MPCKitMPCKit

Signing

api.sign drives the two-party MPC ceremony and returns raw signature bytes.

sign runs the centralized signature math locally, posts the user-side message, polls until the on-chain sign session completes, and returns the raw signature bytes.

import { Curve, Hash, SignatureAlgorithm } from "@mpckit/sdk";

const sig = await api.sign({
  seed,
  dwalletId,
  curve: Curve.SECP256K1,
  signatureAlgorithm: SignatureAlgorithm.ECDSASecp256k1,
  hashScheme: Hash.SHA256,
  message: new TextEncoder().encode("hello"),
  userSecretKeyShareHex,
  // optional
  idempotencyKey: "ord_12345",
  timeoutMs: 180_000,
});

console.log(sig.signature);     // Uint8Array
console.log(sig.signRequestId); // backend record id
console.log(sig.signSessionId); // ika protocol session id
console.log(sig.txDigest);      // sui tx digest, or null if not finalized yet

SignArgs

Prop

Type

SignResult

Prop

Type

What the bytes look like

sig.signature is a raw Uint8Array in the standard encoding for the algorithm you chose: ECDSA returns r ‖ s (with a recovery byte for secp256k1), BIP-340 Taproot returns 64 bytes, Ed25519 EdDSA returns 64 bytes, Schnorrkel returns 64 bytes. Encoding to a chain-native format (RLP for EVM, base58 for Solana, Taproot witness for Bitcoin) is your responsibility.

Idempotency

Pass an idempotencyKey to make retries safe. The backend de-duplicates sign calls keyed on it, so a retried call returns the original signature instead of triggering a second sign session. The SDK auto-generates one if you don't pass it.

import { newIdempotencyKey } from "@mpckit/sdk";

const key = newIdempotencyKey(); // UUID-v7

await api.sign({ /* ... */, idempotencyKey: key });
// safe to retry on network failure with the same key

On this page