Home
Learn

How It Works

Tokenomics

Roadmap

Humanitarian Impact Fund

FAQ
Products

Wallet

DEX

LaunchPad

Token Factory

Vaults
Company

About

Contact
Buy JIL
← Back to Patent Claims
Patent Claim 03 All Patents →

MPC 2-of-3 Threshold Signing

User-Controlled Primary Shard with Integrated Protection Coverage

Patent Claim JIL Sovereign February 2026 Claim 3 of 36

01Executive Summary

JIL Sovereign implements a non-custodial multi-party computation (MPC) key management system using a 2-of-3 threshold signing protocol based on GG20 (Gennaro-Goldfeder 2020). The user retains primary control through Shard A stored on their personal device, while the platform holds Shard B in a hardware security module (HSM) in a separate legal jurisdiction, and Shard C is encrypted at rest with AES-256-GCM in a third jurisdiction.

This architecture guarantees that no single party - including the platform itself - can unilaterally move user funds. The user's shard never leaves their device. Any two of three shards are sufficient to produce a valid signature, enabling recovery scenarios without compromising the non-custodial guarantee.

Core Innovation: JIL is the first platform to combine non-custodial MPC threshold signing with integrated protection coverage ($250K+ automatic coverage at 100bps/year AUM). Loss events are detected by validator attestation and payouts execute automatically without manual claims filing - a capability that no existing MPC or custody provider offers.

02Problem Statement

The crypto custody landscape presents institutions with an impossible tradeoff: centralized custodians (Fireblocks, BitGo, Coinbase Custody) provide operational convenience and insurance but require surrendering key control to a third party. Self-custody solutions eliminate counterparty risk but offer no protection against key loss, device failure, or operational errors.

2.1 The Custody Trilemma

$12B+
Lost to custodial failures (2014 - 2024)
$3.8B
FTX customer funds unrecoverable
0
MPC platforms with integrated coverage

2.2 Why Existing MPC Solutions Are Insufficient

  • Fireblocks: MPC-CMP protocol but platform retains operational control over 2 of 3 shards. User cannot independently sign. Not truly non-custodial.
  • ZenGo: 2-of-2 MPC with user device + server. No recovery shard. No integrated protection coverage. Server compromise halts all signing.
  • Coinbase Custody: Centralized HSM custody. Full custodial model. Insurance through traditional carriers with manual claims process taking weeks to months.
  • BitGo: Multi-signature (not MPC) with custody agreement. Platform can freeze assets. Insurance requires separate policy negotiation.

03Technical Architecture

3.1 Shard Distribution

ShardHolderStorage LocationEncryptionAccess Model
Shard A (User)User's personal deviceDevice secure enclave (TEE/SE)Device-level biometric lockUser-only; never transmitted
Shard B (Platform)JIL PlatformHSM in Jurisdiction 2 (e.g., Switzerland)HSM hardware boundaryPlatform operational key; requires user co-sign
Shard C (Recovery)Encrypted cold storageSecure facility in Jurisdiction 3 (e.g., Singapore)AES-256-GCM with split passphraseRecovery-only; 24h timelock + multi-sig

3.2 GG20 Signing Protocol

The GG20 protocol enables any 2-of-3 shard holders to collaboratively produce a valid ECDSA or Ed25519 signature without any party revealing their shard to the other. The protocol operates in four rounds:

  1. Round 1 - Commitment: Each party generates a random nonce share and broadcasts a commitment (hash of the nonce share).
  2. Round 2 - Decommitment: Parties reveal their nonce shares and verify against commitments. Paillier encryption protects intermediate values.
  3. Round 3 - Partial Signatures: Each party computes a partial signature using their shard and the combined nonce. Zero-knowledge proofs verify correctness.
  4. Round 4 - Aggregation: Partial signatures are combined into a single valid signature that is indistinguishable from a standard single-key signature on-chain.

3.3 Distributed Key Generation (DKG)

Initial key generation uses Feldman's Verifiable Secret Sharing (VSS) to create the three shards from a jointly generated secret. No single party ever sees the complete private key - not even during generation. The public key is derived from the combined public shares and registered on-chain as the account's signing key.

// DKG Output (per party)
{
  "shard_index": 1,          // 1=User, 2=Platform, 3=Recovery
  "shard_share": "encrypted(32 bytes)",
  "public_key": "Ed25519 public key (shared)",
  "verification_shares": [    // Feldman VSS commitments
    "g^a0", "g^a1"           // For threshold t=2
  ],
  "paillier_pk": "...",       // For GG20 signing rounds
  "jurisdiction": "CH_FINMA"  // Shard B jurisdiction
}

04Implementation

4.1 Key Generation Ceremony

  1. Initiation: User opens wallet app and triggers new account creation. Device generates entropy from secure enclave TRNG.
  2. DKG Round 1: User device, platform HSM, and recovery service each generate polynomial shares and broadcast VSS commitments over TLS 1.3 channels.
  3. DKG Round 2: Encrypted share exchanges between all three parties. Each party verifies received shares against VSS commitments.
  4. DKG Completion: Public key derived. User's Shard A stored in device secure enclave. Shard B sealed in HSM. Shard C encrypted with AES-256-GCM and transferred to cold storage.
  5. On-Chain Registration: Public key registered as account signing key on JIL L1 ledger.

