The Hosted MPC feature allows you to completely control the MPC key shares by hosting all three Co-Signers in your own environment, either in the cloud or on-premises. This approach ensures compliance with specific business or regulatory requirements set by regional regulators, internal policies, or end-users.

Glossary

• Primary Co-Signer: A Mobile Device with the Fireblocks mobile app installed on it, or an API Co-Signer running on an SGX machine that holds one of the three MPC key shares.
• Guard Co-Signer: An SGX machine that holds another third of the MPC key shares.

Fireblocks utilizes MPC-CMP signing via three Co-Signers, each holding a third of the key shares. In the default SaaS MPC model, you hold one third of the key shares and Fireblocks holds the other two thirds. The Fireblocks mobile app or the API Co-Signer, which is deployed in your environment, performs the signing.

In the Hosted MPC model, you own, host, and deploy all three key shares via three Co-Signers. These three Co-Signers are the API Co-Signer, called a Primary Co-Signer here, and two Guard Co-Signers. They are all necessary to complete the MPC signing process.