Signing

Derive public keys from stored MPC key shares and sign message hashes — without the private key ever leaving the MPC nodes.

COMPUTE_PUBLIC_KEY

COMPUTE_PUBLIC_KEY MPC Workflow Component

Derive the public key from a stored key share at a specific BIP-44 derivation path. Use the appropriate GET_*_DERIVATION_PATH component to generate the path.

Config

Field	Type	Default	Description
`server`	`'OFFICIAL_1' \| 'OFFICIAL_2' \| 'OFFICIAL_3'`	—	MPC server to query (any server holding a share works)
`compressed`	`boolean`	`true`	Return compressed public key (33 bytes). Set `false` for uncompressed (65 bytes)

Inputs

Field	Type	Description
`keyId`	`string`	Key share ID from `GENERATE_KEY_SHARE`
`derivationPath`	`number[]`	BIP-44 path (from `GET_EVM_DERIVATION_PATH`, `GET_SOLANA_DERIVATION_PATH`, etc.)

Outputs

Field	Type	Description
`publicKey`	`string`	Compressed public key (hex, 33 bytes for secp256k1; 32 bytes for Ed25519)

SDK example

import { WorkspaceClient, ComponentModule } from 'caller-sdk';
const workspace = new WorkspaceClient({ apiKey: process.env.WR_API_KEY! });

const { publicKey } = await workspace.call(ComponentModule.COMPUTE_PUBLIC_KEY, {
  keyId: 'your-key-id',
  derivationPath: [2147483692, 2147483648, 2147483648, 0, 0], // m/44'/60'/0'/0/0
}).promise();

console.log(publicKey); // 33-byte hex compressed public key

SIGN_WITH_KEY_SHARE

SIGN_WITH_KEY_SHARE MPC Workflow Component

Sign a message hash using a stored key share. The private key never leaves the MPC nodes — only the signature is returned.

Config

Field	Type	Required	Description
`servers`	`Array<'OFFICIAL_1' \| 'OFFICIAL_2' \| 'OFFICIAL_3'>`	Yes	MPC servers participating in the signing ceremony (must meet or exceed the threshold)

Inputs

Field	Type	Description
`keyId`	`string`	Key share ID
`derivationPath`	`number[]`	BIP-44 derivation path
`messageHash`	`string`	32-byte hash to sign (hex, with or without `0x`) — use `serializedHash` from `BUILD_EVM_TRANSACTION`, `BUILD_BITCOIN_TRANSACTION`, or `BUILD_SOLANA_TRANSACTION`

Outputs

Field	Type	Description
`signature`	`string` (hex)	Finalized signature
`curve`	`'SECP256k1' \| 'ED25519' \| 'P256' \| 'P384' \| 'P521' \| 'ED448' \| 'SECP256K1_SCHNORR'`	Curve used for signing (reflects the key's curve)
`recoveryId`	`number \| null`	ECDSA recovery ID — present for `SECP256k1`/`P*` curves, `null` for EdDSA curves

SDK example

import { WorkspaceClient, ComponentModule } from 'caller-sdk';
const workspace = new WorkspaceClient({ apiKey: process.env.WR_API_KEY! });

const { signature } = await workspace.call(ComponentModule.SIGN_WITH_KEY_SHARE, {
  keyId: 'your-key-id',
  derivationPath: [2147483692, 2147483648, 2147483648, 0, 0],
  messageHash: '0xabc123...', // 32-byte hash from BUILD_EVM_TRANSACTION
}).promise();

console.log(signature); // hex-encoded signature

Signing workflow

[keyId + derivationPath]
        │
        ├──────────────────────┐
        ▼                      ▼
COMPUTE_PUBLIC_KEY      BUILD_*_TRANSACTION
        │ publicKey            │ serializedHash    │ unsignedTransaction
        ▼                      ▼                   │
COMPUTE_*_ADDRESS    SIGN_WITH_KEY_SHARE            │
                            │ signature            │
                            ▼                      │
                    SIGN_*_TRANSACTION ─────────────┘
                            │ signedTransaction
                            ▼
                    BROADCAST_*_TRANSACTION

COMPUTE_PUBLIC_KEY​

Config​

Inputs​

Outputs​

SDK example​

SIGN_WITH_KEY_SHARE​

Config​

Inputs​

Outputs​

SDK example​

Signing workflow​

COMPUTE_PUBLIC_KEY

Config

Inputs

Outputs

SDK example

SIGN_WITH_KEY_SHARE

Config

Inputs

Outputs

SDK example

Signing workflow