MPC Security

Your key is never in
one place.

Multi-party computation splits your private key across multiple independent nodes. No single node — or person — ever holds a complete key. Every transaction requires agreement from a threshold of nodes to proceed.

MPC, made for builders

MPC made easy for any developer

Threshold signing used to mean shipping a DKG ceremony, running your own MPC cluster, and reviewing cryptographic papers before you wrote a single line of code. With Zafeguard, one SDK call mints a threshold-signed wallet that works on EVM, Solana, and Bitcoin — and the same wallet plugs into payments, AI agents, DeFi automation, cross-chain swaps, and embedded social-login flows without a rewrite.

5 lines to first signature

Install the SDK, call create(), call sign(). No DKG plumbing. No node operations. No cryptography PhD required.

One wallet, every use case

The same MPC key signs payments, swaps, NFT mints, gas-sponsored transactions, agent actions, and DeFi rebalances. Pick the workflow — the signer is already there.

Universal multi-chain

EVM L1s and L2s, Solana, and Bitcoin under one wallet identity. The secp256k1 signer covers EVM and Bitcoin; an Ed25519 signer covers Solana. Adding a chain is selecting a component, not integrating a new wallet.

create-and-sign.ts5 lines
import { EmbeddedSigner, Curve } from '@zafeguard/mpc-sdk'

const signer = new EmbeddedSigner({ agent, threshold: 2, curve: Curve.Secp256k1 })
const loaded = await signer.create({ signerId, recovery })  // DKG done, share placed, public key ready
const sig    = await loaded.sign({ messageHash })             // threshold-signed, no private key reassembled

That is the entire integration. Pricing, gas sponsorship, recovery, social login, and policy controls are layered on top — opt in only what you need.

How threshold signing works

Threshold Signing · 2-of-3
✓ Signed
Node A
Shard 1/3
Node B
Shard 2/3
Node C
Shard 3/3
Threshold
2-of-3
must agree
Signed Transaction
Key never reconstructed

Signing happens inside the nodes — no complete key is ever assembled

Key Shards
Result
01
Request broadcast

The transaction is distributed to all MPC nodes. Each node sees the request but holds only its own shard — no node ever sees a full key.

02
Threshold reached

Any 2-of-3 nodes independently agree to participate. The third node can be offline or withheld and signing still succeeds.

03
Signature combined

Each participating node computes a partial signature. These are cryptographically combined — the full private key is never reconstructed at any point.

▶ Hit Sign Transaction to watch threshold signing in action

How key generation works

Before any signing can happen, each node independently generates its secret shard through a distributed ceremony. No trusted dealer. No full key. Ever.

Key Generation Ceremony
✓ Complete
Node AIdle
Node BIdle
Node CIdle
Party A
Party B
Party C
Ceremony result
A · Shard 1/3
B · Shard 2/3
C · Shard 3/3
Public key derived

No complete private key was ever assembled

1
Generate
2
Commit
3
Verify
4
Derive
5
Complete

▶ Commitments exchanged between parties — private shards never leave each node

Choose your deployment model

Both deployment models ship from the same test-gated source. Every release passes 1,100+ cryptographic assertions across all 12 supported curves and every ceremony — DKG, presigning, signing, reshare, recovery. Same mathematics, same guarantees, whether we host it or you do.

Built-in MPC
Included on Professional+, zero setup

Every workspace on Professional and above gets MPC-backed key protection out of the box. No servers, no configuration — we handle the infrastructure across geographically distributed nodes.

  • Keys split across multiple secure, globally distributed nodes
  • No seed phrase — social login + MPC recovery
  • Threshold agreement required for every transaction
  • Gasless signing via gas station integration
  • Active in minutes, zero infrastructure setup
  • 1,100+ cryptographic checks pass on every release
  • Included on Professional plan and above
See pricing
Self-Hosted MPC
Enterprise · Contact us

Deploy our MPC node cluster entirely on your own infrastructure. Keys never leave your environment — no third party is ever involved in any signing operation. Ideal for institutions with strict data-sovereignty requirements.

  • Deploy MPC nodes on your own servers or cloud
  • Keys entirely within your controlled environment
  • Connect your existing identity and compliance stack
  • Custom threshold policies (e.g. 3-of-5 nodes)
  • Full audit logs piped to your SIEM
  • Same binary as the built-in cluster — same test gate
  • Dedicated support and deployment assistance
Talk to sales
Developer SDK · @zafeguard/mpc-sdk

Integrate MPC in your app

The MPC SDK ships native Node.js binaries plus a WebAssembly fallback so the same code runs in browsers, React Native, Expo, and Cloudflare Workers. Two public entry points — pick the one that matches your topology.

