<svg width="48" height="48" viewBox="0 0 48 48" fill="none" xmlns="http://www.w3.org/2000/svg">
<g clip-path="url(#clip0_996_140)">
<mask id="mask0_996_140" style="mask-type:luminance" maskUnits="userSpaceOnUse" x="0" y="0" width="48" height="48">
<path d="M0 0H48V48H0V0Z" fill="white"/>
</mask>
<g mask="url(#mask0_996_140)">
<path d="M16.719 20.643C16.041 20.973 15.351 21.234 14.745 21.624C14.2664 21.964 13.8364 22.3677 13.467 22.824C12.975 23.394 12.987 23.946 13.413 24.276C13.878 24.636 14.334 24.486 14.826 23.826C15.618 22.773 16.767 22.392 17.994 22.266C18.762 22.188 19.548 22.314 20.328 22.326C21.516 22.338 22.704 22.326 23.946 22.326V22.848C23.946 29.853 23.946 36.858 23.955 43.866C23.9614 44.0413 23.9319 44.216 23.8685 44.3795C23.805 44.543 23.7089 44.6919 23.586 44.817C19.881 48.81 13.323 47.655 11.217 42.639C11.1375 42.4724 11.1007 42.2885 11.1102 42.1042C11.1196 41.9198 11.1749 41.7406 11.271 41.583C12.498 39.333 14.511 38.604 16.923 38.655C17.334 38.664 17.742 38.724 18.153 38.751C18.726 38.787 19.098 38.517 19.158 38.028C19.218 37.533 18.936 37.14 18.372 37.068C15.006 36.648 12.027 37.242 10.023 40.32C10.005 40.35 9.97198 40.368 9.94798 40.392C7.21498 39.984 4.71898 37.536 4.14298 34.656C4.02191 34.0985 3.97151 33.5281 3.99298 32.958C4.04177 32.3437 3.96126 31.7259 3.75664 31.1446C3.55202 30.5633 3.22783 30.0313 2.80498 29.583C1.47757 28.1803 0.7602 26.3086 0.809985 24.378C0.836985 22.587 1.40998 20.97 2.61898 19.638C3.09061 19.1418 3.45621 18.5547 3.69347 17.9126C3.93073 17.2704 4.03468 16.5867 3.99898 15.903C3.88798 12.387 6.57898 9.195 10.065 8.583C10.284 8.934 10.485 9.309 10.725 9.657C12.279 11.892 14.436 12.975 17.145 12.972C17.595 12.972 18.042 12.96 18.483 12.906C19.029 12.843 19.368 12.45 19.329 11.985C19.284 11.484 18.885 11.223 18.3 11.211C17.364 11.193 16.395 11.253 15.495 11.04C13.284 10.521 11.994 8.958 11.247 6.9C11.188 6.68189 11.2049 6.45022 11.295 6.243C13.398 1.269 20.121 0.201 23.661 4.281C23.8327 4.49725 23.9286 4.76392 23.934 5.04C23.952 10.014 23.943 14.988 23.955 19.962C23.955 20.358 23.856 20.508 23.445 20.574C22.194 20.778 20.961 20.823 19.734 20.454C19.0779 20.2699 18.475 19.9323 17.9753 19.4691C17.4755 19.0058 17.0932 18.4303 16.86 17.79C16.815 17.676 16.776 17.556 16.722 17.445C16.503 17.004 16.083 16.818 15.66 16.971C15.207 17.136 14.991 17.556 15.135 18.045C15.435 19.059 16.005 19.911 16.725 20.643H16.719ZM25.686 21.348V18.507H29.019C31.848 18.504 33.645 16.725 33.657 13.911C33.657 13.731 33.672 13.551 33.657 13.377C33.582 12.597 33.666 11.985 34.476 11.481C35.388 10.914 35.586 9.591 35.157 8.586C34.713 7.551 33.696 6.96 32.523 7.053C31.9956 7.1074 31.4979 7.32333 31.0978 7.67128C30.6978 8.01924 30.415 8.48224 30.288 8.997C30.1563 9.52127 30.198 10.0741 30.4067 10.5727C30.6155 11.0713 30.9801 11.4889 31.446 11.763C31.851 11.991 31.983 12.243 31.95 12.681C31.899 13.32 31.959 13.971 31.884 14.601C31.8171 15.1847 31.5434 15.7252 31.1126 16.1247C30.6817 16.5242 30.1221 16.7563 29.535 16.779C28.272 16.821 27.003 16.788 25.656 16.788V16.263C25.656 12.537 25.647 8.811 25.671 5.085C25.674 4.785 25.821 4.416 26.025 4.2C28.098 2.016 30.642 1.245 33.531 2.07C36.426 2.892 38.145 4.929 38.823 7.83C38.931 8.292 39.09 8.487 39.573 8.571C43.134 9.201 45.81 12.591 45.612 16.179C45.543 17.424 45.963 18.471 46.782 19.401C49.29 22.242 49.482 26.109 47.277 29.022C47.061 29.307 46.812 29.565 46.584 29.838C45.901 30.6311 45.5516 31.6579 45.609 32.703C45.7056 34.5102 45.144 36.2912 44.0281 37.716C42.9122 39.1408 41.3177 40.1128 39.54 40.452C39.108 40.536 38.919 40.677 38.817 41.157C38.175 44.1 36.417 46.122 33.498 46.935C30.558 47.754 27.999 46.944 25.923 44.694C25.7718 44.5267 25.6819 44.313 25.668 44.088C25.653 40.2 25.659 36.315 25.659 32.43C25.659 32.376 25.674 32.325 25.692 