Vultisig
Website
  • Overview
  • Vultisig Vault User Actions
    • Creating a Vault
    • Managing your Vault
      • Vault Details
      • Vault Backups
      • Vault Rename
      • Vault Reshare
      • Vault QR
      • Vault Upgrade
    • Keysign
      • How Keysigning works
      • Signing a Transaction
  • Vultisig Infrastructure
    • Overview
    • Vultiserver
      • How does a Fast Vault work?
      • Transaction Policies
      • Why is it safe?
  • Relay Server
  • Vultisig Ecosystem
    • Vultisig Extension
      • How to use Vultisig Extension
    • Web App
  • Marketplace
  • Vultisig SDK
  • Threshold Signature Scheme
    • Threshold Signature Schemes used by Vultisig
      • How GG20 works
      • How DKLS23 works
    • TSS Actions
    • Difference to Multi-Signatures
    • Difference to Passkeys
    • Emergency Recovery
  • VULTISIG Token
    • The $VULT token
    • Launch of $VULT
    • $VULT Staking
    • Airdrop
      • Airdrop V2
  • Other
    • Vultisig Bot
    • Security
    • Frequently Asked Questions
    • Privacy
    • License
    • Terms
  • Developer Docs
    • Infrastructure Overview
    • Vultisig SDK
      • How to use it
  • Marketplace
    • Plugins
    • Ai Agents
Powered by GitBook
On this page
  • Audits
  • Kudelski Audit of mobile-tss-lib
  • $VULT Contract Audit
  • Staking Contract Audit
  • Threshold Signature Security (TSS and DKLS)
  • Research
  • DKLS Threshold Signing

Was this helpful?

Edit on GitHub
  1. Other

Security

Everything related to security what affects the Vultisig Project

PreviousVultisig BotNextFrequently Asked Questions

Last updated 22 days ago

Was this helpful?

Audits

Kudelski Audit of mobile-tss-lib

1.5 Follow-up

After the draft report (v1.0) was delivered, the client addressed all findings in the following

PRs:

• Audit 1 #17 (commit 06fc76f4d6d34f21fa5d1cafd1eb594d8ac4fdd7)

• Audit 2 #18 (commit 2577eb3b00d4d58a7318fa0ada726ba7965579ab)

$VULT Contract Audit

Staking Contract Audit


Threshold Signature Security (TSS and DKLS)

Vultisig currently supports two Threshold Signature Schemes (TSS): GG20 and DKLS. As of March 2025, DKLS is the preferred cryptographic standard for all new vaults on iOS, Android, and macOS. Windows also fully supports DKLS, including vault participation and optional initiation via an advanced toggle. Default behavior may evolve in future releases.

🔒 Both protocols eliminate the need for a seed phrase or centralized private key, offering a seedless, self-custodial experience.

In practice:

  • Your devices connect only during deliberate signing sessions.

  • Private key shares are never combined or stored.

  • An attacker would need access to all your devices simultaneously to forge a signature.

Vultisig will continue to evolve with the latest advancements in TSS protocols to provide secure, resilient self-custody for all users.

Research

The Threshold Signature Scheme is a relatively new area within the field of Multi-Party Computation. As such, advancements in security and efficiency are ongoing and continuously evolving.

Vultisig closely monitors these developments and is committed to adopting more secure and efficient versions as they become available. Additionally, we are actively researching new possibilities within this space.

DKLS Threshold Signing

This technique enhances security by eliminating single points of failure—no seed phrase or complete key is ever stored on any single device. Instead, each device holds a secure share of the key, and must participate in the signing process.

🔒 This is how Vultisig enables secure, seedless, self-custody for your crypto.

The audit was done by for the $VULT contract and can be found .

The audit was done by and can be found .

GG20 is a well-established threshold signing protocol that has been battle-tested in production through projects like , which uses it in open-source, adversarial environments. In Vultisig, GG20 remains available primarily for legacy vaults and advanced configuration cases.

DKLS (Distributed Keygen and Local Signing) is a modern threshold signature scheme developed by . It enables multiple trusted devices to sign transactions collaboratively, without ever reconstructing the full private key.

Vultisig leverages , a cryptographic scheme developed by Silence Laboratories. This protocol enables multiple trusted devices to sign a transaction together without ever reconstructing or exposing the full private key.

The DKLS protocol was audited in February 2024 by Trail of Bits. The full audit report is available .

Code4rena
here
Zenith
here
THORChain
Silence Laboratories
DKLS threshold signatures
here (PDF)
366KB
Kudelski_Security_Vultisig_Mob_CR_v1.1_Public.pdf
pdf
Audit Summery
Kudelski Findings