Cramium MPC SDK Litepaper

The MPC SDK provides tools for managing cryptographic keys securely using distributed key-sharing techniques. This ensures that no single device or entity holds the full key, enhancing security and eliminating single points of failure.

Download PDF Developer Docs
MPC SDK ecosystem illustration

Overview of MPC SDK

Enhanced Security

Distributed shard storage ensures no single point of failure.

Flexibility

Compatible with various Blockchain ecosystems and use cases.

Reliability

Backup and recovery options protect against device loss or failure.

Scalability

Designed to manage multiple keys and configurations efficiently.

Core Concepts

Secret Key

The foundational key for Blockchain transactions, used for signing and verification.

  • Supported Types: ECDSA and EdDSA, widely used in Bitcoin, Ethereum, and other Blockchains.

Key Shards

Each secret key is divided into shards stored across multiple devices.

  • Enhancing security by ensuring no single device holds the complete key.

  • Shards include the public key and must be stored securely.

MPC Parties

Devices or nodes that participate in managing shards.

  • Examples: Mobile devices, cloud servers, hardware wallets.

Threshold Configuration

Defines the number of shards required for operations.

  • Example: A 3-4 threshold allows any 3 out of 4 shards to perform signing.

MPC SDK Functionalities

Organizes keys and shards for efficient management.

  • Supports multiple keys per group.
  • Flexible configurations for different applications (e.g., ECDSA vs. EdDSA keys).

Key Operations

The MPC SDK provides two flexible modes for generating cryptographic keys: Key Generation with Mnemonic and Key Generation without Mnemonic. Both modes leverage the distributed nature of MPC to ensure maximum security while supporting diverse user needs.

Key Generation with Mnemonic

This mode integrates with mnemonic phrases, widely used in Blockchain ecosystems, to ensure compatibility with existing wallet recovery standards.

Ideal for users who prioritize compatibility with existing wallet systems and require secure recovery options.

  • Mnemonic Creation: A mnemonic phrase is generated by a trusted dealer (typically the user’s mobile device). This phrase serves as the seed for deriving secret keys for various Blockchains (e.g., Bitcoin, Ethereum).
  • Key Derivation: The secret keys are derived from the mnemonic. The trusted dealer generates MPC key shards for each secret key.
  • Shard Distribution: The key shards are securely distributed to all MPC parties (e.g., mobile, cloud, hardware wallet). The mnemonic shards are also securely distributed to these parties.
  • Mnemonic Deletion: After shard distribution, the trusted dealer deletes the mnemonic and the original secret keys for security.
  • Adding New Wallets: If new wallets are needed in the future, reconstruct the mnemonic from the shards, derive a new secret key from the mnemonic, distribute the new key’s shards to MPC parties, and delete the mnemonic and new secret key after distribution.

Key Generation without Mnemonic

This mode eliminates the need for mnemonic phrases, focusing on direct and highly secure key generation within the MPC system.

Ideal for users prioritizing maximum security and who do not require mnemonic-based recovery options.

  • MPC Key Generation: The user triggers the generation process (usually from their mobile device). All MPC parties collaboratively generate a new secret key. The secret key is never revealed during this process; each party only holds a shard.
  • Shard Storage: Each MPC party securely stores its shard of the secret key.
  • Master Key and Child Keys: The generated secret key serves as a Master Key. Child keys for different Blockchains are derived from this Master Key using a derivation path. Only the child key’s public key is retained for wallet address generation; child key shards are not stored.

Signing

Secure signing without revealing the secret key.

  • Threshold parties collaborate to sign transactions (e.g., Blockchain transfers).

Key Rotation & Resharing

  • Key Rotation: Periodically refreshes shards to enhance security and mitigates risks if a shard is compromised.
  • Key Resharing: Adjusts the number of parties or the threshold configuration, adding or removing devices from the MPC system as needed.

Backup and Recovery

Shards can be securely backed up on the cloud.

  • Allows restoration if a device is lost or compromised, without reconstructing a single vulnerable key.

Key Import & Export

  • Import: Supports integration with external wallets using mnemonic phrases.
  • Export: Enables secure sharing of keys or mnemonic data when required.

Architecture at a glance.

The litepaper describes how end-user devices, Cramium PHSM modules, and service nodes collaborate to keep keys split and verifiable using the MPC SDK.

  • End-user devices, PHSM, and service nodes as MPC parties
  • Threshold configurations for different security policies
  • MPC SDK functionalities for organizing keys and shards across these components
High-level MPC SDK architecture diagram