Key Generation

Generate threshold MPC key shares that are distributed across MPC nodes. The raw private key is never assembled in one place.

GENERATE_KEY_SHARE

GENERATE_KEY_SHARE MPC Workflow Component

Generate a new threshold key share. Returns a keyId — the share is stored securely in the MPC node network and never leaves.

Keep your key ID safe

The keyId is the only reference to your key shares stored in the MPC node network. If you lose your key ID, your key is gone forever — we cannot recover it for you. Store it permanently in your database immediately after generation.

Config

Field	Type	Required	Description
`servers`	`Array<'OFFICIAL_1' \| 'OFFICIAL_2' \| 'OFFICIAL_3'>`	Yes	MPC servers to generate the key share across (minimum 2)

Inputs

Field	Type	Description
`curve`	`'SECP256k1' \| 'ED25519' \| 'P256' \| 'P384' \| 'P521' \| 'ED448' \| 'SECP256K1_SCHNORR'`	Elliptic curve for key generation (see table below)
`threshold`	`number`	Minimum shares required to sign (e.g. `2` for a 2-of-3 setup)

Supported curves

Value	Alias	Use case
`SECP256k1`	secp256k1	EVM (Ethereum, Polygon, etc.) and Bitcoin (ECDSA)
`ED25519`	Ed25519	Solana and other EdDSA chains
`P256`	secp256r1 / prime256v1	NIST P-256 — WebAuthn, Apple Secure Enclave, passkeys
`P384`	secp384r1	NIST P-384 — high-security government / enterprise
`P521`	secp521r1	NIST P-521 — maximum NIST security level
`ED448`	Ed448 / Goldilocks	Edwards 448-bit — higher security than Ed25519
`SECP256K1_SCHNORR`	BIP-340 Schnorr	Bitcoin Taproot (P2TR)

Outputs

Field	Type	Description
`keyId`	`string`	Unique key share identifier — store this permanently
`rootPublicKey`	`string` (hex)	Root public key derived from the combined shares

SDK example

import { WorkspaceClient, ComponentModule } from 'caller-sdk';
const workspace = new WorkspaceClient({ apiKey: process.env.WR_API_KEY! });

const key = await workspace.call(ComponentModule.GENERATE_KEY_SHARE, {
  curve: 'SECP256k1', // or 'ED25519' | 'P256' | 'P384' | 'P521' | 'ED448' | 'SECP256K1_SCHNORR'
  threshold: 2,
}).promise();

// ⚠️ Store key.keyId in your database immediately
console.log(key.keyId);         // UUID
console.log(key.rootPublicKey); // hex-encoded root public key

In a workflow

[Trigger: curve, threshold]
        │
        ▼
GENERATE_KEY_SHARE ← servers config (OFFICIAL_1, OFFICIAL_2, OFFICIAL_3)
        │ keyId
        ▼
[Store keyId in database — required for all future operations]
        │
        ▼
GET_*_DERIVATION_PATH
        │ derivationPath
        ▼
COMPUTE_PUBLIC_KEY
        │ publicKey
        ▼
COMPUTE_*_ADDRESS
        │ address
        ▼
    [Output]

GENERATE_KEY_SHARE​

Config​

Inputs​

Supported curves​

Outputs​

SDK example​

In a workflow​