> ## Documentation Index
> Fetch the complete documentation index at: https://docs.portalhq.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Portal's MPC architecture

> This guide will go over the basics of Portal's MPC architecture for generating, backing up, and recovering a user's wallet.

### Overview

Portal leverages Multi-Party Computation (MPC) and specifically Threshold Signature Schemes (TSS) to allow multiple parties to sign transactions across key shares instead of a single private key to manage access to a crypto wallet that is traditionally used for crypto wallets.

Portal's implementation of MPC uses two sets of key share pairs (parallel 2 of 2 threshold - four shares total). Key shares are never reconstructed for signatures and generated and conducts signatures independently across each party involved.

Portal leverages an open-source and audited MPC protocol called CGGMP. Please reach out to learn more about our implementation and audits.

### Step 1: Generating a wallet

The **signing key shares** are used for signing transactions and the **backup key shares** are used for recovery if the device storing a signing key shares is lost.

<img src="https://mintcdn.com/portal-003221ec/8nhTiKJyGlrD5CbB/images/gitbook/1.%20MPC%20Wallet%20Generation%20-%20dark.png?fit=max&auto=format&n=8nhTiKJyGlrD5CbB&q=85&s=f1e1e18de3887b4cb1e3bbe288a8c1c2" alt="MPC Wallet Generation diagram" width="1573" height="1166" data-path="images/gitbook/1. MPC Wallet Generation - dark.png" />

The user's **signing key share** is stored in their **mobile device's keychain**. The Portal signing key share is stored encrypted-at-rest. Learn more about Portal's security practices [here](https://www.portalhq.io/post/portal-security-principles-and-practices).

### Step 2: Backing up a wallet

The user's **backup share** is encrypted and sent to the **organization** where it is stored encrypted-at-rest by backup method. The decryption key for the user's backup share is sent to **Google Drive or iCloud.** The **custodian backup share** is also sent to the **organization** to store encrypted-at rest by backup method.

Portal only stores the **signing key share**, and so can only sign messages with the key share stored in the device's keychain. Likewise, to perform a recovery using the user's **backup share** only the **backup share** stored by the **organization** will work.

Only the **user signing share** can initiate transactions as all signatures may only originate from the user client.

This separation of concerns provides additional security constraints to ensure that a compromise of any one key share has additional authentication methods to sign an MPC transaction.

<img src="https://mintcdn.com/portal-003221ec/8nhTiKJyGlrD5CbB/images/gitbook/2.%20MPC%20Backup%20Mechanism%20Setup%20-%20dark.png?fit=max&auto=format&n=8nhTiKJyGlrD5CbB&q=85&s=95f588b3e93c6608659b048a7a9e240b" alt="MPC Backup Mechanism Setup diagram" width="1573" height="1166" data-path="images/gitbook/2. MPC Backup Mechanism Setup - dark.png" />

MPC backups allow your users to recover their MPC wallets in the event that their device is lost, stolen, or broken.

Backups are handled in two pieces: **user backup shares** and **custodian backup shares (organization backup shares)**.

At the time of recovery, these two backups are **used together** to generate new shares to be stored on-device, allowing the user to migrate their wallet with a new device.

Note: Portal shares (blue) and custodian shares (purple) are intentionally mismatched and parts of different signing thresholds and therefore cannot collude and sign transactions on behalf of users.

### Step 3: Recovering a wallet

MPC recovery allows your users to recover their MPC wallets in the event that their device is lost, stolen, or broken.

MPC recovery uses the MPC backups that a user has already ran to create a new set of signing shares.

Recovery is handled in two pieces: **user backup share recovery** and **custodian backup share recovery**.

<img src="https://mintcdn.com/portal-003221ec/8nhTiKJyGlrD5CbB/images/gitbook/MPC%20Recovery%20-%20dark.png?fit=max&auto=format&n=8nhTiKJyGlrD5CbB&q=85&s=cb6e0619b3a0f588bee9686b53365b5b" alt="MPC Recovery diagram" width="1573" height="1166" data-path="images/gitbook/MPC Recovery - dark.png" />

Recovery replaces a user's old signing shares on the device (if there were any) with a new pair of **signing shares**.
