Introducing Fireblocks Flow: capture stablecoin volume with your own stablecoin payment infrastructure.
Distributed by Design. Secure by Default.
Dynamic's embedded wallets are secured by TSS-MPC: a key management approach where the full private key never exists, signing happens in under a second, and users can recover accounts through multiple independent paths.
A Full Private Key That Never Exists
Cryptographic key shares are distributed across multiple parties at generation that collaborate to sign transactions. They never combine into a complete private key, at any point, in any location.
Distributed Key Generation
Shares are created collaboratively across parties from the start, so no entity ever has access to the complete key. The full private key has no birthplace, no storage location, and no reconstruction event.
Paired With TEEs
Sensitive computations happen inside Trusted Execution Environments, adding a hardware-isolated layer of protection on top of distributed trust. The result is a hybrid security model that combines tamper-resistant execution with the resilience of TSS-MPC.
Distributed Signing
Each share contributes to the signature through cryptographic collaboration, with zero-knowledge proofs ensuring no party learns anything about any other party's share. Signing happens without the key ever being assembled.
The Only Model with Real Independent Recovery Paths
When users lose a device, switch phones, or get locked out, most wallet models offer one answer: rely on the provider for recovery. Dynamic gives users multiple independent paths back to their wallet, without ever compromising self-custody.
Dynamic enables:
Cloud backup
Through Google Drive, iCloud, or OneDrive
Device recovery
Recover passkeys or secure enclave storage
Passkeys
Optional password encryption for an additional security layer
Threshold-based recovery
Configurable setups to restore account access
True independent recovery matters
Most wallet providers leave users dependent on the provider's servers and policies to access their own funds. True ownership means users can recover their assets independently, on their terms, without relying on a single vendor's uptime or permission.
Lost Device
Device loss is the leading cause of wallet abandonment, and users need a path back to their assets that doesn't depend on any one provider.
Vendor Lock-In
Provider-managed keys trap users inside one ecosystem, with no way to export or migrate without the provider's participation.
Sovereign Recovery
Independent recovery paths, like Google or iCloud backup in a 2 of 3 model, give users a real safety net and make mainstream adoption possible.
What Makes TSS-MPC Different
Discover how Dynamic’s TSS-MPC provides stronger security than Shamir Secret Sharing, legacy MPC, or other approaches that create a full private key.
TSS-MPC
TSS-MPC
Legacy
TSS-MPC
TSS-MPC
Shamir
Secret Sharing
SSS
TEE-Only
Full Private Key
TEE Only
No Single Point of Failure
No Full Key Ever Exists
Reconstructed during signing
Full key exists server side
Distributed Signing
Threshold Support (t-of-n)
More limited than MPC
Reshare Without Keys
Signing Latency
Sub-second signing
5-10 second signing
Moderate
Fast local signing
Key / Account Recovery
If above threshold
If above threshold
If above threshold
Key undecryptable if enclave lost
Regulatory Comfort / Auditability
Easier to reason about distributed trust and non custody
Easier to reason about distributed trust and non custody
Depends on the implementation
Full private key is stored server side
Use of TEEs
Built for security, engineered for speed
Security is the foundation of everything we do. From key management to infrastructure, every layer of Dynamic is designed for safety, reliability, and compliance.
Enterprise self-custody
Every wallet benefits from secure distributed signing, flexible thresholds, and built-in recovery paths.
Learn more
Fireblocks security
Dynamic inherits Fireblocks’ security expertise, practices, and operational rigor. Together, we deliver institutional-grade protection from custody to consumer wallets.
Defense in depth
Our infrastructure is regularly audited by top firms and protected by a public bug bounty program.
Sub-second signing
Transactions complete in under a second. Users get speed and enterprise-grade security in every wallet interaction.
How is TSS-MPC different from other MPC-based approaches?
TSS-MPC is a specialized form of Multi-Party Computation built specifically for key generation and signing. Regular MPC can compute any function securely, while TSS-MPC focuses on threshold signature schemes, making it the right fit for crypto wallets and transaction authorization.
Why is TSS-MPC more secure than traditional key management?
The full private key never exists in one place. Each participant holds a key share, signing happens collaboratively, and no party ever sees the complete key, even during the signing operation itself. That eliminates the single point of failure that traditional models depend on.
Is TSS-MPC compliant with regulations?
Yes. In 2019, regulators explicitly recognized MPC and TSS-MPC as a valid model for self-custody wallets. It's a strong fit for regulated entities that need robust security and compliance-friendly infrastructure.
Can users still recover access if they lose their device?
Yes. Dynamic supports multiple recovery paths including cloud backup, device-based recovery, password encryption, and threshold-based recovery in 2-of-3 setups. No seed phrases required.
Does TSS-MPC slow down transactions?
No. Dynamic's TSS-MPC implementation achieves sub-second signing. Earlier MPC protocols were slower, but modern implementations like Dynamic's are optimized for real-time consumer use cases.
Can signing thresholds be changed over time?
Yes. Thresholds can be adjusted (for example, moving from 2-of-2 to 2-of-3) and key shares can be refreshed without changing the wallet address or regenerating the full key structure.
How does Dynamic ensure no party can act alone?
Every signing operation requires the threshold number of shares to collaborate. Dynamic alone cannot sign on behalf of a user, and a user's device alone cannot sign without Dynamic's share. The cryptographic protocol enforces this at every step.
Are Dynamic wallets exportable?
Yes. Users can export their key shares at any time to migrate to another wallet provider or alternative storage location. Self-custody means the user always has the option to leave.
Recommended Resources
Why MPC Matters — Dynamic Docs
Learn why MPC is the foundation of how Dynamic secures embedded wallets, what it is, how it works, and why we chose it over simpler alternatives.
Learn more
TSS-MPC vs. Other Approaches
A direct comparison of TSS-MPC against other key management approaches, including Shamir Secret Sharing and TEE-based models, and why TSS-MPC sets the standard for secure wallet infrastructure.
Learn more
A Deep Dive into TSS-MPC
An in-depth look at how TSS-MPC works under the hood, covering distributed key generation, threshold signing, and why the Dynamic team built on this architecture from day one.
Learn more
Set up Dynamic in minutes
Free to start up to 1,000 MAUs