How Does Key Sharding Protect Your Assets?

| January 22, 2024

Share this article

Within the world of cryptocurrency and blockchain technology, security stands as a top priority. Private keys, serving as the gateway to digital assets, are widely regarded as highly sensitive information. The adoption of sharding private keys has emerged as a prevalent practice, aiming to provide security and mitigate the risks linked to a single point of failure.

Definition of Key Sharding 

Key sharding, also known as Shamir’s Secret Sharing, is a method in which a private crypto key is divided into distinct pieces or shards. Each shard alone is ineffective unless enough shards are combined to reconstruct the original key. For instance, if there are 5 shards and only 3 are required for access, the holders of those 3 shards can collaborate to gain access. This process is deeply rooted in cryptographic principles, fostering more decentralized risk in the emerging economy. Secret sharing of this kind finds application in scenarios like custody-free clearing houses or recovery mechanisms where no single entity possesses the complete key.

To gain access to the crypto assets linked to a private key share, a designated number of shares must be collectively utilizing a specified algorithm or protocol. This approach has emerged as a notable technique in the crypto custody sector, offering substantial benefits in terms of data storage, performance optimization, and security enhancement. 

The adoption of key sharding by the blockchain community was inspired by the concept of database sharding. Multi-party computation (MPC) leverages key sharding to deliver top-tier security to institutional clients, mandating the validation of a transaction for signing with M out of N (e.g., 3 out of 5 key shares). 

Importance of Asset Protection

Crypto investors holding digital assets in their crypto wallet often opt for a level of asset protection in order to mitigate third-party risk.  However, the safeguard offered by these advantages is not absolute. In cases where a cryptocurrency owner is involved in litigation or bankruptcy, a court may compel the disclosure of all assets, including any cryptocurrency holdings.

The importance of asset protection solutions remains significant in the crypto-industry. As interest in this asset class grows, individuals with substantial cryptocurrency holdings should ensure the protection of their wealth. Similar to traditional financial assets like cash, bonds, or publicly traded securities, cryptocurrencies can benefit from protection measures such as asset protection entities.

Overview of Key Sharding as a Security Measure

The sharding process involves the fragmentation of a single private key into multiple pieces, commonly known as “shards.” Individually, each shard lacks the ability to access the corresponding wallet or digital assets. However, when these shards are combined, they can reconstruct the original private key. This methodology introduces an additional layer of security by dispersing control over the private key.

A primary challenge that has surfaced in this practice is security. Despite the isolation of each shard, exclusively handling its designated data, there exists a security apprehension related to shard corruption. This involves a scenario where one shard infiltrates another, leading to potential information or data loss.

Visualizing each shard as an independent blockchain network with authenticated users and data, there is a vulnerability to hacking or cyber attacks that could compromise a shard. In such a scenario, an attacker might manipulate the shard, introducing false transactions or malicious programs.

Concept of Sharding in Key Management

When it comes to securing the private keys controlling crypto assets, wallets with key sharding capabilities provide robust protection against potential security breaches for holders.

Instead of creating a master private key and storing it on a device susceptible to compromise, wallets distribute key shards among the devices of participating parties, such as you (the client), your solicitor, and Liminal.

Utilizing another secure computation protocol called zero-knowledge proof, which verifies information between parties without disclosing the information itself, a key shard can demonstrate its authority to co-sign a transaction.

As the transaction-executing key is a collectively generated value, a complete key never exists in a singular form or resides on any single device. This effectively makes key theft attacks impossible and safeguards against internal fraud and collusion, preventing any employee or group of employees from misusing the key.

How Key Sharding Differs from Traditional Key Management 

In their quest for a solution, innovative blockchain developers draw inspiration from contemporary database solutions. The practice of sharding, commonly employed in the database storage industry, involves dividing the database’s data body into interconnected layers or shards. This process has become an industry standard. This approach enhances access speed to stored information by facilitating a more direct route for queries, as opposed to traversing the entire database bit by bit.

