FPSF-MPC-001 — Overview
Layer: Overview · Audience: architects, security reviewers, institutional evaluators For normative requirements, see the Formal Specification.
What This Is
FPSF-MPC-001 specifies a multi-party computation system that generates and manages disposable cryptographic signing keys. The defining property of the system is that no private key ever exists in a single location — not on any server, not in any database, not even briefly in memory as a complete value.
This is not a convenience feature. It is the entire point.
The Problem It Solves
Digital bearer instruments — payment tokens, vouchers, and similar structures — require cryptographic key pairs: the holder proves their right to act by signing with a private key. But this creates a security problem. Any system that needs to generate or hold private keys on behalf of users is a target. A breach exposes every key it holds.
The standard response is to protect keys aggressively — hardware security modules, access controls, encryption at rest. These measures raise the cost of a breach but do not eliminate the risk. The keys exist; they can, in principle, be stolen.
FPSF-MPC-001 takes a different approach: the private key is never assembled. It exists only as mathematical fragments distributed across multiple independent nodes. There is no single target to breach. An attacker who compromises any individual node — or any number of nodes below the signing threshold — obtains nothing useful.
How It Works
When a user requests a disposable key pair, a group of nodes runs a Distributed Key Generation (DKG) protocol. Each node ends up with a fragment (a share) of the private key. No node knows the full key. The public key — and only the public key — is returned to the user.
When the user wants to sign a message with that key, the same group of nodes runs a threshold signature protocol (FROST). Each node contributes a partial signature. A coordinator aggregates the partial signatures into a complete, standard Ed25519 signature. Again, no node ever holds the full private key.
When the user is done with the key, they request its destruction. Every node in the group wipes its share. The key ceases to exist.
Key Concepts
Three key classes. The system uses exactly three key classes with strictly separated roles: the Root Key (offline, held by the user, never touches the network), the Sub Key (online, signs API requests), and the Disposable Key (generated by MPC, private scalar never assembled).
Threshold security. The signing threshold (t, n) determines how many of the n nodes must cooperate to produce a signature. Any combination of fewer than t nodes is cryptographically useless — it reveals nothing about the private key.
Anti-collusion by design. Nodes are selected for each key group using a Verifiable Random Function. Nodes do not learn each other's identities across groups. All inter-node communication is relayed through the Coordinator, preventing direct correlation.
No session state. Every API request is self-authenticated through a cryptographic signature. There are no sessions, no login flows, and no bearer tokens.
Where Disposable Keys Are Used
FPSF-MPC-001 was designed to support privacy-preserving payment protocols, specifically the bearer key generation used in FPSF-CPP-001 (CashPack Protocol). A user receiving a cash-pack can use the MPC system to generate a fresh key pair for that instrument. When they renew or redeem the instrument, they use the disposable private key to sign, then request its destruction. The key leaves no trace.
The system is general-purpose, however. Any application that needs ephemeral signing keys without the risks of centralized key storage can use it.
Document Map
| Layer | Document | Purpose |
|---|---|---|
| Formal Specification | SPEC.md | Normative definitions |
| Overview | this document | What it is and why it exists |
| Core Concepts | Key abstractions and design rationale | |
| Reference | API reference, error codes, glossary | |
| Guides | Integration and usage guides | |
| Governance | Versioning and changelog |
FPSF-MPC-001 v1.0.0 · Draft · Fabric Payment Standards Foundation · Apache-2.0