Skip to main content

How does it work?

In order to be able to recover the private key using your MPC shares, they simply have to be “added” up. Now thats a simplification of the underlying cryptographic operation, but the takeaway here is that you can take two corresponding shares, combine them, and get the private key which is can be imported into any self-custodial wallet like Metamask. The resulting key material is an object with two private keys: a private key for SECP256K1 - the curve used by Ethereum, Bitcoin, and most other chains - and ED25519 - the curve used by Solana, Stellar, and a few others.
{
  "SECP256K1": "ebb895a7aba4dc1f9ae8b2ecd6989edc4379dc2bbf7bbf67ba073279bc54b30c", // hex encoded
  "ED25519": "7QoeLVEmauRJgEhLXEar3Et8VZVfuYEHYLw35FDZiFau" // base58 encoded
}
The private key calculation operation happens on client side, and does not involve Portal’s servers.
After ejecting a user private key from their key shares, Portal is no longer responsible for the security of the funds in that wallet as we can no longer guarantee split custody. Reach out to us if you have any questions.

When would I want to use Eject?

Eject allows you to provide the option for your users to switch from a two share MPC architecture to a single private key while maintaining their assets. Put another way, it allows users to “export” their MPC wallet into a wallet provider like Metamask.
This is a sensitive operation. We strongly recommend to guard this operation by multiple factors of authentication as it removes the security benefits of split custody and can leave a user more susceptible to phishing attacks.

What happens to the shares stored on Portal after the user runs Eject? Can the user still use Portal after running Eject?

After a user ejects their wallet Portal still supports all MPC operations. We update our database to record that the wallet has been ejected, but we do not suspend operation of the existing MPC shares or backups. While this is the default functionality, let us know if you have a use case with different requirements.

What do I do with the ejected private keys?

The SECP256K1 private key can be imported into most third-party wallet providers via an “Import” function. Metamask, for example allows you to import a private key and manage all of your assets for the wallet. The ED25519 private key is not currently directly compatible with third-party wallet providers. The exported private key is valid and can be used to generate signatures. However, a nuance with any distributed key generation (MPC) for ED25519 prevents direct compatibility with third-party wallet providers. While we work with global standards groups to improve support for ED25519 we have built an entirely client-side, open-source tool that you can fork and modify or simply point to our hosted version at scalarwallet.org.
I