Key Shard and Backup

What are key shards?

Key shards are the independent cryptographic segments generated by MPC (Multi-Party Computation) technology, rather than the pieces generated from splitting the original private key.

These cryptographic segments collectively participate in multi-party computation to generate a unique and valid signature equivalent to the result when using the original private key to sign a transaction. Through the use of MPC technology, the original private key is never exposed or present in any physical device throughout its entire lifecycle.

Why do we need key shards?

Based on MPC technology, the process of generating key shards ensures that the original private key is never present in any physical device, thereby eliminating single-point failures from its source. To ensure the security of customer private keys, Safeheron adopts a 3/3 threshold signature scheme, where the customer holds one key shard, Safeheron holds another shard, and a trusted third party holds the remaining shard.

Safeheron also selects two different cloud service providers that support trusted computing to ensure a higher level of private key security. This approach ensures that a single cloud provider can only access one key shard, making it more difficult for attackers to target the private keys. By separating responsibilities for managers of different key shards and following the Principle of Least Privilege (PoLP) for physical network and system security, Safeheron provides additional security measures to safeguard client assets.

How to back up key shards?

When it comes to backing up a wallet with Safeheron, it's similar to doing so with a regular or hardware wallet. Users can back up their key shards through recovery phrases, which can be done offline for convenience.

Thanks to Safeheron's cryptographic protocols, users don't need to back up Keystore files or other key shard data packages. They can back up their local private key shards and the two cloud-based key shards that correspond to the recovery phrases anytime and anywhere, which is consistent with their backup habits when using wallets.

The only difference with a regular wallet is that with Safeheron, users need to back up three sets of recovery phrases instead of just one.

Last updated