01.
Security / Governance
MPC wallet,
key management
& policy engine
The institutional custody solution built for operational control, not just safekeeping.
01 MPC wallet & key management
Your keys never exist in one place
Private keys are the most sensitive component of digital assets. The Vault protects them through multiple independent layers, supported across all deployment models.
01.
MPC
cryptography
The Vault uses true threshold MPC — a T-of-N signature scheme where each private key is split into shares distributed across client devices and TEE-secured servers. The key is never assembled in full at any single point, eliminating the risk of theft even in the event of a breach
02.
TEE
technology
Trusted Execution Environment (TEE) provides hardware-level isolation for key operations. Even if the surrounding server infrastructure is compromised, operations inside the TEE remain protected — key shares cannot be extracted.
03.
Your
sole control
Private keys are generated and stored within the client’s own perimeter. The Vault infrastructure never has unilateral access to keys or the ability to sign transactions without client authorisation.
Multi-party computation wallet architecture is supported across all three deployment models — In-house, Cloud, and Hybrid — with the same security guarantees at every level.
02 Policy engine
A policy engine that governs every fund movement
Structural governance enforced before any key share activates.
Rule-based workflows for transaction authorisation. Define who approves what, under which conditions, and with what quorum requirement — for every wallet and operation type.
03 Approval workflows
Step-by-step:
how every transaction is governed
A multi-user wallet only delivers security if the approval process is strictly enforced.
01.
Policy setup
Admins configure rules, limits, and quorums.
Admins configure rules, limits, and quorums.
02.
Initiation
Authorised user creates a request. Initiators cannot approve.
Authorised user creates a request. Initiators cannot approve.
03.
Validation
Auto-check against predefined rules. Non-compliant requests are instantly rejected.
Auto-check against predefined rules. Non-compliant requests are instantly rejected.
04.
Approval
Routed to designated approvers based on policy quorum.
Routed to designated approvers based on policy quorum.
05.
Signing
MPC key shares sign across devices and TEE servers.
MPC key shares sign across devices and TEE servers.
06.
Execution
Submitted to the blockchain.
Submitted to the blockchain.
04 Audit trail & reporting
Complete
visibility
across every
wallet
and
operation
Audit-ready architecture with deep operational visibility built for regulated environments.
Comprehensive
audit trail
Every operation captures initiator, approvers, timestamps, and device identifiers.
End-to-end
monitoring
Full visibility across all wallets for compliance and finance teams.
Cryptographic
integrity
Tamper-resistant databases ensure audit logs cannot be altered retroactively.
Complete
attribution
Nothing is anonymous. Every decision is tracked to a specific user & device.
05 Deployment control
Same security architecture, deployed your way.
Choose where The Vault runs. The MPC key management and policy engine operate identically in every configuration.
- Deployed on client infrastructure
- Zero external dependencies
- All keys and data within client perimeter
- Closed architecture minimises external exposure
- Key components hosted on client side
- Platform management by The Vault
- Operational flexibility with key sovereignty
- Suitable for teams without full infra capacity
- Fully managed cloud solution
- Same MPC and policy engine
- Ready to deploy without infrastructure setup
- 24/7 access and maintenance
Contacts
Security that belongs to you, not your vendor.
The only platform combining true threshold MPC, a configurable policy engine, and full deployment flexibility — with no third-party key access.
2026 All Rights Reserved