Applying this concept to blockchain solutions, developers partition the public ledger into shards distributed across multiple nodes in the network as well as private keys. Individuals seeking access to a specific portion of the ledger can efficiently do so by navigating a selected path of nodes to locate the correct node with the relevant information.

For instance: In sharded blockchains, assembling and examining the entire ledger is made possible through key sharding or Shamir’s Secret Sharing. Key sharding involves distributing the blockchain data and the respective access keys for each dataset across the network’s nodes. When a user on one node aims to access all the data, they need to connect with other users on different nodes who have access to the remaining shards of data. In a sharded blockchain, only a few distinct keys, such as 3 or 4, are required for complete access, even in networks with thousands of keys.

Liminal’s institutional wallets, comprising both cold storage and hot wallet solutions, operate on multisig and multi-party computation technology. This ensures that complete access to the private key is never held by a single entity or individual. Key shares belonging to our clients are securely stored in air-gapped devices strategically distributed across various geographical regions.

Benefits of Key Sharding

Here are the major benefits of key sharding:

Distributed Trust

In the event of a breach or compromise of a shard, the attacker would only gain access to a portion of the data, thereby minimizing the impact on the overall system. This distributed approach adds an additional layer of protection against single points of failure and malicious attacks.

Enhanced Performance

Key sharding empowers the system to efficiently handle a substantial volume of transactions without compromising performance. Through the utilization of parallel processing and optimized resource management, key sharding ensures that the cryptocurrency network can scale effectively to meet the demands of a growing user base.

Increased Scalability

Key sharding facilitates horizontal scalability by incorporating additional shards to accommodate heightened transactional volume. This scalability feature allows the cryptocurrency network to expand and manage larger capacities without sacrificing performance or efficiency.

Fault Tolerance

Key sharding incorporates built-in fault tolerance capabilities. In the event of a shard or storage node becoming unavailable or experiencing a failure, the remaining shards can continue to operate, ensuring uninterrupted service. This fault-tolerant design enhances the overall resilience of the cryptocurrency network, thereby reducing the risk of data loss or service disruption.

Implementing Key Sharding

Create Dependencies:

To begin, import the required libraries and generate the encryption key. It’s essential to note that the encryption key should never be hardcoded and must be maintained with the utmost security.

Establish a Wallet and Derive Private Key:

Following that, establish an Ethereum wallet and derive a private key from it. This step can be adapted for any blockchain relying on private keys.

Encrypt the Private Key:

Utilize `libsodium-wrappers` to encrypt the private key using the provided encryption key. Ensure that the sodium library has been initialized.

Shard the Encrypted Private Key:

Proceed to shard the encrypted private key into multiple pieces. In the case of MPC wallets, three shards are created, but you have the flexibility to adjust this number as needed.

Implement Enhanced Security Measures:

For an additional layer of security, consider applying supplementary encryption layers to each shard. For instance, you may opt for different encryption algorithms or store shards in physically separate locations.


Here, we discussed the practice of sharding private keys to enhance security in blockchain and cryptocurrency applications. The process involves breaking a single private key into multiple shards and implementing additional encryption layers, thereby significantly reducing the associated risks of private key management.

However, it’s essential to recognize that with heightened security comes increased responsibility. Safeguarding your private key shards is paramount, as the loss of access to them could lead to the permanent forfeiture of digital assets. Always adhere to best practices and explore additional security measures to effectively protect your crypto assets.

Keep in mind that this guide serves as a foundational resource for sharding private keys. Feel free to modify and expand upon these concepts to tailor them to your specific security requirements.



What is key sharding?

Key sharding encompasses the distribution of private keys and transaction data across numerous shards. Each shard is tasked with managing and processing a specific subset of the total data. The objective of key sharding is to enhance system efficiency by breaking down data into smaller, more manageable pieces, thereby distributing the computational workload. This approach ensures that no single entity retains absolute control over the complete key.

How does key sharding enhance security?

