MPC Key Generation


The creation of multi-party computation (MPC) keys involves a dynamic, step-by-step procedure that involves several rounds of communication between your backend and the Fireblocks API. This process operates asynchronously, meaning that it takes place over multiple interactions rather than a single continuous operation.

Key Generation

Let's break down the process for better clarity:

  1. To initiate the generation of MPC keys, your application calls the generateMPCKeys method within our SDK. This step triggers the process and sets everything in motion.
  2. The key part of the whole process lies in the communication rounds between your backend and our API. These rounds are essential for securely creating the keys.
  3. Your backend calls the Fireblocks RPC API with a payload obtained from the outgoingMessageHandler instance, which is created on the application side.
  4. The process unfolds repeatedly with each round building upon the previous one. Your application and backend exchange messages, refining the communication until the key generation process is complete.
  5. The MPC key generation concludes when a webhook message bearing the completed content arrives. This signifies that the process has successfully generated the keys.
  6. After successfully generating MPC keys, the final step involves storing these keys in a secure manner to ensure protection for your end users. This process is tailored to your preferences through a range of options, such as mobile enclaves, biometric authentication, two-factor authentication (2FA), and more. You retain full control over the implementation that best suits your security needs.

Key Generation


Supported Algorithms

Currently the Fireblocks NCW feature supports only MPC_CMP_ECDSA_SECP256K1. Support for MPC_EDDSA_ED25519 will be added in the future.

First, an NCW needs to be created using the Fireblocks API SDK. You can add the below to the customer backend of your application.

import { FireblocksSDK } from "fireblocks-sdk";

//Provide your NCW Admin API key and API secret here
const fireblocks = new FireblocksSDK(privateKey, apiKey);

//Create a new wallet
const walletId = await fireblocks.NCW.createWallet();

Next, a new account should be created within the newly created NCW.

// create account under wallet
const accountId = await fireblocks.NCW.createAccount(walletId);

Lastly, start the MPC key generation from your application. You can add the below to your customer application.

import { IKeyDescriptor } from "@fireblocks/ncw-js-sdk";

// Generate MPC Keys
const algorithms = new Set(["MPC_CMP_ECDSA_SECP256K1"]);
const keyDescriptor: Set<IKeyDescriptor> = await fireblocksNCW.generateMPCKeys(algorithms);
val algorithms = setOf(Algorithm.MPC_ECDSA_SECP256K1)
fireblocksSdk.generateMPCKeys(algorithms = algorithms){ result ->
    Timber.i("generateMPCKeys result: $result")
// generate MPC key for ECDSA using concurrency
let algorithms = Set([.MPC_ECDSA_SECP256K1])
let keys = try await instance.generateMPCKeys(algorithms: algorithms)


// generate MPC key for ECDSA using callback
let algorithms = Set([.MPC_ECDSA_SECP256K1])
try instance.generateMPCKeys(algorithms: algorithms, callback: { [weak self] result in
	//handle result