Key Custody

A non-custodial wallet is a software or hardware tool where the user has sole possession and control of their private keys. This model is the foundation of self-sovereign finance, eliminating counterparty risk but placing full security responsibility on the user.

• Examples: MetaMask (software), Ledger (hardware).
• Mechanism: Keys are generated and stored locally, never transmitted to a third-party server.
• Security Model: Relies on user's ability to safeguard seed phrases and device security.

Multi-Party Computation (MPC) is a cryptographic technique that distributes a private key into multiple secret shares held by different parties. No single party ever has access to the complete key; signing a transaction requires a threshold of parties to collaborate.

• Key Benefit: Eliminates single points of failure and enables institutional workflows with approval policies.
• Use Case: Used by custody providers like Fireblocks and Qredo to secure enterprise assets.
• Technical Basis: Relies on advanced cryptographic protocols like Shamir's Secret Sharing or threshold signatures.

A Hardware Security Module (HSM) is a dedicated, tamper-resistant physical computing device that safeguards cryptographic keys and performs crypto operations. They are the gold standard for institutional-grade key storage.

• Function: Generates, stores, and uses keys within a certified, isolated hardware environment.
• Compliance: Often certified to standards like FIPS 140-2 Level 3 or higher.
• Deployment: Commonly used in bank-grade custody solutions and for securing validator nodes in proof-of-stake networks.

Smart contract wallets are blockchain accounts controlled by programmable code (a smart contract) rather than a single private key. This enables advanced custody logic like social recovery, spending limits, and multi-signature requirements.

• Flexibility: Custody rules are enforced on-chain by the contract's code.
• Examples: Safe (formerly Gnosis Safe), Argent.
• Recovery: Often implement social recovery, allowing a user's designated guardians to help restore access if keys are lost.

Multi-signature (multisig) is a specific access control scheme that requires cryptographic signatures from a predefined subset of multiple private keys to authorize a transaction. It is a foundational primitive for shared asset control.

• Configuration: Defined as m-of-n, where m signatures are required from n possible key holders.
• Application: Used for treasury management, DAOs, and simple shared accounts.
• Implementation: Can be a native feature (e.g., Bitcoin's P2SH) or built via smart contracts (e.g., Ethereum).

Custodial services are third-party entities, typically regulated financial institutions, that take full possession and control of a user's private keys on their behalf. The user trades direct control for convenience and institutional security practices.

• Model: The user holds a claim against the custodian, not direct on-chain ownership.
• Providers: Include exchanges (Coinbase Custody), banks, and specialized firms (Anchorage Digital).
• Security: Combines technologies like HSMs, MPC, and insurance within a regulated framework.

Beyond the custody model, key security depends on physical and operational controls.

• Hardware Security Modules (HSMs): Tamper-proof devices for key generation and storage, but are expensive and require rigorous operational security.
• Air-gapped Systems: Computers never connected to the internet, used for signing. Risk of human error in transferring transaction data.
• Insider Threats: Malicious or coerced employees with access to key material.
• Supply Chain Attacks: Compromised hardware or software during manufacturing or distribution.

Custody solutions must navigate evolving global regulations, which directly impact risk profiles.

• Licensing Requirements: Jurisdictions may require custodians to be licensed (e.g., NYDFS BitLicense), affecting availability and insurance.
• Asset Segregation: Regulations may (or may not) require customer assets to be held separately from the custodian's operational funds.
• Insurance: Some custodians offer crime insurance policies, but coverage limits, exclusions, and the insurer's ability to pay are critical risk factors.

A private key is a secret, cryptographically generated number that proves ownership of a blockchain address and authorizes transactions. It is the foundational element of self-custody.

• Function: Used to digitally sign transactions, providing mathematical proof of authorization.
• Security: Must be kept secret at all costs; anyone with the private key has full control of the associated assets.
• Example: In Ethereum, a private key is a 64-character hexadecimal string (256 bits).

Multi-Party Computation (MPC) is a cryptographic technique that distributes a private key among multiple parties, requiring a threshold of them to collaborate to sign a transaction.

• How it works: The key is never assembled in one place, significantly reducing the risk of a single point of failure.
• Use Case: Used by institutional custodians and advanced wallets to enable secure, collaborative transaction signing without a single seed phrase.
• Benefit: Enables non-custodial security with institutional-grade controls and customizable signing policies.

A Hardware Security Module (HSM) is a dedicated physical computing device that safeguards and manages digital keys, performing all cryptographic operations in a hardened, tamper-resistant environment.

• Primary Function: Generates, stores, and uses cryptographic keys without exposing them to the connected computer's operating system.
• Institutional Standard: The bedrock of security for banks, certificate authorities, and regulated crypto custodians.
• Attribute: Provides FIPS 140-2 Level 3 or higher validation, ensuring resistance to physical and logical attacks.

A social recovery wallet is a non-custodial wallet model where access is secured not by a single seed phrase, but by a network of trusted "guardians" who can collectively help recover the wallet.

• Mechanism: The signing key can be regenerated if a predefined majority of guardians (e.g., 5 of 9) approve a recovery request.
• User Benefit: Mitigates the risk of permanent seed phrase loss while maintaining self-custody principles.
• Example: Implemented by wallets like Argent to improve user experience and security for mainstream adoption.

Shamir's Secret Sharing (SSS) is a cryptographic algorithm that splits a secret (like a private key) into multiple unique shares, where only a specified subset of shares is needed to reconstruct the original secret.

• Key Property: Possession of fewer than the required threshold of shares reveals zero information about the original secret.
• Application: Used to create secure backups of seed phrases by distributing shares geographically or among trusted entities.
• Contrast with MPC: SSS is often used for backup and recovery, whereas MPC is used for active, distributed signing.

This is the fundamental dichotomy in key custody models, defining who controls the private keys.

• Custodial: A third-party service (like an exchange) holds the user's private keys. The user relies on the service's security and access controls (username/password).
• Non-Custodial: The user retains sole possession of their private keys, typically via a seed phrase. They have full control and responsibility for security.
• Trade-off: Custodial offers convenience and recovery options; non-custodial offers sovereignty and eliminates counterparty risk.