EmbeddedSigner
Warm-cold wallet · device + N cloud agents

The high-level facade. User's device holds one share, the cohort of cloud agents holds the rest, threshold signing requires the device plus the configured number of agents. Five-method lifecycle covers create · sign · export · load · reshare. Includes a presignature pool so the device can sign offline between agent round-trips.

signer.ts
import { EmbeddedSigner, Curve } from '@zafeguard/mpc-sdk'

const signer = new EmbeddedSigner({
  agent:     [{ baseUrl: 'https://node-1', apiKey: '…' }],
  threshold: 2,
  curve:     Curve.Secp256k1,
})
const loaded = await signer.create({ signerId, recovery })
const sig    = await loaded.sign({ messageHash })
Embedded Signer reference
MPCAgent
Raw cluster client · institutional custody

The lower-level surface. Direct HTTP client for a single MPC cluster node when you want server-side custody with no embedded device party — pure cluster-managed keys for institutional hot wallets, custody backends, or cold-storage flows. Exposes the full cluster ceremony surface and the recovery primitives.

agent.ts
import { MPCAgent } from '@zafeguard/mpc-sdk'

const agent = MPCAgent.connect(host, port, apiKey)

const session = await agent.sessions.createKeyShare({ /* DKG */ })
const partial = await agent.presignature.sign(presigId, {
  messageHashB64,
})
MPC Agent reference
Composable Security

Build your own security strategy

MPC is the foundation — what you build on top is yours to design. Define custom threshold policies, compose layered recovery paths, and create approval rules that match your exact risk model without writing any cryptographic code.

Threshold

Custom threshold policies

Set any m-of-n threshold — 2-of-3 for teams, 3-of-5 for institutions, or 4-of-7 for maximum fault tolerance. Adjust policies without a re-keying ceremony.

Recovery

Social recovery

Assign trusted guardians who can collectively restore access without ever touching raw key material. No seed phrase. No single person can unilaterally recover.

Defense-in-depth

Hardware integration

Combine MPC shards with HSMs or physical security keys for defense-in-depth. Your shard strategy can span cloud nodes, on-premises servers, and hardware simultaneously.

Compliance

Composable approval flows

Chain multiple conditions — time locks, quorum approvals, geo-restrictions — into a recovery policy that satisfies your compliance and operational requirements.

Need a custom security architecture?

Our team can help you design a recovery and approval strategy for your specific compliance requirements — from SOC 2 to institutional-grade sovereign custody.

Talk to an architect

Why MPC beats the alternatives

vs. Seed Phrases
The problem

A single seed phrase is a single point of failure. Written down, it can be stolen. Stored digitally, it can be compromised.

With MPC

MPC splits the key across multiple nodes. There is no seed phrase to steal because no complete key ever exists in one place.

vs. Hardware Wallets
The problem

Hardware wallets protect the key at rest, but require physical access, can be lost, and become a bottleneck for automated operations.

With MPC

MPC nodes operate 24/7 and can participate in automated workflows without any physical device — while maintaining the same security guarantees.

vs. Single-Server Custody
The problem

A single server holding a private key is one database breach or insider threat away from total loss.

With MPC

With MPC, no single server holds a complete key. Compromising one node reveals nothing — an attacker needs to compromise the threshold simultaneously.

Architecture comparison

MPC vs Multisig

Both approaches distribute signing authority across multiple parties — but they differ fundamentally in where that distribution happens: on-chain or off-chain.

Multisig
On-chain m-of-n approval

Multiple independent private keys are created, each held by a different party. A transaction is only valid when a threshold (m) of those key-holders each sign separately — and the blockchain verifies all signatures on-chain.

ProBattle-tested — native to Bitcoin, Ethereum smart contracts, and many chains
ProFully transparent — quorum policy is visible and auditable on-chain
ProNo trusted computation — verification is purely cryptographic
ConHigher gas costs — multiple signatures increase transaction size and fees
ConPrivacy leakage — number of signers and policy are visible to anyone
ConPolicy changes require on-chain transactions, key rotations, and coordination
ConIncompatible with chains that don't natively support multisig contracts
MPC
Off-chain threshold computation

Key shards are held by separate nodes that never communicate the full key. When a threshold of nodes agree, they perform a distributed computation that produces one standard signature — indistinguishable from a single-signer transaction on-chain.

