Security & Technology
How Vultisig security works. Threshold Signature Schemes (TSS), DKLS23 protocol, keysigning process, and cryptographic foundations explained.
Vultisig's security is built on Threshold Signature Schemes (TSS), a form of Multi-Party Computation (MPC) that eliminates single points of failure. This section explains the cryptographic foundations and technical processes that secure your assets.
Core Concepts
No Private Key Ever Exists
Unlike traditional wallets, Vultisig never constructs a complete private key. Instead, cryptographic operations are performed across distributed vault shares using zero-knowledge proofs. Even during signing, the key remains split—only the signature is assembled.
Threshold Security
Vultisig uses a t-of-n threshold model. For a 2-of-3 vault, any 2 devices can sign, but no single device can act alone. This provides both security (no single point of compromise) and redundancy (one device can be lost).
TSS Protocols
Vultisig supports two TSS protocols:
New vaults use DKLS23 by default. Existing GG20 vaults can be upgraded.
Key Operations
Security Comparisons
Understanding how Vultisig compares to alternative approaches:
Difference to Multi-Signatures — Why TSS is superior to traditional multi-sig
Difference to Passkeys — Why passkeys aren't suitable for crypto
Emergency Procedures
In the unlikely event that Vultisig software becomes unavailable, vault shares can be recombined to extract a traditional private key:
Emergency Recovery — Last-resort key extraction
Emergency recovery permanently converts a TSS vault to a single-signature wallet. Only use if Vultisig software is completely unavailable.
Technical Deep Dives
How DKLS23 WorksHow GG20 WorksTSS ActionsKeysignLast updated
Was this helpful?