Hi,
On the Fireblocks Direct custody wallet, where are the key shares of the “3-of-3 multi-party computation (MPC) signature scheme algorithm” stored?
Hey @alexandre.makiyama – one key share is stored by the workspace owner, and the remaining shares are stored across multiple tier-1 cloud environments to ensure an extra layer of security even if one of the physical data centers is compromised. Nevertheless, these shares cannot be extracted even if malware or a hacker has control over the server’s OS – as the memory space and the data in the SGX enclave are encrypted.
You can find more information on this Developer Portal page.
Hi @yoji , thanks for the reply.
So, I understand that this key share hold by the workspace owner is the same as the “third MPC key share” mentioned at Fireblocks Key Features & Capabilities, am I right?
That’s right–although I will also clarify that the owner can create additional “third” key shares for users. This way, an API user can hold a key share for the Hot workspace setup, or other users can have keys to sign operations themselves.