ProSingle on-chain signature — same gas cost as any ordinary transaction
ProPrivate by default — signing policy is invisible to external observers
ProWorks on any chain — no special smart contract or protocol support required
ProThreshold and shard policy can change without a key rotation ceremony
ConRequires trust in the MPC node implementation and protocol correctness
ConNodes must be online and reachable at signing time
ConMore complex to audit than a simple on-chain multisig contract
Dimension
Multisig
MPC
Signing location
On-chain — all signatures verified by the network
Off-chain — nodes compute jointly, one signature sent
Gas cost
Higher — payload grows with each additional signer
Standard — identical to a single-key transaction
Privacy
Public — policy and participant count visible on-chain
Private — policy is opaque; looks like any transaction
Chain compatibility
Limited — requires native or contract multisig support
Universal — any chain that accepts a standard signature
Key exposure
Full keys exist — each party holds a complete private key
No full key — shards are never combined in one place
Policy changes
On-chain transaction required to update signers
Reconfigurable without touching the blockchain
Automation
Difficult — requires coordination between key-holders
Native — nodes operate programmatically 24/7
When to use which
Choose multisig when
  • Full on-chain transparency is a compliance requirement
  • You are building a DAO or on-chain treasury with public accountability
  • The chain natively supports multisig with no extra cost
Choose MPC when
  • You need cross-chain key management from a single unified key
  • Gas efficiency matters — high-frequency or automated transactions
  • Privacy is required — policy must not be visible on-chain
  • You want programmatic, 24/7 signing without physical key-holders
Why Zafeguard

Four things you do not get anywhere else, together

Each of these capabilities exists somewhere in the market in isolation. The differentiator is the combination — MPC primitives, a visual workflow canvas, true multi-chain coverage, and a path from hosted to fully self-hosted — sold as one product, with one SDK and one bill.

Developer experience

MPC made easy for any developer

Threshold-signed wallet in 5 lines of TypeScript. No DKG ceremony to ship. No MPC node ops. No cryptography PhD required. The complexity stays in the SDK — your app code stays normal.

Versatility

One platform, every on-chain use case

Payments, swaps, NFT mints, gas-sponsored transactions, AI agent actions, DeFi automation, embedded wallets — composed visually in the same canvas as signing. No glue code between services you bought from five vendors.

Coverage

Multi-chain under one wallet identity

EVM L1s and L2s, Solana, and Bitcoin from one workspace. Secp256k1 covers EVM and Bitcoin; Solana uses Ed25519. Two signers under one namespace, one SDK surface across all of them.

Sovereignty

Hosted, embedded, or fully self-hosted

Use built-in MPC on day one. Move to embedded device + cloud cohort when your UX needs it. Lift the entire MPC cluster onto your own infrastructure when compliance demands it. Same SDK at every step.

Side-by-side

How Zafeguard MPC compares

Wallet infrastructure today is split across four categories. Each does part of the job. Below is how Zafeguard maps to the capabilities those categories represent — and where the gaps tend to live.

Capability snapshot based on each category's typical public surface as of 2026. Individual vendors may differ; check the latest from each provider for current detail.

Capability
Zafeguard
All-in-one
MPC Custody
Institutional threshold-MPC platforms
Wallet-as-a-Service
Embedded-wallet / sign-in providers
Smart-Wallet Infra
Smart-account & AA infrastructure
Roll Your Own
Web3 libraries + a custom MPC stack
Threshold MPC signing
Off-chain m-of-n sharding, one signature on-chain.
Yes
Yes
Partial
Partial
EVM + Solana + Bitcoin under one identity
One workspace, one SDK, every major chain family.
Yes
Partial
Partial
Partial
Visual workflow builder
Drag-and-drop canvas for signing, swaps, payments, agents.
Yes
Embedded signer SDK (browser + RN)
Device share + cohort cloud shares. Browser, RN, Expo, Workers.
Yes
Partial
Yes
Partial
Offline / pre-signed signatures
Pre-mint a pool online, sign offline against it.
Yes
Partial
Self-hostable MPC nodes
Run the cluster on your own infrastructure.
Yes
Partial
Yes
Time to first signature
npm install → on-chain.
~5 min
Sales call
~15 min
~30 min
Weeks
Lines of code to mint a wallet
Integration size for the happy path.
5 lines
REST + console
20+ lines
50+ lines
Hundreds
REST + typed SDKs (TS, REST)
Public API and typed clients.
Yes
Yes
Yes
Partial
n/a
Local dev + self-serve sign-up
Sign up, get an API key, run locally.
Yes
Yes
Yes
Yes
Composable on-chain components
Swap, gas, payment, contract calls in the same flow as signing.
Yes
Partial
AI agent integration (MCP)
Plug any AI agent into workflows via MCP.
Yes

Scroll the table horizontally to see every column.