> ## Documentation Index
> Fetch the complete documentation index at: https://developers.particle.network/llms.txt
> Use this file to discover all available pages before exploring further.

# Security (MPC-TSS)

> Particle's Modular Smart WaaS uses MPC-TSS to secure private keys while enabling non-custodial social logins.

***

<Frame caption="Particle Auth TSS - 2 key shares model">
  <img className="block dark:hidden" src="https://mintcdn.com/particlenetwork-fccf74d2/L2J4NS6RUDFbIJHM/social-logins/images/mpc-tss.png?fit=max&auto=format&n=L2J4NS6RUDFbIJHM&q=85&s=79af385004f14c76597f96bd8d729373" width="1000" height="563" data-path="social-logins/images/mpc-tss.png" />

  <img className="hidden dark:block" src="https://mintcdn.com/particlenetwork-fccf74d2/L2J4NS6RUDFbIJHM/social-logins/images/mpc-tss.png?fit=max&auto=format&n=L2J4NS6RUDFbIJHM&q=85&s=79af385004f14c76597f96bd8d729373" width="1000" height="563" data-path="social-logins/images/mpc-tss.png" />
</Frame>

## Why Security Matters

Private keys are the foundation of blockchain ownership. Any WaaS (Wallet-as-a-Service) solution must guarantee secure key management.

Particle Network’s security model is built on four principles:

* Only the **user** controls their keys.
* Only the **user** can initiate signing.
* Accounts must be **recoverable** across devices.
* No **single point of failure** should ever exist.

To achieve this, Particle replaces the traditional single private key with a **multi-share system** using **MPC-TSS**.

***

## What is MPC-TSS?

**Threshold Signature Schemes (TSS)** split a secret (the private key) into multiple shares. The full key never exists in one place — even during generation.

* A subset of shares (e.g., 2/2 or 3/5) is enough to generate a signature.
* Keys can be refreshed periodically, improving resilience.
* MPC (Multi-Party Computation) ensures computations are done collaboratively without revealing the key.

This combination means **no entity ever has access to the full private key**.

***

## Particle’s 2/2 MPC-TSS Approach

Particle uses a **2/2 TSS model**:

* **Share 1**: stored locally on the user’s device.
* **Share 2**: stored in Particle’s **Trusted Execution Environment (TEE)**.

Key facts:

* The two shares are never combined, not even during signing.
* Each share reveals nothing about the private key on its own.
* Continuous key refresh makes compromise virtually impossible.

Users can also add a **[Master Password](/social-logins/configuration/auth/password)** to encrypt their local share, providing:

* Extra protection on top of social login.
* Secure cross-device wallet recovery.

***

## Supported Cryptographic Algorithms

Particle implements secure MPC versions of:

* **2-Party EdDSA** — Solana
* **2-Party ECDSA** — EVM chains

This makes the system **non-custodial, chain-agnostic, and highly secure**.

***

## Infrastructure Security

Beyond MPC-TSS, Particle’s infrastructure follows strict security standards:

* End-to-end TLS encryption
* Segregated public/private networks
* Intrusion detection monitoring
* Hardware Security Modules (HSMs)
* Dedicated Trustee TSS Party-2 Server

These measures ensure a secure foundation for all applications built on Particle.