Multi-Party Computation Threshold Wallet Protocol
1. Wallet Design Philosophy
The ANCORA MPC Vault eliminates the single point of failure inherent to traditional private key wallets. No complete private key ever exists in full form on any single device at any time. All signing operations are performed via secure multi-party computation across distributed key shares, with zero trust assumptions about any individual device.
This architecture eliminates nearly all common attack vectors: device theft, malware, phishing, seed phrase leakage, and centralized exchange custody risk.
2. Core Architecture
2.1 Key Sharding Model
The master signing key is split into 5 independent shares using Shamir's Secret Sharing (SSS) with a 3-of-5 threshold requirement:
No single share compromise can compromise user funds. An attacker must compromise 3 independent, geographically distributed security domains to gain signing capability.
2.2 Distributed Key Generation (DKG)
All key shares are generated via a 5-party distributed key generation protocol:
No trusted dealer is required
No party ever learns the complete master key
All shares are generated locally on respective devices
Verifiable secret sharing ensures correctness of all shares
Zero-knowledge proofs validate share integrity
2.3 Threshold Signing Protocol
All transaction signing operations use 3-round multi-party computation:
Round 1: 3 participating shares generate and exchange commitment values
Round 2: Shares exchange partial signature values
Round 3: Final signature aggregated and verified locally
Signing occurs without ever reconstructing the complete private key in memory or storage.
3. Key Management Operations
3.1 Key Rotation
Automatic key rotation occurs every 90 days:
New key shares generated via fresh DKG
Old shares securely zeroized and deleted
All funds automatically migrated to new address
Full rotation history recorded on-chain
No user action required for standard rotation
3.2 Account Recovery
Account recovery eliminates seed phrases entirely:
User initiates recovery request from any device
3-of-5 recovery contacts provide attestation signatures
New key shares generated via fresh DKG
Old shares permanently revoked on-chain
Funds automatically transferred to new wallet instance
Recovery can be completed without access to any previous device or backup.
3.3 Share Refresh
Share refresh occurs every 30 days to maintain forward secrecy:
New shares generated from existing key material
Old shares cryptographically destroyed
Master public key remains unchanged
No on-chain transaction required
Transparent to the user
4. Security Model
4.1 Attack Resistance
4.2 Audit & Verification
All MPC operations include:
Verifiable secret sharing proofs for all key generation
Zero-knowledge correctness proofs for all signing operations
Complete immutable audit log of all wallet operations
Formal security verification of all cryptographic operations