32.202C26.607 32.202 27.528 32.193 28.449 32.205C28.965 32.214 29.493 32.196 29.988 32.304C31.038 32.529 31.785 33.363 31.887 34.428C31.959 35.19 31.947 35.958 31.917 36.723C31.908 36.882 31.668 37.068 31.491 37.173C31.0106 37.4574 30.6349 37.8893 30.4198 38.4045C30.2047 38.9196 30.1616 39.4904 30.297 40.032C30.4361 40.5722 30.7479 41.0521 31.185 41.3986C31.622 41.7452 32.1603 41.9396 32.718 41.952C33.2755 41.9732 33.8245 41.8102 34.28 41.4881C34.7355 41.166 35.0722 40.7027 35.238 40.17C35.4229 39.6143 35.4067 39.0113 35.1923 38.4662C34.978 37.9212 34.5789 37.4688 34.065 37.188C33.72 36.999 33.639 36.789 33.645 36.438C33.657 35.724 33.669 35.01 33.6 34.299C33.4975 33.277 33.0261 32.3273 32.2741 31.6276C31.522 30.928 30.5408 30.5264 29.514 30.498C28.248 30.468 26.985 30.492 25.689 30.492V27.612C25.854 27.603 26.01 27.588 26.166 27.588H35.058C36.897 27.591 37.917 28.602 37.929 30.426C37.929 30.639 37.917 30.852 37.932 31.065C37.992 31.809 37.926 32.391 37.137 32.865C36.213 33.417 35.991 34.734 36.402 35.745C36.6083 36.2428 36.9653 36.6635 37.4229 36.9481C37.8804 37.2327 38.4156 37.3669 38.9534 37.3318C39.4911 37.2967 40.0043 37.0942 40.4211 36.7525C40.8378 36.4109 41.1371 35.9474 41.277 35.427C41.547 34.356 41.13 33.18 40.17 32.646C39.708 32.388 39.636 32.094 39.633 31.632C39.627 30.78 39.657 29.904 39.474 29.082C39.2688 28.1767 38.7623 27.3679 38.0374 26.788C37.3125 26.2081 36.4123 25.8915 35.484 25.89C32.448 25.86 29.412 25.878 26.376 25.875H25.698V23.121H35.037C37.863 23.118 39.633 21.342 39.645 18.507C39.645 18.291 39.66 18.075 39.642 17.865C39.579 17.154 39.663 16.605 40.407 16.161C41.328 15.606 41.577 14.301 41.178 13.281C40.9729 12.7627 40.6054 12.3247 40.1306 12.0327C39.6558 11.7406 39.0991 11.6102 38.544 11.661C38.0159 11.7122 37.5163 11.9244 37.1128 12.2689C36.7093 12.6134 36.4214 13.0735 36.288 13.587C36.1467 14.1177 36.1848 14.6802 36.3965 15.187C36.6081 15.6938 36.9813 16.1164 37.458 16.389C37.863 16.611 37.962 16.86 37.938 17.271C37.896 17.928 37.947 18.591 37.872 19.245C37.743 20.409 36.726 21.375 35.556 21.387C32.307 21.417 29.058 21.399 25.806 21.399C25.776 21.399 25.746 21.375 25.68 21.351L25.686 21.348Z" fill="currentColor"/>
</g>
</g>
<defs>
<clipPath id="clip0_996_140">
<rect width="48" height="48" fill="white"/>
</clipPath>
</defs>
</svg>
Learn
Threshold Signature Scheme MPC technology is emerging as a leading option that optimizes for a secure and user-friendly Web3 wallet experience.
On the blockchain, keys are used to secure and control access to digital assets, verify transactions, and provide cryptographic proof of ownership. Proper key management is an important factor in improving the integrity, confidentiality, and availability of a user’s assets.
Users with accounts on centralized crypto exchanges don’t have to worry about key management. The exchanges handle the keys on behalf of their users.
In contrast, Web3 wallets offer users full control of their funds, making key management an important feature. The most common Web3 wallet architectures are: Externally Owned Accounts (EOA - think MetaMask), multi-signature (multi-sig), smart contract, Shamir Secret Sharing (SSS) Multiparty Computation (MPC), and Threshold Signature Scheme (TSS) MPC. Key management complexity, security trade offs, and costs associated with setup and transactions vary across these different architectures.
As interest in user-managed wallets grows across both end users and organizations looking to build blockchain-connected products, the best fit wallet architecture will depend on user and business needs.
What Web3 wallet key management entails
For builders, choosing a Web3 wallet architecture usually depends on how the key management functionality impacts usability, security, and scalability.
