MPC Key Generation


The creation of multi-party computation (MPC) keys involves a dynamic, step-by-step procedure that involves several rounds of communication between your backend and the Fireblocks API. This process operates asynchronously, meaning that it takes place over multiple interactions rather than a single continuous operation.

Let's break down the process for better clarity:

  1. To initiate the generation of MPC keys, your application calls the generateMPCKeys method within our SDK. This step triggers the process and sets everything in motion.
  2. The key part of the whole process lies in the communication rounds between your backend and our API. These rounds are essential for securely creating the keys.
  3. Your backend calls the Fireblocks RPC API with a payload obtained from the outgoingMessageHandler instance, which is created on the application side.
  4. In each round, messages travel between our system and your backend. Our system posts webhook messages to a predefined route on your backend, conveying essential information.
  5. The incomingMessageHandler instance, operating on your application's side, processes the webhook message and generates the next phase of communication.
  6. The process unfolds repeatedly with each round building upon the previous one. Your application and backend exchange messages, refining the communication until the key generation process is complete.
  7. The MPC key generation concludes when a webhook message bearing the completed content arrives. This signifies that the process has successfully generated the keys.
  8. After successfully generating MPC keys, the final step involves storing these keys in a secure manner to ensure protection for your end users. This process is tailored to your preferences through a range of options, such as mobile enclaves, biometric authentication, two-factor authentication (2FA), and more. You retain full control over the implementation that best suits your security needs.


Process change

Beginning with [email protected], steps 5 and 6 of the above process will no longer apply since the message loop between the client SDK and the backend will be facilitated by the client and server SDKs. The following diagram illustrates the new key generation process.

Key Generation


Supported Algorithms

Currently the Fireblocks NCW feature supports only MPC_CMP_ECDSA_SECP256K1. Support for MPC_EDDSA_ED25519 will be added in the future.

First, an NCW needs to be created using the Fireblocks API SDK. You can add the below to the customer backend of your application.

import { FireblocksSDK } from "fireblocks-sdk";

//Provide your NCW Admin API key and API secret here
const fireblocks = new FireblocksSDK(privateKey, apiKey);

//Create a new wallet
const walletId = await fireblocks.NCW.createWallet();

Next, a new account should be created within the newly created NCW.

// create account under wallet
const accountId = await fireblocks.NCW.createAccount(walletId);

Lastly, start the MPC key generation from your application. You can add the below to your customer application.

import { IKeyDescriptor } from "@fireblocks/ncw-js-sdk";

// Generate MPC Keys
const algorithms = new Set(["MPC_CMP_ECDSA_SECP256K1"]);
const keyDescriptor: Set<IKeyDescriptor> = await fireblocksNCW.generateMPCKeys(algorithms);
val algorithms = setOf(Algorithm.MPC_ECDSA_SECP256K1)
fireblocksSdk.generateMPCKeys(algorithms = algorithms){ result ->
    Timber.i("generateMPCKeys result: $result")
// generate MPC key for ECDSA using concurrency
let algorithms = Set([.MPC_ECDSA_SECP256K1])
let keys = try await instance.generateMPCKeys(algorithms: algorithms)


// generate MPC key for ECDSA using callback
let algorithms = Set([.MPC_ECDSA_SECP256K1])
try instance.generateMPCKeys(algorithms: algorithms, callback: { [weak self] result in
	//handle result