# Key restructuring **Key restructuring** in MPC is the process of redistributing key shares among a new set of participants without ever reconstructing the original private key. This is crucial for maintaining long-term security, adapting to organisational changes, or replacing compromised participants in an MPC quorum. ## Overview In Threshold Signature Schemes (TSS), key restructuring allows a set of existing signers to securely transfer their key shares to a new group while **preserving the same private key**. You can modify the quorum—for example, changing the number of required signers or replacing nodes—without generating a completely new key. This ensures **operational continuity** while improving resilience against: - Key compromise - Insider threats - System upgrades - Organisational changes Palisade's implementation of key restructuring allows organisations to seamlessly rotate signers, ensuring that access control remains **dynamic, secure, and breach-resistant** without ever exposing the private key. ## When to use key restructuring Key restructuring is appropriate when you need to: | Use case | Description | | --- | --- | | **Expand the quorum** | Add more participants to increase security threshold | | **Reduce the quorum** | Remove participants while maintaining security | | **Replace a participant** | Swap out a device or user without changing the key | | **Change the threshold** | Modify how many participants are required to sign | | **Respond to incidents** | Remove a potentially compromised device | | **Adapt to org changes** | Update quorum membership as team members change | ## Key restructuring process The key restructuring process follows these steps: 1. **Initiate restructuring** – Administrator starts the key restructuring operation 2. **Define new quorum** – Specify new participants and threshold 3. **Generate new key shares** – The system computes and distributes new shares 4. **Update quorum policy** – The system applies the new configuration 5. **Invalidate old shares** – Previous key shares become obsolete Throughout this process, the **private key is never reconstructed**. ## Example 1: Expanding the quorum ### Scenario A company uses Palisade MPC with a **(2-of-3) quorum**: - **CloudSign 1** (cloud-based signing node) - **CloudSign 2** (cloud-based signing node) - **CloudSign 3** (cloud-based signing node) Currently, **two out of three participants** must approve to sign a transaction. As part of a security policy update, they decide to **expand to a (3-of-4) quorum**, requiring a higher threshold of approvals. ### Key restructuring process 1. **Initiate restructuring** – The administrator starts a key restructuring operation, specifying a move from (2-of-3) to (3-of-4) 2. **Generate new key shares** – New key shares are securely computed and distributed: - CloudSign 1 receives a refreshed key share - CloudSign 2 receives a refreshed key share - CloudSign 3 receives a refreshed key share - **CloudSign 4** (new) receives a newly generated key share 3. **Update quorum policy** – The new configuration requires **three out of four** participants to approve transactions 4. **Invalidate old shares** – The old key shares from the (2-of-3) quorum are retired ### Outcome ✅ The **private key remains unchanged**—no disruption to wallets or smart contracts ✅ The signing threshold is now **higher (3-of-4)**—improved resistance to insider threats ✅ **CloudSign 4 is now part of the quorum**—additional oversight added ✅ Old key shares are **no longer valid**—prevents unauthorized use ## Example 2: Replacing a participant ### Scenario A company uses Palisade MPC with a **(2-of-3) quorum**: - **CloudSign 1** (cloud-based signing node) - **CloudSign 2** (cloud-based signing node) - **MobileSign (Bob)** (iOS mobile device for human approvals) The organisation needs to **replace MobileSign (Bob) with MobileSign (Alice)** because Bob is leaving the company. ### Key restructuring process 1. **Initiate restructuring** – The administrator triggers a key restructuring operation 2. **Generate new key shares** – New key shares are computed and distributed: - CloudSign 1 receives a refreshed key share - CloudSign 2 receives a refreshed key share - **MobileSign (Alice)** receives a newly generated key share 3. **Revoke MobileSign (Bob)** – Bob's previous key share becomes obsolete and can no longer participate in signing 4. **Quorum remains intact** – The (2-of-3) quorum remains operational with the updated participants ![Key restructuring - replacing a participant](/assets/replaced_signer.493f4ffb8f4222c90a818bedf6a450bd12accc79bcd26dcf76e0382241430a9f.0ba50ef8.svg) ### Outcome ✅ The **private key remains unchanged**—no impact on wallets or authentication ✅ **MobileSign (Alice) can now approve transactions**—replacing Bob securely ✅ The system remains **resilient to insider threats**—old key shares cannot be reused ✅ **No downtime** during the transition ## Performing key restructuring To perform key restructuring in Palisade: 1. Navigate to the **Controls** section in the Palisade console 2. Select the **MPC Quorums** tab 3. Select the quorum you want to restructure 4. Click **Modify quorum** 5. Add or remove participants as needed 6. Set the new threshold requirement 7. Initiate the restructuring process 8. Existing participants approve the restructuring 9. The system distributes new key shares to all participants Limitation Modification of quorum devices is only supported on Cloud quorums at the moment. Mixed quorums with MobileSign devices may have additional restrictions. ## Best practices - **Plan restructuring carefully** – Document the changes before initiating - **Ensure device availability** – All current and new participants should be available - **Communicate with stakeholders** – Inform relevant team members of the change - **Test in sandbox first** – Verify the process in a test environment - **Update backups after restructuring** – Old backups will be incompatible ## Related topics - [Key resharing](/products/wallet/user-interface/security-controls/key-resharing) – Refresh key shares without changing participants - [MPC quorums](/products/wallet/user-interface/security-controls/mpc-quorums) – Create and manage quorums - [Understanding MPC-TSS](/products/wallet/introduction/understanding-mpc-tss) – How MPC-TSS works - [MPC terminology](/products/wallet/introduction/mpc-terminology) – Key terms and definitions