ISO 27001 Certified

Enterprise Wallet Technology

Four security models, four blockchains, one unified platform. Choose the right balance of security and usability for your organization with 100% non-custodial architecture.

Get Started View Solutions

Wallet Security Models

Four non-custodial wallet security models to match organizational needs, from simple key management to advanced threshold cryptography.

HD Wallet

BIP-32/BIP-44 Standard

Master seed generates unlimited sub-addresses with dual-layer encryption. HD wallets offer the simplest deployment path with fast transaction signing, making them ideal for organizations prioritizing ease of use while maintaining security through encrypted storage and standard recovery mechanisms.

Key Features

Unlimited sub-address generation from master seed
BIP-39 mnemonic phrase recovery
Instant transaction signing
Simple onboarding process

Technical Details

•BIP-32/BIP-44 derivation paths
•AES-256-GCM encrypted storage
•Argon2id password hashing
•PBKDF2 key stretching

Security Profile

Security

5/10

Usability

9/10

Best For

Simple deployments, fast transactions, small treasuries

Supported Blockchains

BitcoinCardanoMidnightPolygon

100% Non-Custodial

MPC-Shamir

Shamir's Secret Sharing

Keys are split into multiple shares using Shamir's Secret Sharing algorithm. A configurable threshold (k-of-n) of guardians must participate to reconstruct the key for signing. The key is temporarily assembled in-memory, used for signing, then immediately discarded.

Key Features

K-of-N threshold configuration
AES-256-GCM encrypted shares
Guardian-based key management
Distributed signing ceremonies

Technical Details

•Shamir polynomial interpolation
•Threshold signature aggregation
•In-memory key reconstruction
•Encrypted share distribution

*Subject to BaFin regulatory interpretation. Audit pending.

Security Profile

Security

7/10

Usability

7/10

Best For

Medium security, existing guardian infrastructure

Supported Blockchains

BitcoinCardano

100% Non-Custodial

MPC-FROST

Threshold Signatures

FROST (Flexible Round-Optimized Schnorr Threshold Signatures) represents the highest security level. The private key is NEVER reconstructed - not even temporarily. Guardians generate partial signatures that are cryptographically aggregated without exposing the complete key.

Key Features

Private key NEVER reconstructed
Multi-round DKG ceremony
Guardian resharing without key exposure
Threshold adjustment capability

Technical Details

•Schnorr threshold signatures
•3-round Distributed Key Generation
•2-round signing protocol
•Cryptographic resharing

*Subject to BaFin regulatory interpretation. Audit pending.

Security Profile

Security

10/10

Usability

5/10

Best For

Maximum security, institutional custody

Supported Blockchains

Bitcoin (Taproot)Cardano

100% Non-Custodial

Hardware Wallet

Keystone Air-Gapped

Full integration with Keystone hardware wallets using animated QR codes for large payload support. Transactions are signed on the air-gapped device and transmitted back via camera scan. Private keys never leave the secure element of the device.

Key Features

Air-gapped security (no USB/Bluetooth)
Animated QR code communication
Multi-account HD derivation
Tamper-evident enclosure

Technical Details

•BC-UR protocol for QR encoding
•PSBT signing for Bitcoin
•Native signing for Cardano
•Secure element key storage

Security Profile

Security

9/10

Usability

7/10

Best For

Cold storage, high-value assets

Supported Blockchains

BitcoinCardano

100% Non-Custodial

Technical Comparison Matrix

Criterion	HD Wallet	MPC-Shamir	MPC-FROST	Hardware
Key Reconstruction	On-demand	Temporary (in-memory)	NEVER	On device only
Single Point of Failure	Password compromise	Time window risk	None	Device loss
Signing Speed	Instant	Seconds (threshold)	Minutes (2 rounds)	Manual (QR scan)
Guardian Replacement	N/A	New share distribution	Resharing ceremony	N/A

Multi-Chain Architecture

Native integration for major blockchain networks enabling diversified portfolio management with real-time balance tracking and automated transaction synchronization.

Bitcoin

Production

HD WalletMPC-ShamirMPC-FROSTHardware

Complete Bitcoin integration with native UTXO management, SegWit and Taproot support, and advanced fee estimation. Supports both single-signature and multi-signature transactions with PSBT (Partially Signed Bitcoin Transactions) for hardware wallet compatibility.