4.2 Standard Signing Flow (Shards A + B)

For routine transactions, the user's device (Shard A) and the platform HSM (Shard B) collaborate via the GG20 protocol. The user initiates the transaction, their device produces a partial signature, the platform verifies the transaction against policy rules, and then contributes its partial signature. The combined result is a single valid signature submitted to the network.

4.3 Recovery Flow (Shards A + C)

If the platform becomes unavailable, the user can recover using their device shard (A) combined with the recovery shard (C). Recovery requires a 24-hour timelock, multi-factor authentication, and validator attestation confirming the recovery request legitimacy. This ensures that even platform failure does not lock user funds.

Non-Custodial Guarantee: The platform holds only Shard B. Without the user's Shard A or the recovery Shard C, the platform cannot produce a valid signature. The user can always recover their funds using Shards A + C, completely bypassing the platform. This is the fundamental difference from custodial MPC solutions where the provider controls 2 of 3 shards.

05Integration with JIL Ecosystem

5.1 Protection Coverage Module

Every MPC-protected account on JIL Sovereign includes automatic protection coverage of up to $250,000 (Premium tier). Premiums are calculated at 100 basis points per year on monthly average assets under management, collected automatically via on-chain micro-transactions.

5.2 Covered Loss Events

Loss TypeDetection MethodPayout TriggerCoverage
Key CompromiseUnauthorized signing attempt detected by policy engine14-of-20 validator attestationUp to $250K+
Bridge FailureCross-chain settlement timeout exceeds 24 hoursAutomatic proof-of-failure on-chainUp to $250K+
Custodial BreachHSM compromise or jurisdiction seizure event14-of-20 validator emergency voteUp to $250K+
Smart Contract ExploitUnexpected fund movement from verified contractProof-verifier anomaly detectionUp to $250K+

5.3 Automatic Payout Mechanism

Unlike traditional insurance that requires manual claims filing, investigation periods, and adjudication delays, JIL's protection coverage executes automatically. When a loss event is detected and attested by 14-of-20 validators, the payout is triggered on-chain without any action required from the affected user. The entire process - from detection to payout - completes within minutes, not weeks.

5.4 MPC Cosigner Service Integration

The MPC cosigner service (port 8200) manages the platform's Shard B operations. It enforces transaction policies before co-signing, including velocity limits, amount thresholds, destination whitelists, and compliance zone restrictions. The cosigner logs every signing request to an append-only audit trail verifiable by the proof-verifier service.

06Prior Art Differentiation

ProviderCustody ModelMPC ProtocolUser Controls Keys?Integrated Coverage?
FireblocksCustodial MPC (2/3 platform-controlled)MPC-CMPNo - platform holds 2 shardsNo - separate insurance broker
ZenGoSemi-custodial (2/2)Lindell17Partial - no recovery shardNo
Coinbase CustodyFull custodial HSMN/A (single key)NoSeparate policy, manual claims
BitGoCustodial multi-sigN/A (multi-sig)No - custody agreementSeparate $250M policy, manual
JIL SovereignNon-custodial MPC (user holds primary)GG20Yes - user holds Shard AYes - $250K+ automatic, on-chain
Key Differentiator: JIL Sovereign is the only platform that combines true non-custodial MPC (where the user holds the primary shard and can independently recover without platform cooperation) with automatic on-chain protection coverage that pays out via validator attestation rather than manual insurance claims.

07Implementation Roadmap

Phase 1
Months 1 - 3

Core MPC Infrastructure

GG20 protocol implementation. DKG ceremony for new accounts. Shard A storage in device secure enclaves (iOS Keychain, Android StrongBox). Platform HSM integration for Shard B. Basic signing flow for standard transactions.

Phase 2
Months 4 - 6

Recovery and Policy Engine

Recovery shard (C) cold storage infrastructure across three jurisdictions. 24-hour timelock recovery flow. Policy engine integration with MPC cosigner. Velocity limits, whitelists, and compliance zone enforcement on co-signing.

Phase 3
Months 7 - 9

Protection Coverage Integration

On-chain protection coverage registry. AUM-based premium collection (100bps/year). Validator attestation protocol for loss events. Automatic payout mechanism. Coverage limit management ($250K+ per account).

Phase 4
Months 10 - 12

PQ Migration and Audit

Post-quantum threshold signing (Dilithium-compatible GG20 extension). Cross-chain MPC signing for bridge operations. Third-party security audit of MPC implementation. Formal verification of signing protocol correctness.

08Patent Claim

Claim 3: A system for non-custodial digital asset management combining multi-party computation threshold signing with integrated protection coverage, comprising: a first key shard (Shard A) stored exclusively on the user's personal device within a hardware-backed secure enclave, wherein said shard never leaves the device; a second key shard (Shard B) held by the platform within a hardware security module located in a separate legal jurisdiction from the user; a third key shard (Shard C) encrypted at rest using AES-256-GCM and stored in a secure facility in a third legal jurisdiction; wherein any two of three shards are sufficient to produce a valid digital signature using the GG20 threshold signing protocol with distributed key generation; and an integrated protection coverage module providing automatic coverage of a predetermined amount funded by basis-point premiums on assets under management, wherein loss events are detected by validator attestation and payouts execute automatically on-chain without manual claims filing.