Key sharding strives to improve system efficiency by dividing the data into smaller, more manageable fragments. This approach distributes the computational workload, preventing any single entity from having absolute control over the entire key.

How are key shards distributed or managed?

The logical shards are dispersed among distinct database nodes known as physical shards. Each shard is capable of accommodating multiple logical shards. Nevertheless, the data collectively housed within all the shards represents a complete logical dataset. Database shards exemplify a shared-nothing architecture.

Can you provide an example of how key sharding works in practice?

After the column undergoes the hash function, hash values are produced according to the shard ID. Columns exhibiting comparable hash values are then stored within the same shard.

What happens if one of the key shards is lost or compromised?

If one of the keys is lost, you can use the remaining keys to unlock the wallet. For instance, if the device holding the keys is lost, stolen, or damaged. Losing a key signifies that the owner risks relinquishing control over their blockchain account, associated identity, and assets.

Is key sharding only applicable to encryption keys?

Yes, the concept of key sharding is applicable to encryption keys.

How does key sharding protect against insider threats?

Central to the management and security of crypto assets are private keys. A private key is a distinctive alphanumeric code that provides users with access to their digital assets. To bolster security further, a private key can be fragmented into multiple pieces, known as key shares or key shards.

Are there any drawbacks or challenges associated with sharding?

Although sharding decreases the workload on individual nodes, it introduces increased complexity to the database and its applications. The partitioning of the network with individual validators for nodes reintroduces the single-point-of-failure issue, diminishing decentralization.

Can key sharding be used in combination with other security measures?

Utilizing key sharding, multi-party computation (MPC) ensures top-tier security for institutional clients, necessitating the validation of a transaction for signing with M out of N (e.g., 3 out of 5) key shares. 

How scalable is key sharding for large-scale systems?

Sharding stands out as a highly practical approach for achieving scalability in a blockchain system, enabling parallel computation, storage, and processing. The system’s capacity and throughput may exhibit a linear relationship with the number of shards or participating nodes.

More on Crypto

As we continue constructing a fully regulated digital asset custody platform, ensuring secure storage for both crypto and fiat assets remains a critical priority. 

To facilitate the last checkpoint of enabling institutions to convert their digital asset treasury into fiat currency, we’re expanding beyond pure wallet infrastructure and integrating seamless fiat off-ramp capabilities for our partners.

We’re thrilled to announce our partnership with Encryptus, licensed and compliant off-ramp solutions tailored for institutional clients. This collaboration elevates Liminal’s service offerings by empowering our partners to convert their digital asset treasuries into fiat currencies efficiently.

Integrating A Seamless Off-Ramp Solution

The digital asset ecosystem historically faced friction points when transitioning between fiat and cryptocurrencies. Off-ramp solutions address this pain point by enabling efficient and streamlined conversion between asset classes, minimising value loss and simplifying compliance processes.

Here’s how off-ramp changes the game:

  • Reduced Friction: Frictionless conversion minimises delays and operational complexities associated with traditional fiat-crypto exchange methods.
  • Enhanced Efficiency: Streamlined workflows expedite asset conversion, increasing speed and cost-effectiveness for institutional and individual users.
  • Optimised Value Preservation: Advanced off-ramp solutions prioritise minimising price slippage and value loss during conversion, protecting user portfolios.
  • Simplified Compliance: Integrated compliance features navigate regulatory complexities, ensuring adherence to relevant financial regulations.

With our partnership with Encryptus, we have embedded their institutional-grade APIs, connecting their off-ramp solution within Liminal’s wallet and custody platform. 

This integration simplifies our clients’ liquidation requirements while keeping their assets secure and more:

  • Effortless Digital Asset to Fiat Conversion: Our partners will be able to access treasury management and facilitate business payments in 54 countries and individual payments in an extensive network of 80+ countries.
  • Streamlined Compliance and Regulation: Our partners will be able to leverage Encryptus’s rigorous licensing and compliance framework, ensuring adherence to stringent financial regulations.
  • Enhanced Platform Value: We will be able to expand the functionality of the Liminal custody solution, attracting institutional users seeking comprehensive digital asset management capabilities.

