MPCKitMPCKit

Onboarding

api.onboard runs DKG end-to-end and returns the user share you must persist.

onboard runs distributed key generation end-to-end. It registers the encryption key, submits the on-chain DKG transaction, polls for awaiting_user_share, and finalizes by accepting the encrypted user share.

import { Curve } from "@mpckit/sdk";
import { randomBytes } from "node:crypto";

const seed = randomBytes(32);

const result = await api.onboard({
  seed,
  curve: Curve.SECP256K1,
  // optional
  timeoutMs: 600_000, // 10 min default
});

OnboardArgs

Prop

Type

OnboardResult

Prop

Type

Keep the seed. Persist the share for the warm path.

The seed is the only secret you must protect. Lose it and the dWallet is unrecoverable. The plaintext share is the warm-path input to sign, but it isn't a single point of failure: the encrypted share lives on chain, and the seed alone derives the class-groups decryption key needed to recover it.

// store alongside the dwallet for the warm sign path:
await db.dwallets.insert({
  id: result.dwallet.id,
  curve: result.dwallet.curve,
  userSecretKeyShareHex: result.userSecretKeyShareHex,
  userPublicOutputHex: result.userPublicOutputHex,
});

The seed is the only critical secret

sign expects userSecretKeyShareHex as input, so persist it for the warm path. If you ever lose it, recover the plaintext from the on-chain EncryptedUserSecretKeyShare plus the seed using UserShareEncryptionKeys.decryptUserShare (upstream @ika.xyz/sdk). If you drop the seed, the dWallet cannot be signed by anyone again.

Stages

Encryption-key registration

The SDK derives a class-groups encryption key from the seed and registers its public component via POST /v1/encryption-keys. This call is server-side idempotent on (user, curve), so retries are free.

DKG submission

The SDK runs the local DKG prep (using protocol public parameters fetched from the backend's cached endpoint) and posts the result to POST /v1/dwallets. The backend submits the on-chain DKG transaction.

Polling

The SDK reads on-chain state directly via the Sui fullnode (through IkaClient.getDWalletInParticularState) until the dWallet reaches the AwaitingKeyHolderSignature state. The on-chain object is the source of truth.

Accept

The SDK signs the user public output and submits the accept call to POST /v1/dwallets/:id/accept. The dWallet transitions to Active.

On this page