Institutional Vault uses Blockdaemon’s Advanced MPC Threshold Security Module (TSM) to perform threshold signing. Private keys are split across multiple independent policy nodes and are never reconstructed on a single machine. Blockdaemon MPC solutions are based on public research (some of which was performed by the Blockdaemon team), this includes protocols from the following research papers:

• [MRZ15] Payman Mohassel, Mike Rosulek, Ye Zhang: Fast and Secure Three-party Computation: The Garbled Circuit Approach. CCS 2015.
• [WRK17] Xiao Wang, Samuel Ranellucci, Jonathan Katz: Authenticated Garbling and Efficient Maliciously Secure Two-Party Computation. CCS 2017.
• [DJNP+18] Ivan Damgård, Thomas Pelle Jakobsen, Jesper Buus Nielsen, Jakob Illeborg Pagter, Michael Bæksvang Østergård: Fast Threshold ECDSA with Honest Majority. SCN 2020.
• [DKLs19] Jack Doerner, Yashvanth Kondi, Eysa Lee, Abhishek Shelat: Threshold ECDSA from ECDSA Assumptions: The Multiparty Case. IEEE S&P 2019.
• [DKLs23] Jack Doerner, Yashvanth Kondi, Eysa Lee, Abhishek Shelat: Threshold ECDSA in Three Rounds. IEEE S&P 2024.

MPC signing operations

Round Complexity ECDSA (ECDSA secp256k1)

This setup implies seven rounds for ECDSA:

• One round for exchanging metadata.
• Three rounds for generating OTs.
• Three rounds for the actual MPC signing protocol.

Round Complexity Schnorr (ed25519)

This setup implies four rounds for Schnorr:

• One round for exchanging metadata.
• Three rounds for the actual MPC signing protocol (as it it dishonest majority; honest majority would reduce this to two).

Note: Approver intent signatures are not produced by the MPC cluster. Approvers typically sign intents with standard user keys (e.g. ECDSA P-256) which are verified by policy nodes before any MPC transaction signature is produced.