Moving Towards A Robust Off-Ramp Partnership With Encryptus

The partnership between Liminal and Encryptus earmarks a significant step forward in secure digital asset custody, representing a shared commitment to pushing compliant practices while supplying institutions with easy access to convert their digital assets to fiat. 

For Encryptus, the opportunity to integrate with Liminal’s established platform presents a chance to reach a wider audience and scale their innovative off-ramp solutions to new heights. By streamlining fiat conversion within Liminal’s secure custody infrastructure, Encryptus gains access to a trusted network of institutional users seeking seamless and compliant treasury management.

For Liminal, this collaboration reinforces our dedication to partnering with companies that demonstrably prioritise clear governance and robust policy frameworks. By aligning with Encryptus’s stringent compliance standards, we reaffirm our commitment to building a secure and sustainable future for digital assets, where trust and regulatory certainty go hand-in-hand.

January 22, 2024

Hello world, it’s that time of the month when we share the biggest security breaches in the world of Web3 through our Security and Regulatory Newsletter. 

Liminal believes in optimizing security and custody practices globally across the Web3 industry. Through our Newsletter, we highlight security, regulations, and compliance incidents that have happened in the past month and how one can follow better Security practices to safeguard their digital assets. 

We will also highlight regulatory changes that might have happened globally, which were significant to the overall ecosystem.

Dive in and get a detailed analysis of everything security and regulation in the domain of web3 with Liminal’s Monthly Security and Regulatory Newsletter.

Web3 Security Compromises in January

Abracadabra exploited for almost $6.5 million, Magic Internet Money stablecoin depegs

The Magic Internet Money ($MIM) stablecoin has lost its dollar peg again, dipping all the way below $0.77 in a flash crash before returning to around $0.95.

The depeg appears to be related to an exploit of the Abracadabra lending protocol, which allows people to borrow $MIM. An attacker exploited an apparent flaw in the platform’s smart contracts to drain around $6.5 million.

Goledo Finance hacked for $1.7 million

Goledo Finance, an Aave-based lending protocol, was exploited through a flash loan attack. The attacker stole assets estimated by CertiK to be around $1.7 million.

Goledo Finance contacted the attacker to offer a 10% “bounty” for the return of the remaining assets. In a message on January 29, the attacker wrote: “I hacked Goledo and want to negotiate.”

Socket service and its Bungee bridge suffer $3.3 million theft

The Socket cross-chain infrastructure protocol was hacked for around $3.3 million in an attack that exploited its Bungee bridge. The thieves were able to exploit a bug that allowed them to take assets from those who had approved a portion of the system called SocketGateway.

A little over 700 victims were affected, and the highest loss from a single wallet was around $657,000. 121 wallets lost assets priced at more than $10,000.

On January 23, the protocol announced they had recovered 1,032 ETH (~$2.23 million) of the stolen funds.

Web3 Regulatory Practices for January

The EU Imposes Stricter Due Diligence Rules for Crypto Firms

On Jan. 17, the European Council and the Parliament came to a provisional agreement on parts of the Anti-Money Laundering Regulation (AMLR) that now extends to the crypto sector.

Under the new rules, cryptocurrency firms will be required to run due diligence on their customers involving a transaction amounting to €1,000 ($1,090) or more. 

However, the agreement isn’t final yet as it has to be first officially adopted by the Council and Parliament before the rules can be applied.

So, after the EU passed its landmark MiCA regulation last year, which clarified rules about cryptocurrencies, regulators are now targeting the space with tighter controls. 

While these regulations bolster security and trust in the crypto market, potentially attracting more cautious investors and combating financial crimes, they also present challenges. 

The US State of Virginia Introduces Digital Assets Mining Rights

Recently, the Virginia State Senate introduced Bill No. 339, which outlines regulations for the transactions and mining of digital assets and their treatment under tax laws. 

