Liquidity Docs

Liquid MPC — Custody

Threshold signing custody — CGGMP21 ECDSA + FROST EdDSA, 3-of-5 Byzantine-resilient, 20+ chains

Liquid MPC is the custody layer for the Liquidity.io exchange. All user assets are held in threshold-signature wallets — the full private key never exists on any single machine.

How It Works

Every user account gets a set of threshold key shares distributed across a Byzantine-resilient MPC cluster. To sign a transaction (deposit, withdrawal, settlement), a quorum of nodes must cooperate — no single node can sign alone.

User places trade → ATS matches order → Settlement intent created

                                    Liquid MPC (3-of-5 cluster)
                                    ├─ Node 1: partial signature ✓
                                    ├─ Node 2: partial signature ✓
                                    ├─ Node 3: partial signature ✓
                                    ├─ Node 4: (not needed)
                                    └─ Node 5: (not needed)

                                    Combined threshold signature

                                    On-chain settlement (atomic)

Signing Protocols

ProtocolAlgorithmChainsUse Case
CGGMP21Threshold ECDSA (secp256k1)Bitcoin, Ethereum, EVM chains, XRPLMost chains
FROSTThreshold EdDSA (Ed25519)Solana, TON, Polkadot, CardanoEd25519 chains
LSSDynamic resharingAllKey rotation without downtime
Doerner2-of-2 ECDSAAll ECDSAOptimized two-party
RingtailLattice thresholdLQDTYPost-quantum consensus

Performance

Operation3-of-55-of-910-of-15
Key Generation12ms28ms82ms
Signing8ms15ms40ms
Resharing20ms35ms75ms
Verification2ms2ms2ms

Supported Chains (20+)

ChainProtocolAddress Type
BitcoinECDSA (CGGMP21)Legacy, SegWit, Taproot
Ethereum + EVMECDSA (CGGMP21)EOA
SolanaEdDSA (FROST)Ed25519
PolkadotSR25519Ristretto255
CosmosECDSA (CGGMP21)secp256k1
TONEdDSA (FROST)Ed25519
CardanoEdDSA/ECDSAMulti-era
XRPLECDSA (CGGMP21)Classic/X-address
BSC, Arbitrum, Optimism, Base, PolygonECDSAEVM
NEAR, Aptos, Sui, Tezos, Algorand, Stellar, Hedera, Flow, Kadena, MinaMixedChain-native

External Custody Providers

Liquid MPC supports pluggable custody backends for institutions that require third-party custody:

ProviderStatusIntegration
Native MPCProductionDefault — 3-of-5 threshold cluster
FireblocksSupportedAPI key + service account auth
UtilaSupportedgRPC client with lazy-loaded connection
CustomSupportedAny endpoint implementing the signing API

Configure per-tenant via the mpcMode field:

// Native MPC (default)
{ mpcMode: 'liquid-mpc' }

// Fireblocks
{ mpcMode: 'custom', mpcEndpoint: 'https://api.fireblocks.io/v1' }

// Utila
{ mpcMode: 'custom', mpcEndpoint: 'https://api.utila.io/v1' }

Security Model

No Single Point of Compromise

  • Key shares are generated via distributed key generation (DKG) — no dealer
  • Signing requires t of n nodes to cooperate (default: 3-of-5)
  • Storage: ZapDB with ChaCha20-Poly1305 encryption per node
  • Backups: S3 with pre-encrypted state (encrypted before upload)
  • Inter-node auth: Ed25519 message signatures
  • Transport: Consensus-embedded via ZAP wire protocol (no external NATS dependency)

HSM Integration

Hardware Security Module co-signing for institutional-grade security:

HSMSupport
AWS CloudHSMSupported
GCP Cloud HSMSupported
Zymbit HSMSupported (edge deployments)

HSM co-signs settlement intents as an additional approval layer — the MPC signature alone is not sufficient for large withdrawals.

Per-Org Isolation

  • Each organization gets isolated key shares
  • Root encryption keys are per-org (managed by Liquid KMS)
  • Key rotation via LSS protocol (no downtime, no key reconstruction)

Settlement Lifecycle

1. INTENT    — ATS creates settlement intent (order matched)
2. APPROVE   — Risk engine validates (position limits, AML checks)
3. SIGN      — MPC cluster produces threshold signature (3-of-5)
4. CO-SIGN   — HSM co-signs (for withdrawals above threshold)
5. BROADCAST — Signed transaction submitted to chain
6. CONFIRM   — On-chain confirmation recorded
7. FINALIZE  — Settlement marked complete in ATS

API

POST /api/v1/generate_mpc_sig    — Request threshold signature
POST /api/v1/complete             — Mark signing complete
GET  /api/v1/status/:txId         — Check signing status
GET  /api/v1/health               — Cluster health

Infrastructure

ParameterValue
Cluster3-of-5 Byzantine-resilient nodes
StorageEncrypted at rest (ChaCha20-Poly1305)
BackupsEncrypted before upload, geo-distributed
Uptime SLA99.99%
Endpointhttps://mpc.liquidity.io

Performance Benchmarks

Verified benchmark results — 434M orders/sec, 1ms settlement, sub-nanosecond matching

Liquid KMS — Key Management

Secrets management, encryption keys, HSM integration, per-org isolation, audit trails

On this page

How It WorksSigning ProtocolsPerformanceSupported Chains (20+)External Custody ProvidersSecurity ModelNo Single Point of CompromiseHSM IntegrationPer-Org IsolationSettlement LifecycleAPIInfrastructure