocol for generating key shares collaboratively |
| ECDSA | Elliptic Curve Digital Signature Algorithm – the signature scheme used |
| ZTA | Zero Trust Architecture – security model that verifies all access requests |
- Understanding MPC-TSS – Learn how MPC-TSS works
- MPC quorums – Create and manage quorums
- Devices – Set up signing devices