Key Features

SegWit and Native SegWit addresses
Taproot (P2TR) support for FROST
PSBT for hardware signing
Advanced fee estimation

Technical Specifications

•UTXO-based transaction model
•Native RPC node integration
•Multi-signature scripting
•Replace-by-fee (RBF) support

Cardano

Production

HD WalletMPC-ShamirMPC-FROSTHardware

Comprehensive Cardano integration with native token support, staking capabilities, and CIP-30 dApp connector for DeFi interactions. Supports native script multisig for on-chain enforcement of approval requirements that cannot be bypassed by any party.

Key Features

Native token management
Staking and delegation
CIP-30 dApp connector
Native script multisig

Technical Specifications

•Blockfrost API integration
•Ed25519 signature scheme
•Extended UTXO (eUTXO) model
•Plutus smart contracts

Midnight

Beta

HD Wallet

Midnight is IOG's privacy-focused blockchain designed for confidential smart contracts. It uses zero-knowledge proofs to enable shielded transactions while maintaining regulatory compliance through selective disclosure capabilities.

Key Features

Zero-knowledge proof transactions
Shielded asset transfers
CIP-30 compatible wallet
Selective disclosure

Technical Specifications

•ZK-SNARK cryptography
•Privacy-preserving computation
•Cardano interoperability
•Regulatory compliance features

Polygon

Production

HD Wallet

Full Polygon (POL) support with EVM compatibility, enabling access to the broader Ethereum ecosystem. Low transaction costs and fast confirmations make it ideal for high-frequency treasury operations and DeFi interactions.

Key Features

EVM smart contract compatibility
ERC-20 token support
Low transaction fees
Fast block confirmation

Technical Specifications

•Ethereum JSON-RPC API
•secp256k1 signatures
•Account-based model
•Web3 integration ready

FROST Technology Deep Dive

Understanding Flexible Round-Optimized Schnorr Threshold Signatures - the most secure key management technology available.

What is FROST?

FROST (Flexible Round-Optimized Schnorr Threshold Signatures) represents the pinnacle of cryptographic key management. Unlike traditional approaches where a complete private key exists at some point, FROST ensures the full private key is NEVER reconstructed - not even momentarily in memory.

Security Guarantee

The private key is mathematically distributed such that no party - including BlockSign - can ever access or reconstruct the complete key. Even with full system access, extraction is cryptographically impossible.

Key Advantages

No single point of failure - compromise of one guardian reveals nothing
Guardian replacement without wallet migration or key exposure
Adjustable thresholds (e.g., 2-of-3 to 3-of-5) via resharing
Quantum-resistant design principles

DKG Ceremony Process

Distributed Key Generation creates a shared public key where no party holds the private key.

Round 1: Commitments

Each guardian generates a polynomial commitment and broadcasts to all participants.

Round 2: Share Exchange

Guardians exchange encrypted key shares with each other for verification.

Round 3: Verification

Public key is derived and all shares are cryptographically verified.

Complete

Wallet is ready. No party holds the full key. Signing requires threshold participation.

Wallet ready - no party holds full key

FROST vs. Shamir Comparison

MPC-Shamir

•Key is split and reconstructed for each signature
•Momentary key exposure during signing (in-memory)
•Guardian replacement requires new key distribution

MPC-FROST

Partial signatures aggregated - key never assembled
Zero key exposure at any point in the process
Cryptographic resharing preserves wallet address

Hardware Wallet Integration

Air-gapped security with Keystone devices - private keys never leave the secure element.

Keystone Integration

BlockSign provides full integration with Keystone hardware wallets using the BC-UR protocol for animated QR codes. Large transaction payloads are automatically split and transmitted via multiple QR frames, enabling air-gapped signing of complex multi-output transactions.

Air-Gapped Security (9/10)

No USB, Bluetooth, or wireless connectivity. All communication happens via QR codes scanned by the device camera. Physical isolation eliminates network-based attack vectors.

Integration Features

BC-UR protocol for large payload QR encoding
Animated QR codes for multi-kilobyte transactions
Device verification and secure pairing
Multi-account support with HD derivation

Signing Workflow

Step-by-step process for signing transactions with air-gapped hardware.

Initiate Transaction

User creates transaction in BlockSign with recipient and amount.

Display QR Code

BlockSign displays animated QR with unsigned transaction data.

Sign on Device

User scans QR with Keystone, reviews, and approves via physical button.

Broadcast

BlockSign scans signed QR from Keystone and broadcasts to network.

Private keys never leave the Keystone secure element

Supported Protocols

BC-UR Protocol

Blockchain Commons Uniform Resources for efficient QR encoding of large data.

PSBT (Bitcoin)

Partially Signed Bitcoin Transactions for multi-party signing workflows.

Native Cardano

Direct Cardano transaction signing without PSBT translation layer.