All Blogs
"Key Import" - A Feature with a Dilemma
Industry Insight
July 24, 2024

"Key Import" - A Feature with a Dilemma

This blog discusses what is "Key import", the tradeoffs of using it with MPC-based wallets, as well as key points to consider before using it.
Table of contents
This is also a heading
This is also a heading
This is a heading
This is a heading
Book a Demo
Book a Demo
Share
Note: This blog is not a recommendation or advice. Any feature should be used after careful consideration and at your own discretion.

What Is Key Import?

"Key import" allows providers to migrate existing wallets from another solution to theirs, replacing the pain of transferring funds to a new wallet (with a new wallet address).

However, when importing a full private key (e.g., from Metamask) into an MPC-based wallet, several things need to be considered, as discussed below.

The Problem

The main promise of MPC is that a key is generated in a “distributed” manner, meaning the private key never exists as a whole. Instead, several key shares are created, and they communicate with each other from their secured storage to sign a transaction, without reconstructing them to a full key (as done with Shamir Secret Sharing).

Importing a full private key breaks the "no single point of failure" promise of MPC. If the private key existed as a whole at any given point in time, “splitting” it into several key shares within the MPC wallet does not provide the same security guarantee. If the private key was leaked or stored somewhere and later on discovered, before splitting into shares, then even years later, the funds can still be stolen.

The UX vs. Security Dilemma

The decision to use "Key Import" presents a significant trade-off between user experience and security:

  • User Experience First - For B2C wallets with low amount of funds per user, prioritizing UX by using the "Key Import" feature can be beneficial, particularly when migrating a large number of users. If applied, it is recommended that at a later stage, specific users will be encouraged to transfer funds to a new MPC-based wallet once a certain threshold is reached.
  • Security First - In Sodot’s view, it is advised not to use this feature for self-custodial B2B wallets or custody solutions holding significant funds. Although more painful, it is recommended to onboard customers to new MPC wallets solely. Also worth mentioning is that Insurers often refuse to cover wallets with imported keys.

Conclusion

Importing private keys into MPC wallets can enhance user experience, but it must be approached with caution, informing the end-users of the risk and a plan to mitigate them.

For additional information, feel free to reach out.

About Sodot

Sodot provides a self-hosted and highly performant MPC infrastructure for leading crypto custodians and wallets. We enable companies to seamlessly build great Web3 products with enterprise-grade security and delightful UX, the way they intend to, without limitations or dependencies.

Book a Demo
Book a Demo
Share

Related posts

Blog Image
Partnerships
May 7, 2024

Tholos Wallet Gets to Market 18 Months
Faster with Sodot MPC Infrastructure

Self-custodial institutional wallet solution, Tholos, launches faster, with market-leading MPC technology, and key certifications in hand.
Blog Image
Feature Spotlight
June 18, 2024

What Is Dynamic MPC?

This blog discussed what is dynamic MPC, and the main use cases for this advanced feature.
Blog Image
Feature Spotlight
September 30, 2024

Disaster Recovery: Online and Offline Key Export

This blog discussed Key Export, the difference between online and offline Key Export, and how the different models affect the ability to access funds in disaster scenarios.