Security

MPC Protocol & Node Architecture

Planbok's security is anchored by our 2-of-2 Multi-Party Computation (MPC) protocol. This architecture ensures that a single compromise of a server, employee, or database can never lead to the loss of funds, as the full private key never exists in any single location.

The Distributed Node Architecture

Planbok operates two cryptographically isolated nodes that collaborate to perform sensitive operations.

Node 1 (Coordinator): Handles request orchestration and stores the "blinded" key shares. In trustless models, this node is powerless without the client's entropy.
Node 2 (Signer): An independent cryptographic engine that holds the second share. It only participates in protocols after validating the authenticity and authorization of the request.

Isolation & Communication

All communication between nodes occurs over mutual TLS (mTLS) encrypted gRPC channels. Nodes are deployed in separate network namespaces and hardware-backed environments to prevent lateral movement in the event of a breach.

Distributed Key Generation (DKG)

Traditional wallets generate a private key and then backup its shards. Planbok reverses this: we generate the shares independently so the full key is never born.

Code
sequenceDiagram
    participant C as Client (SDK/API)
    participant N1 as MPC Node 1
    participant N2 as MPC Node 2
    
    C->>N1: Initiate DKG Request
    N1->>N2: Start DKG Session
    Note over N1,N2: Round 1: Exchange Commitments
    N1->>N2: Commitment 1
    N2->>N1: Commitment 2
    Note over N1,N2: Round 2: Generate Shares
    N1-->>N1: Local Secret S1
    N2-->>N2: Local Secret S2
    Note over N1,N2: Joint Public Key Derived
    N1->>C: Public Key + Address

Threshold Signing

Signing a transaction is a collaborative process that uses the partial shares to produce a standard signature (ECDSA or EdDSA) compatible with public blockchains.

The Signing Flow

Code
sequenceDiagram
    participant C as Client (PIN/Org Secret)
    participant N1 as MPC Node 1
    participant N2 as MPC Node 2
    participant BC as Blockchain
    
    C->>N1: Sign Request (with Blinding Secret)
    N1-->>N1: Unwrap Share S1
    N1->>N2: Initiate Signing Protocol
    N2-->>N2: Valdiate Authorization
    Note over N1,N2: Multi-round Cryptographic Handshake
    N1->>N2: Partial Signature P1
    N2->>N1: Partial Signature P2
    N1-->>N1: Aggregate (P1 + P2) = Final Signature
    N1->>BC: Broadcast Signed TX
    BC-->>C: Transaction Confirmed

Key Security Properties

No Reconstruction: The shares $S1$ and $S2$ are never combined to form the private key $k$.
Stateless Request Validation: Node 2 independently verifies the authorization of every signing request before participating.
Indistinguishability: The resulting signature is mathematically identical to one produced by a single-key wallet, ensuring compatibility with all smart contracts.

Implementation Details

SECP256K1: Used for Bitcoin and EVM chains like Ethereum, BSC, and Polygon.
ED25519: Used for high-performance chains like Solana, Near, and Substrate.
Communication Layer: Protobuf-based gRPC for sub-millisecond coordination.

Last modified on February 26, 2026

Overview Key Management

The Distributed Node Architecture

Planbok operates two cryptographically isolated nodes that collaborate to perform sensitive operations.

Node 1 (Coordinator): Handles request orchestration and stores the "blinded" key shares. In trustless models, this node is powerless without the client's entropy.

Node 2 (Signer): An independent cryptographic engine that holds the second share. It only participates in protocols after validating the authenticity and authorization of the request.

Isolation & Communication

Distributed Key Generation (DKG)

Traditional wallets generate a private key and then backup its shards. Planbok reverses this: we generate the shares independently so the full key is never born.

Code

sequenceDiagram
    participant C as Client (SDK/API)
    participant N1 as MPC Node 1
    participant N2 as MPC Node 2
    
    C->>N1: Initiate DKG Request
    N1->>N2: Start DKG Session
    Note over N1,N2: Round 1: Exchange Commitments
    N1->>N2: Commitment 1
    N2->>N1: Commitment 2
    Note over N1,N2: Round 2: Generate Shares
    N1-->>N1: Local Secret S1
    N2-->>N2: Local Secret S2
    Note over N1,N2: Joint Public Key Derived
    N1->>C: Public Key + Address

Threshold Signing

Signing a transaction is a collaborative process that uses the partial shares to produce a standard signature (ECDSA or EdDSA) compatible with public blockchains.

The Signing Flow

Code

sequenceDiagram
    participant C as Client (PIN/Org Secret)
    participant N1 as MPC Node 1
    participant N2 as MPC Node 2
    participant BC as Blockchain
    
    C->>N1: Sign Request (with Blinding Secret)
    N1-->>N1: Unwrap Share S1
    N1->>N2: Initiate Signing Protocol
    N2-->>N2: Valdiate Authorization
    Note over N1,N2: Multi-round Cryptographic Handshake
    N1->>N2: Partial Signature P1
    N2->>N1: Partial Signature P2
    N1-->>N1: Aggregate (P1 + P2) = Final Signature
    N1->>BC: Broadcast Signed TX
    BC-->>C: Transaction Confirmed

Key Security Properties

No Reconstruction: The shares $S1$ and $S2$ are never combined to form the private key $k$.

Stateless Request Validation: Node 2 independently verifies the authorization of every signing request before participating.

Indistinguishability: The resulting signature is mathematically identical to one produced by a single-key wallet, ensuring compatibility with all smart contracts.