Concepts

MPC Infrastructure

The Planbok MPC system is built on a distributed 2-of-2 Multi-Party Computation (MPC) architecture, ensuring that full private keys are never held by a single party. This infrastructure provides institutional-grade security and self-custody capabilities for both organizations and individual users.

2-of-2 MPC Architecture

Our system utilizes two independent MPC nodes (Node 1 and Node 2) to manage cryptographic key shares. For any operation requiring a private key—such as signing a transaction or deriving a new wallet address—both nodes must participate in a secure communication protocol.

Key Components

Node 1: Acts as the primary coordinator for MPC operations. In customer-custody and trustless organizational models, Node 1's share is "blinded" by a client-provided secret (PIN or Organization Secret).
Node 2: An independent node that holds the second key share. Node 2 operates in isolation and only participates in protocols when cryptographically authorized by the system.
gRPC Protocol: Communication between Node 1 and Node 2 is conducted over secure gRPC channels, ensuring low latency and high reliability during complex cryptographic handshakes.

Distributed Key Generation (DKG)

Distributed Key Generation is the process by which initial key shares are created without the full private key ever existing. Planbok uses a commitment-based DKG protocol.

The DKG Process

Initiation: The system initiates a DKG session, specifying the business identity and the required key types (secp256k1 for EVM/Bitcoin, ed25519 for Solana/Near, or both).
Round 1 (Commitments): Each node generates a random secret share and a corresponding cryptographic commitment. These commitments are exchanged between the nodes to ensure neither party can bias the resulting public key.
Round 2 (Exchange): Nodes verify the commitments and exchange the necessary data to establish a joint public key and their respective private shares.
Finalization: The session is finalized, and the joint public key is returned. Each node stores its encrypted share securely.

Threshold Signing Protocol

Signing a transaction in Planbok does not involve reconstructing the private key. Instead, the nodes perform a "Threshold Signature" protocol.

Request: Node 1 receives a signing request along with the necessary blinding secret (e.g., the user's encrypted PIN).
Coordination: Node 1 initiates a signing session with Node 2.
Partial Signatures: Each node produces a partial signature using its own share and the provided message hash.
Aggregation: The partial signatures are mathematically combined to produce a valid, standard signature (e.g., an ECDSA signature for Ethereum) that is indistinguishable from one created by a traditional private key.

This ensures that even if one node is compromised, the attacker cannot sign transactions without the second share held by the other node.

Last modified on February 26, 2026

Viewing Assets & Activity Wallet Management

2-of-2 MPC Architecture

Key Components

Node 1: Acts as the primary coordinator for MPC operations. In customer-custody and trustless organizational models, Node 1's share is "blinded" by a client-provided secret (PIN or Organization Secret).

Node 2: An independent node that holds the second key share. Node 2 operates in isolation and only participates in protocols when cryptographically authorized by the system.

gRPC Protocol: Communication between Node 1 and Node 2 is conducted over secure gRPC channels, ensuring low latency and high reliability during complex cryptographic handshakes.

Distributed Key Generation (DKG)

Distributed Key Generation is the process by which initial key shares are created without the full private key ever existing. Planbok uses a commitment-based DKG protocol.

The DKG Process

Initiation: The system initiates a DKG session, specifying the business identity and the required key types (secp256k1 for EVM/Bitcoin, ed25519 for Solana/Near, or both).

Round 1 (Commitments): Each node generates a random secret share and a corresponding cryptographic commitment. These commitments are exchanged between the nodes to ensure neither party can bias the resulting public key.

Round 2 (Exchange): Nodes verify the commitments and exchange the necessary data to establish a joint public key and their respective private shares.

Finalization: The session is finalized, and the joint public key is returned. Each node stores its encrypted share securely.

Threshold Signing Protocol

Signing a transaction in Planbok does not involve reconstructing the private key. Instead, the nodes perform a "Threshold Signature" protocol.

Request: Node 1 receives a signing request along with the necessary blinding secret (e.g., the user's encrypted PIN).

Coordination: Node 1 initiates a signing session with Node 2.

Partial Signatures: Each node produces a partial signature using its own share and the provided message hash.

Aggregation: The partial signatures are mathematically combined to produce a valid, standard signature (e.g., an ECDSA signature for Ethereum) that is indistinguishable from one created by a traditional private key.

This ensures that even if one node is compromised, the attacker cannot sign transactions without the second share held by the other node.

Last modified on February 26, 2026