For example, an enterprise business serving thousands or millions of users requires a wallet that can scale—both in number of users and transaction throughput. Such a wallet would need to deliver a simplified user experience, a high level of security, and cost effectiveness. The following table provides an overview of how key management works across the five most common wallet types.
Key management overview by Web3 wallet type
Externally Owned Account (EOA) wallet
Off chain and keys are managed directly by a single user account. Recovery mechanism is a seed phrase, typically a string of 12 or 24 words in sequential order.
User has full control and ability to transact onchain.
Considered closest to the ethos of decentralization.
Multi-chain (any EVM chain) out of the box.
No recourse if seed phrase is lost, forgotten, or stolen.
Can be intimidating for non-technical users.
Off chain and multiple entities must authorize and execute all transactions. Each party has their own private key.
Cumbersome signing process for wallets regularly transacting onchain.
Each member must manage and secure their own private key.
Not compatible with all blockchains.
Onchain. Use self-executing code to interact with the chain.
Require implementers to have technical understanding of blockchain.
Every action requires paying gas fees, including initial wallet setup.
A new contract wallet must be deployed per chain.
Only apps that support EIP-1271 can enable smart wallets.
Secret Sharing Scheme (SSS) wallet
A single private key is divided into shares and distributed to multiple parties. A minimum number of shareholders must reconstruct the key to sign transactions.
Enhanced privacy protection because of reduced correlation between transaction history and identity of wallet key shareholders.
Enhanced security because no single entity holds the entire key majority.
Customizable security and recovery policies.
Private key must be reconstructed to create shares and sign transactions, creating a possible attack vector.
Other parties may gain visibility of the other shares.
Threshold Signature Scheme (TSS) MPC wallet
Shares of the private key are generated and distributed to multiple parties. A minimum number of shareholders must reconstruct the key to sign transactions.
Enhanced security because private key is never reconstructed.
Customizable security and recovery policies.
Multi-chain out of the box.
No additional gas fees are required for generating, backup, recover wallets.
In summary, EOA, multi-sig, and smart contract wallets offer strong security but put the onus on users to safeguard seed phrases and private keys; require users to be technically savvy; or incur transaction fees for every action. On the other hand, MPC wallets minimize user friction and costs, but the SSS architecture has a security vulnerability that TSS MPC does not have: the private key gets reconstructed, creating an attack vector.
TSS MPC is increasingly recognized in the industry for key management functionality that lets users retain full control over their assets with a relatively friction-free, secure, and cost-effective setup.
How TSS MPC optimizes for security, usability, and scalability
It’s worth exploring what makes the TSS MPC architecture a strong contender for the enterprise use case. In particular, this analysis focuses on security, usability, and scalability.
Security
With both SSS MPC and TSS MPC, a single private key is divided into key shares held by multiple entities. Unlike SSS MPC, these key shares are never fully reconstructed into the private key at any point with TSS MPC. Keeping key shares separate from each other—whether at wallet generation or transaction authorization—reduces the possibility of collusion.
A highly secure MPC design is the two-of-two parallel threshold. By creating only two key shares, and requiring both to be used for every transaction, only a minimum number of parties are needed to operate an MPC wallet. One key share used to sign transactions is held by the end user and the other is held by the wallet provider (someone like Portal), making the process simpler than MPC wallet designs with three or more key shares. The party holding the second primary key share can never sign a user’s transaction without them.
Usability
MPC wallets do not require seed phrases. Instead, social sign in or biometrics make it faster and easier for users to create a wallet in 30 seconds or less.
Should users ever have to recover access to their accounts, backup key shares are encrypted and stored away from the users’ device, minimizing the possibility of a bad actor getting a hold of both the account on the device and the backup keys.
For enterprise customers, the two-of-two parallel threshold design has a usability advantage over an M-of-N design: it reduces the number of parties that must be vetted and set up to store keys or sign transactions. Devising your own M-of-N design may create potential legal questions that as an app developer you would have to research and decide on your own.
For organizations interested in Account Abstraction, MPC wallets can be set up with Account Abstraction. (Portal offers this capability directly in our SDK. Check out our Account Abstraction documentation or Account Abstraction blog post for more details).
Scalability
For enterprise customers, the TSS MPC design easily supports thousands or millions of users per organization across ETH and all EVM blockchains without having to worry about lag or latency. No gas fees are required for any TSS operations such as wallet generation, backup, or recovery.
Additionally, organizations can implement flexible policies for generating new key shares with TSS MPC. For example, a business can choose to generate a new set of key shares every time a user logs in and authenticates. Or they can choose to only refresh key shares upon the recovery process. Either setup supports an enterprise-level user base.
Strong security with user-friendly design will drive adoption
As Web3 adoption grows and more industries integrate blockchain technology into their products, a wallet design that balances security with ease of use will be table stakes. Partnering with a company like Portal prepares your business for the future. Book a demo with us today to see Portal in action.
Our content is for informational purposes only and should not be taken as financial or legal advice. Refer to our website Terms and Conditions for more information.
