Security & Technology

Vultisig's security is built on Threshold Signature Schemes (TSS), a form of Multi-Party Computation (MPC) that eliminates single points of failure. This section explains the cryptographic foundations and technical processes that secure your assets.

Core Concepts

No Private Key Ever Exists

Unlike traditional wallets, Vultisig never constructs a complete private key. Instead, cryptographic operations are performed across distributed vault shares using zero-knowledge proofs. Even during signing, the key remains split—only the signature is assembled.

Threshold Security

Vultisig uses a t-of-n threshold model. For a 2-of-3 vault, any 2 devices can sign, but no single device can act alone. This provides both security (no single point of compromise) and redundancy (one device can be lost).

TSS Protocols

Vultisig supports two TSS protocols:

New vaults use DKLS23 by default. Existing GG20 vaults can be upgraded.

Key Operations

Security Comparisons

Understanding how Vultisig compares to alternative approaches:

• Difference to Multi-Signatures — Why TSS is superior to traditional multi-sig

• Difference to Passkeys — Why passkeys aren't suitable for crypto

Emergency Procedures

In the unlikely event that Vultisig software becomes unavailable, vault shares can be recombined to extract a traditional private key:

• Emergency Recovery — Last-resort key extraction

Technical Deep Dives