Enterprise-grade multi-party computation with 8 cryptographic protocols, configurable t-of-n thresholds, multi-chain support, and post-quantum security. Your keys never exist in a single location.
Production-grade implementations spanning classical threshold cryptography, post-quantum lattice schemes, and fully homomorphic encryption.
4-round signing with identifiable aborts over secp256k1. Presignatures for offline signing. Bitcoin, Ethereum, all EVM chains.
2-round signing with hedged deterministic nonces. Ed25519 for Solana and TON. BIP-340 Taproot for Bitcoin. BIP-32 chaining keys.
Dynamic resharing without key reconstruction. Transition t-of-n to t'-of-(n±k) with zero downtime. Generation history with rollback. Byzantine fault tolerant.
Multi-party threshold decryption with homomorphic operations. Partial share aggregation via Lagrange coefficients. Confidential compute on encrypted data.
Module-LWE threshold signatures at 128/192/256-bit security levels. Proactive share refresh. Protection against quantum adversaries.
Quantum-Safe And Reliable. Combines BLS12-381 pairing-based signatures with Ringtail lattice for immediate and future-proof security.
BLS12-381 pairing-based threshold signatures with efficient aggregation. Compatible with Ethereum 2.0 and other consensus systems.
Constant-time 2-party ECDSA at ~5ms signing. Specialized for peer-to-peer custody and co-signing workflows.
Everything you need for institutional-grade digital asset custody and wallet operations.
Any t-of-n scheme: 2-of-3, 3-of-5, 5-of-9, 10-of-15, or any custom configuration. Byzantine-resilient majority with t ≥ ⌊n/2⌋ + 1.
Add or remove signing parties without changing public keys or addresses. LSSS-based protocol transitions t-of-n to t'-of-(n±k) with generation rollback on failure.
Ringtail lattice-based signatures and Quasar hybrid scheme provide protection against future quantum computer attacks at configurable security levels.
TFHE threshold homomorphic encryption enables computation on encrypted data. Multi-party decryption with partial share aggregation. Private policy evaluation.
17 ZK proof systems including Paillier multiplication, Pedersen-Rabin, Schnorr proofs, range proofs, and polynomial commitments for verifiable computation.
All operations authenticated via Hanzo ID. Bearer token validation, role-based access control, and audit logging for compliance.
Native support for every major blockchain ecosystem through protocol-specific curve implementations.
Real benchmarks on Apple M-series silicon. Signing is O(t) — independent of total party count. Keygen is O(n²) communication.
| Operation | 3 parties | 10 parties | 20 parties | 30 parties | 50 parties |
|---|---|---|---|---|---|
| Key Generation | 22ms | 38ms | 332ms | 535ms | 1.9s |
| Signing (t signers) | <5ms | 8ms | 18ms | 35ms | 55ms |
| Verification | 2ms | 2ms | 2ms | 2ms | 2ms |
| Operation | 10 | 100 | 1,000 | 10,000 |
|---|---|---|---|---|
| Scalar Multiplication | 6.6ms | 2.3ms | 23ms | 232ms |
| Point Addition | <0.01ms | 0.1ms | 1.1ms | 11ms |
| Lagrange Coefficients | 0.1ms | 10ms | 1.3s | 115s |
| Polynomial Evaluation | <0.01ms | 1.6ms | 166ms | 16.7s |
| Blake3 Hashing | <0.01ms | 0.03ms | 0.4ms | 3.4ms |
Signing uses only t threshold signers regardless of total n. A 10-of-10,000 scheme signs as fast as 10-of-10. Keygen/reshare touch all n parties — use tiered architecture at >100 nodes.
Private keys are never reconstructed. Threshold parties hold shares that are individually useless. Compromise of t-1 parties reveals nothing.
CGGMP21 identifies the exact cheating party in a failed signing session. Automated fault recovery with node eviction via LSSS.
LSSS share refresh and Ringtail proactive rotation ensure long-term security even if shares are periodically exposed. Generation-based key lifecycle.
All key shares encrypted at rest with AES-256 via BadgerDB. Optional KMS integration for hardware-backed encryption keys.
Get started with Hanzo MPC in minutes. Self-hosted or managed.