Why use MPC-BAM?
As part of the Fast MPC product family, MPC-BAM delivers signing speeds up to 10 times faster than MPC-CMP while maintaining Fireblocks' security guarantees, enabling you to execute latency-sensitive operations without compromise. This includes, but is not limited to, the following use cases:
- High-frequency trading: Execute trades faster with sub-second signing times
- Automated market making: Respond to market conditions with minimal latency
- Payment processing: Process high volumes of transactions quickly
- Programmatic vault operations: Execute automated workflows with reduced delays
- DeFi protocol interactions: Interact with smart contracts more efficiently
How MPC-BAM works
MPC-BAM is a novel 2/2 ECDSA protocol that achieves two rounds (a single back-and-forth communication). This reduction in cryptographic rounds enables sub-second signing times for ECDSA SECP256K1 transactions.
Built on proven research
Fireblocks built MPC-BAM based on peer-reviewed academic research published by Fireblocks researchers and academic partners (Two-Round 2PC ECDSA at the Cost of 1 OLE, by Michael Adjedj, Constantin Blokh, Geoffroy Couteau, Arik Galansky, Antoine Joux, and Nikolaos Makriyannis (2024)). Trail of Bits independently audited the protocol for security assurance.
Enable MPC-BAM for an API user
MPC-BAM operates alongside your existing MPC-CMP setup as an opt-in feature for each API user. When you enable MPC-BAM for a specific API user paired with a Co-signer:
- The Co-signer generates new 2/2 keys in the background. Once provisioning completes, the API user signs all transactions with MPC-BAM.
- If any issues occur with MPC-BAM, the Co-signer automatically uses your existing MPC-CMP keys for signing.
- If you disable MPC-BAM, the API user reverts to MPC-CMP signing. Your MPC-BAM keys remain but are not used.
You can enable MPC-BAM for high-throughput API users while keeping others on MPC-CMP, allowing you to test and adopt gradually.
FAQ
What happens to my existing MPC-CMP keys if I enable MPC-BAM?
Your existing MPC-CMP keys remain active and continue to function as an automatic fallback. If any issues occur with MPC-BAM, the system automatically uses your MPC-CMP keys for signing. You can disable MPC-BAM at any time for any API user—when disabled, the API user reverts to MPC-CMP for all signing operations.
What happens if MPC-BAM has issues?
The system includes automatic failover to MPC-CMP. If MPC-BAM encounters any problems (eg key provisioning fails, service unavailable), your API user automatically falls back to MPC-CMP signing with no manual intervention required.
Does MPC-BAM work with mobile Co-signers?
No. MPC-BAM supports only API Co-signers (SGX, AWS Nitro, GCP). Mobile Co-signers continue to use MPC-CMP for all signing operations.
What algorithms does MPC-BAM support?
MPC-BAM supports only ECDSA SECP256K1, which Bitcoin, Ethereum, and most EVM-compatible chains use. EdDSA algorithms (used by Solana, Cardano, and other chains) are not supported by MPC-BAM and continue to use MPC-CMP.
How long does key provisioning take?
MPC-BAM key provisioning happens automatically in the background when you enable the feature for an API user. Provisioning typically completes within a few minutes, but the exact time may vary. You can monitor the provisioning status in the Console or via API.
Will MPC-BAM affect my transaction fees or costs?
No. MPC-BAM does not change transaction fees or blockchain costs. The performance improvement is in the signing process itself, not in on-chain transaction execution.
Can I enable MPC-BAM for some API users and not others?
Yes. MPC-BAM is configured per API user. You can enable it for high-throughput API users while keeping others on MPC-CMP, allowing you to test and adopt gradually.
Does background key generation require the Owner?
No. Your Co-signer and the cloud Co-signer re-shuffle the MPC-CMP key shares, similar to how a new signer joining a workspace gets keys from the Owner. However, since MPC-BAM keys are provisioned from the Co-signer to itself, this happens securely in the background without human involvement.
How do new Co-signers get MPC-BAM keys?
The initial setup process begins with the generation of MPC-CMP key shares as usual. After that is complete, you enable MPC-BAM for the Co-signer.
What about backups?
MPC-BAM doesn't change your underlying private keys, only the signing protocol. Your existing DRS backup packages remain valid because MPC-BAM keys reconstruct to the same private key and public key as your MPC-CMP keys. However, back up your Co-signer's database to simplify recovery.
Do I need my passphrase to enable MPC-BAM?
No. Since mobile Co-signers do not currently support MPC-BAM, your passphrase is not required to enable it.