Guides

MPC Quorums

Suggest Edits

In order to create an MPC wallet, you must first create a quorum to securely provision the shards of the wallet private key amongst multiple devices.

Common MPC quorum configurations

MPC quorums can be configured in three different ways: using mobile devices only, CloudSign devices only, or a combination of both.

The optimal configuration for your wallet depends on what the wallet will be used for and your personal preference. Here are some example client setups and use cases:

1. Mobile only quorum

Suitable for:

  • Wallets that handle fairly low transaction volumes. This is because on mobile devices, each transaction must be manually reviewed and signed by the device owner which can be time consuming and impractical if there are a large amount of transactions occurring daily. The device owner may not be able to sign all the transactions within the 5 minute timeframe, leading the transactions to fail.
  • Wallets that require greater control or oversight. Each transaction is manually reviewed before it is signed. If enough device owners reject the signing or simply do not interact with their mobile device, the digital assets cannot be transferred and remain safely in the wallet.
  • Wallets that require increased governance. Depending on the organisation structure, customers can physically assign ownership of the wallet private key shards to specific mobile devices (for example: this particular shard is assigned to Kevin’s mobile). This allows for increased governance as organisations are able to see which shards participated in the signing process for each transaction.

Please note that whilst mobile only quorums offer increased control, they can also offer increased risk of redundancy. A mobile device could be lost or damaged, potentially rendering the quorum useless.

2. CloudSign only quorum

Suitable for:

  • Wallets that handle high transaction volumes, such as omnibus wallets - signing multiple users’ transactions in an omnibus wallet is much quicker via CloudSign than mobile. CloudSign can sign numerous transactions within a matter of seconds.
  • Wallets that use API credentials to submit transactions.
  • Customers who want a simple backup recovery process. Customers simply need to back up the disk/database/device that CloudSign is configured on. Once this is complete, in the event of a malfunction, it is very easy to get CloudSign back up and running with minimal overheads.
  • Wallets that require increased security. CloudSign is typically run in an isolated environment - its own dedicated server. This means that the risk of malicious actors gaining access to the server is limited compared to a mobile device. The IP address is not public and other programs would usually not be running concurrently on the same server.

Please note that whilst CloudSign devices offer speed and the security of an isolated server, these devices automatically sign transactions without manual review. Further, clients have the added responsibility of ensuring the CloudSign servers are managed in a secure way (ie. that their firewalls are shut, they have backups etc) and that their policies are configured as narrowly as possible. Having approval groups configured for transactions can mitigate this risk with added transaction execution latency.

3. Mixed quorum

A mixed quorum comprises both mobile and CloudSign devices. These are suitable for customers who want the flexibility to benefit from both the control offered by mobile devices and the speed of CloudSign devices.

For example, a mixed quorum could contain 5 devices: 3 mobile devices and 2 passive CloudSign devices, with 3 signatories.

The benefit of having passive CloudSign devices is that they will immediately skip the signing process, meaning that the signing falls to the 3 mobile devices and the transaction can be manually reviewed before it is signed. However, if 1 or 2 mobile devices are lost or damaged, the CloudSign device(s) can be switched from passive to active and provide the benefit of instant signing. In this scenario, the customer would be left with 1 mobile device and 2 active CloudSign devices as signatories, and therefore receive the benefits of both types of device.

Required number of devices and signatories

MPC quorums must contain at least 3 devices. There is no maximum number of devices that can be added to a quorum.

The number of signatories should always be set to at least one below the number of devices in the quorum, for a number of reasons:

  • Convenience: the owner of one device may not be online when required
  • Redundancy: a device may be lost or destroyed
  • Security: one single compromised user cannot authorise a transaction

For example: if your quorum has 3 devices, you must set at least 2 signatories.

Create a quorum

  1. Navigate to the ‘Controls’ section of the Palisade console and click the ‘MPC Quorums' tab
  2. Once at least 3 devices have been added and paired to your account, click ‘Create quorum’.
  3. Select the quorum type (mobile, cloud or mixed)
  4. Enter the quorum name
    The name should help identify the quorum.
  5. Enter the quorum description
    The description should make the purpose of the quorum clear.
  6. Choose at least 3 devices to hold the MPC wallet key shards
  7. Select the minimum number of required signatures (see above)
  8. Click ‘Create’
  9. You will be prompted to confirm the details of the quorum. If everything is correct, click ‘Create quorum’
  10. Each quorum device will receive a notification requesting their approval within 60 minutes. Once all devices have approved, the quorum will move to ‘Confirmed’ state and become available for selection when creating an MPC wallet.
    • If members do not approve the notification within 60 minutes, the quorum request will expire and a new quorum will need to be created.
    • If one or more devices rejects the notification, the quorum will not be formed.

Use a quorum

Once an MPC quorum has been created, quorum devices will receive notifications requiring them to approve or reject actions.

MPC wallet creation

When an MPC wallet is created, all of the quorum devices will all be notified and required to approve within 5 minutes. If one or more devices rejects, the wallet will not be created.

Transactions from MPC wallets

When a transaction is sent from an MPC wallet, all of the quorum devices will receive a notification requesting signature. When the minimum number of devices sign, the transaction will be submitted.

❗️

Quorums cannot be edited or deleted. Please ensure all quorum details are correct before confirming.

Updated 21 days ago