Skip to main content

Sodot MPC Infra

Sodot MPC SDKs and vertex provide a highly performant MPC infrastructure that is handcrafted for companies that build custody and wallet products in Web3.

The SDKs and the vertex are designed to maximize the control and independence of our customers. Therefore, it can be deployed fully on-premise, allowing full data privacy and operational independence.

Our MPC SDKs and vertex can be integrated seamlessly without requiring any prior cryptography knowledge.

info

Our cryptography code was audited by NCC Group (September 2025), Trail of Bits (September 2024) and NCC Group (July 2023).

Overview

Sodot MPC Infra allows for generating, managing and utilizing Web3 signing keys by leveraging MPC in order to mitigate the inherent risk involved with managing a sensitive private key.

Sodot MPC Infra supports generating and signing with a distributed private key, that is distributed into any number of shares on any combination of mobile, web or server.
However there are two prominent settings for utilizing Sodot MPC Infra.

Custody Operations

For any custodial product (i.e. custodians, market-makers, exchanges, etc.) we recommend utilizing our deployable MPC signer - vertex - that leverages secure enclave technology in the following manner:

Self-Custodial Wallets

For any self-custodial product (i.e. wallets, wallet-as-a-service) we recommend utilizing our SDKs on the client side and deploying a vertex on the backend in the following manner:


How Does It Work?

Sodot MPC Infra takes care of all the cryptography related to MPC, secure communication between client devices. For the vertex secure storage of the secret material as well as running the MPC protocols from within secure enclaves is also included.

In order to make this work seamlessly, communication between devices goes through a relay server. The general flow for each key generation or signing operation looks like this:

  • The vertex service creates a room in the relay server, which is given a unique room-ID.
  • Then, the room-ID must be sent to all devices/servers that will participate in the MPC operation.
  • All devices with a room-ID will then connect to that room in the relay server.
  • When all parties have connected, all SDKs/vertices involved start running the MPC operation (e.g. signing or key generation).

We show this with an example of a signing operation between three different users:

Diagram

In the diagram we consider three users named Alice, Bob and Charlie, using either the Sodot MPC SDK or vertex on their devices/servers. The users' communication is relayed via a relay server. The diagram depicts the general flow of information between the users.



Why do you need a relay server?

In order for any set of clients that are mobile to communicate with each other, having them connect via a relay server allows communication to work smoothly even in adverse network environments where peer-to-peer communication is not possible.

Security Notice

The relay server provides no cryptographic services, therefore, even in the case of a breach of this server, the signing keys remain safe as well as each and every key share of the clients. All data flowing through the relay server is end-to-end encrypted so that the relay server knows nothing about the data being relayed.


Next we will show how to deploy and use a vertex and how to install and use the SDKs.