The legislation exempts individuals and businesses engaged in crypto mining activities from obtaining money transmitter licenses. Additionally, it protects miners from any discrimination. 

Issuers and sellers of crypto are also exempted from securities registration requirements if certain conditions are met. Moreover, those offering mining or staking services are not to be classified as “financial investment” but must file a notice to qualify for the exemption.

The bill further incentivizes crypto’s use for everyday transactions by offering tax benefits. Under this, up to $200 per transaction can be excluded from an individual’s net capital gains or gains derived from using crypto to purchase goods or services, starting from Jan. 1, 2024.

Key Takeaways:

  • Hackers continue to exploit vulnerabilities in DeFi protocols and cross-chain bridges, highlighting the need for robust security measures.
  • Regulatory frameworks are evolving rapidly, with stricter AML rules and supportive legislation for emerging technologies like crypto mining.
  • Staying informed about these developments is crucial for navigating the digital assets market safely and responsibly.

Stay #LiminalSecure

These events highlight the constant evolution of Web3 security and regulation. You can confidently navigate this dynamic landscape by staying informed and prioritizing security best practices. 

At Liminal, we’re committed to empowering institutions to unlock the full potential of digital assets without compromising security or compliance norms with our robust custody and wallet infrastructure solutions. Join us on this journey towards a safer, more accessible future for digital assets.

January 15, 2024

Buckle up as we’re about to take a trip down memory lane. 

The year 2023 was a wild ride that showed signs of a plummeting market, groundbreaking innovation and regulatory hurdles. 

Contrastingly, in the same year, we saw no market-shattering crashes. Financial institutions extending an olive branch, key jurisdictions unlocking the doors to blockchain technology. 

Simultaneously, at Liminal, we experienced significant breakthroughs, re-engineering our positioning and becoming a pioneer in digital asset security with bank-grade custody. 

We took major strides this year, right from building comprehensive products to becoming a qualified custodian, from revamping our brand design to expanding our offices in newer locations, from partnering with hyper-local communities to onboarding a diverse set of clients,  we did it all. 

So, let us take you through everything we accomplished in 2023 and what the future holds.  

Liminal Became A Qualified Custodian

One of the prominent moves we made this year was to change our positioning as a regulated custodian from being a wallet infrastructure platform. 

We got two licenses in key jurisdictions to operate as a regulated custodian. 

The first one came from Hong Kong, where we acquired the TCSP license issued by the SFC, which oversees and regulates financial activities to ensure compliance with legal and regulatory obligations. 

Our next license came in the MENA region, where we got In-Principle Approval for the FSP license granted by the FSRA, a governing body in ADGM, to establish a progressive financial services environment. 

Both these licenses paved the way for Liminal to push its wallet infrastructure and offer bank-grade custody to institutions looking to operate in these particular regions. 

Liminal Introduced A Suite of Products & Features

Continuing our building spree, we launched new products and integrations to broaden the existing infrastructure and added more parameters of security, scalability and sustainability. 


Liminal launched staking for institutions to eliminate the risks involved in running staking nodes and the vulnerabilities in hot wallet transfer. 

Hence, we introduced an industry-first mechanism of cold wallet staking to ease staking for institutions and secure assets explicitly.  

Whitelabel Solution

Accelerating the go-to-market time for organisations looking to build a secure and customisable application, Liminal launched its whitelabel solutions

Targeted to help organisations meet security standards, manage assets with maximum control, and add their custom branding to give it a personal touch. Our whitelabel solution is a first-in-class custodian-developed solution for institutional grade custody.

Smart Consolidation

We are building not just secure custody but also automation-based features to eliminate manual errors, increase the throughput of transactions and scale institutional wallets. 

Taking this ahead, we launched the Smart Consolidation feature to automatically calculate all the active addresses and consolidate them into a single address. With this level of automation, managing multiple addresses becomes uber easy for wallet teams. 

