Wallet Architecture (MPC) | IDA — Identity for the AI Age

IDA’s MPC wallet uses a 2-of-3 threshold signature scheme:

Share	Held by	Purpose
Share 1	User device (encrypted in OS keystore)	Online signing
Share 2	IDA backend (HSM-backed enclave)	Online signing
Share 3	Recovery custodian (escrow)	Reserved for recovery

Any signature requires cooperation between Share 1 and Share 2. Share 3 is only used during device-loss recovery — paired with re-authentication, it lets the user rebuild Share 1 on a new device.