Para’s Key Management System forms the core of its security architecture, employing advanced cryptographic techniques to safeguard user assets while ensuring usability across various platforms and blockchain ecosystems. At its heart is a distributed (MPC) system that leverages (DKG) and distributed signing. This innovative approach ensures that user keys are never stored in a single vulnerable location, and neither applications nor Para itself can access users’ private keys, providing a robust foundation for secure, non-custodial wallet management.

Key Components

Para’s key management system relies on a 2-of-2 MPC system comprised of three main components:
  1. MPC Key 1: User Share
  2. MPC Key 2: Para Share
  3. Passkey

User Share

The User Share is custodied by the user and acts like a hot wallet. It is accessible in the browser or on the user’s device, providing immediate control over assets while interacting with crypto applications.

Cloud Share

The Cloud Share is managed by Para and stored securely in cloud hardware-security modules (HSMs). This setup provides a secure off-device backup of the user’s key, safeguarding the assets even in the event of device loss or compromise.

Passkey

The Passkey is a unique feature of Para’s system, designed to bridge the gap between device security capabilities and blockchain requirements. Most modern smartphones come with hardware secure enclaves, which are dedicated areas within the device’s main processor used for storing and protecting sensitive data. However, these enclaves primarily support the secp256r1 elliptic curve, which differs from the secp256k1 curve used by most modern blockchains. To address this, Para generates a separate Passkey. This key is used to authorize access to the Cloud Share, enabling biometric authentication and signing on the secp256k1 curve. This process ensures users can leverage their device’s hardware security features while interacting seamlessly with blockchain networks.

Key Generation and Management Process

  1. Distributed Key Generation: When a user creates a wallet, Para initiates a DKG process. This generates the User Share and Cloud Share without ever assembling the full private key in one place.
  2. Passkey Creation: Simultaneously, an Passkey is generated and stored in the device’s secure enclave.
  3. Cloud Share Storage: The Cloud Share is securely stored in Para’s HSMs.
  4. User Share Protection: The User Share is protected by the user’s authentication method (e.g., passkey, biometrics) and stored securely on the device.

Security Benefits

This key management system offers several security advantages:
  • No Single Point of Failure: Since the private key is never fully assembled, there’s no single point of vulnerability.
  • Phishing Resistance: Even if a user’s email or social login is compromised, an attacker would still need physical access to the user’s device to initiate transactions.
  • Device Loss Protection: If a user loses their device, they can still recover their wallet using the Cloud Share and proper authentication.
  • Censorship Resistance: Users have the option to export their Cloud Share, ensuring they maintain control over their assets .

Flexible Backup Mechanisms

Para supports flexible backup mechanisms and a key-based permissions system, allowing for customized security setups based on specific application needs. These can be configured in the By leveraging this advanced key management system, Para provides a secure, flexible, and user-friendly solution for embedded wallets, balancing robust security with seamless user experience across various blockchain ecosystems.