Travel Rule 

To limit the use of cryptocurrencies for activities like money laundering and terror financing by regulatory bodies, travel rule was mandated for institutions to follow. 

Continuing the latest compliance integration policy, Liminal partnered with Notabene to introduce Travel Rule, enabling institutions to manage counter-party risk and extend the process of due diligence right from the Vaults dashboard.   

Liminal Accured List Of Security Certifications

Following our ISO certification for data privacy and risk management, we added two new security certifications to fortify our systems and build trust for our clients. 

Liminal Achieves Crypto’s Highest Security Mark: CCSS Level-3 Certified

Cryptocurrency security lacked a gold standard, creating a vulnerable ecosystem. Enter the CryptoCurrency Security Standard (CCSS), setting the bar for auditing and certifying custodian infrastructure and establishing levels of trust and confidence for investors. 

Liminal became only the second wallet infra platform and the first regulated custodian to be accredited with Level-3 certification, deeming wallets, transfer environments, workflows and engines safe and secure. 

Liminal Reciueved SOC 2 Type II Certification

To tackle threats in institutional-grade security, organisations’ SOC has been identified as the primitive compliance standard for service organisations to handle customer data.

Liminal successfully attained SOC 2 Type II certification, validating its setup of security controls & compliance processes to be industry standard. 

Liminal Level Up

Liminal unveiled its most significant platform upgrade ever, revolutionising the future design standard of a qualified custodian. This level-up activity included revamping our website and product UI, giving a completely new look and feel to not “Liminal” but “Liminal Custody”. 

The Liminal level-up activity was a strategic step and the biggest one for us this year to create an intuitive, inviting and tailored experience for our clients. 

Liminal Reached New Borders

We spread out our operations this year, reaching new borders and onboarding a new wave of institutions across gaming, DeFi, HNI wealth, treasuries, and exchanges! From Indonesia and Africa to India, UAE, and Korea, we are setting up custody operations worldwide. 

This isn’t just a roster of clients; it’s a network ready to spark connections, collaborations, and shared success to further the definition of secure assets. 

Liminal Collaborated With Law Enforcement Agencies

The best and the proudest moment of Liminal for this year was when we collaborated with CBI & Himachal Prashesh police department to aid them in seizing digital assets. 

This partnership put us on the map, as we became the first point of contact for LEAs in India, and we standardised the process of secure seizure of digital assets. Leveraging our expertise, we enabled a safe space for officers to learn the basics of custody, contributing to a safer digital landscape.

Team Liminal Grew Bigger

Building such a massive infrastructure, prioritising security and compliance over everything else, we had to grow the team to build at pace and expand at an even higher level. Not only did we grow in team numbers, but we also elongated our footprint to new destinations. 

Team Liminal went from 32 to 70 with 5 new offices in Mumbai, Ahmedabad, Hong Kong, Singapore and ADGM, setting up our custody operations steadfastly. 

What’s To Look Out For In 2024

We are excited to announce that our commitment to integrating the most secure digital asset wallets with a cutting-edge custody platform is swiftly becoming a reality. 

The upcoming year, 2024, will serve as a testament to this transformative journey. Moving beyond self-custody, we are constructing a comprehensive infrastructure encompassing both custodial and non-custodial wallets. Exciting products are set to launch starting from the first week of January, some of which are: 

  • Official Custody Platform Launch
  • Liminal’s Off-Exchange Settlement Hub
  • Secure Custody of Real-World ‘Tokenised’ Asset

The Web3 space has evolved explicitly this year, pushing the narrative of secure digital asset custody and security, introducing new regulations and compliance standards, licensing VASP providers and standardising the use of custodians as a trusted third party. 

At Liminal, we took major strides this year, from building comprehensive products to becoming a regulated custodian, from revamping our brand design to building the full infrastructure of custodial and non-custodial wallets.

January 5, 2024

Find Out How You Can Benefit From A Fully Self-Custodial Wallet Architecture