Skip to main content

Hardened Derivation

MPCVault is the only MPC provider with patented hardened hierarchical derivation. In the non-MPC world, all wallets use hardened derivation - MPCVault brings this security standard to MPC. Hardened Derivation

Why Hardened Derivation Matters

Without hardened keys: With MPCVault’s hardened derivation, each address has an isolated derived key. Compromise of one key does not affect others.

How It Works

For each new address you create:
  1. A new derived key is generated from your master key
  2. The derivation uses hardened paths that prevent key leakage
  3. Each blockchain and address is cryptographically isolated
Key Derivation Process

Granular Permissions

The hierarchical derivation tree enables precise permission control:
  • Grant access to specific vaults only
  • Limit users to certain blockchains
  • Follow the principle of least privilege
Allocate minimum necessary permissions to users for managing vaults.

Derivation Paths & Networks

MPCVault uses a structured derivation path format to generate unique keys for each vault, network, and address.

Path Format

Hardening Rules

Different networks use different hardening for the last two path positions:
Non-hardened derivation (marked with N) allows public key derivation without the private key, which is required for Bitcoin’s address discovery mechanism.

Supported Networks

Coin types follow the SLIP-0044 standard with the hardened bit (0x80000000) applied.

Key Types

MPCVault supports two cryptographic signature schemes:

Address Generation

Each network derives addresses from public keys using different algorithms:

Deriving Multiple Addresses

To create multiple addresses within the same vault and network, increment the address_index:
Each address has a completely independent derived key due to hardened derivation.