NERO Auth API
The MPC backend powering embedded wallets. True threshold ECDSA signing where the private key is never reconstructed — at every tier, including Free.
How key generation works
A 3-round commit-reveal protocol based on the DKLS paper. Neither party can cheat — Schnorr proofs verify correct execution at every step.
Backend Commitment
Backend generates random scalar sk_B, computes public point P_B = sk_B × G, and sends commitment SHA256(P_B) to the client. Commitment prevents adapting sk_B after seeing the client's share.
Proof Exchange
Both parties reveal their public points with Schnorr proofs of knowledge (Fiat-Shamir). Each side proves it knows the discrete log of its public point — no forgery possible.
Joint Key Derivation
Joint public key: P = sk_A × sk_B × G. Wallet address: keccak256(P)[12:]. The backend stores sk_B in HSM (AES-256-GCM). The full private key sk = sk_A × sk_B is never assembled.
Why true MPC matters
Unlike competitors that reconstruct the private key during signing, NERO uses threshold ECDSA — only partial signatures exist. The full key is never assembled at any point in the signing flow.
| NERO (DKLS) | Web3Auth (SSS) | Custodial | |
|---|---|---|---|
| Key reconstructed during signing | Never | Yes (client-side) | Yes (server-side) |
| Protocol | 5-round MtA threshold ECDSA | Shamir reconstruct → local ECDSA | Server signs on behalf of user |
| Backend compromise | sk_B alone is useless | 1-of-3 share exposed | Full key stolen |
| Client compromise | sk_A alone is useless | 1-of-3 share exposed | Full key stolen |
| True MPC at Free tier | Yes | SSS only (not MPC) | N/A |
13 core features
Every feature is production-ready and fully implemented. True MPC threshold signing is available at every tier — no enterprise paywall for security.
2-Party MPC Key Generation
All tiersDKLS threshold ECDSA keygen with Schnorr proofs. Backend generates sk_B, client generates sk_A. Joint public key derived as P = sk_A × sk_B × G. Private key never assembled on any machine.
Threshold ECDSA Signing
All tiers5-round Multiplicative-to-Additive protocol. Partial signatures computed independently — full private key is never reconstructed during signing. Standard ECDSA output compatible with all EVM chains.
Social Login (9 Providers)
All tiersGoogle, GitHub, Apple, Discord, Facebook, LINE, LinkedIn, Twitter/X, WeChat. NERO-managed credentials on Growth+, or bring your own OAuth app on Free.
Custom JWT Verification
Growth+Validate tokens from Auth0, Firebase, AWS Cognito, or any OIDC provider. Users authenticate with your existing auth system — NERO adds the wallet layer.
Aggregate Verifiers
Growth+Link multiple login methods to the same wallet via shared email. Google + GitHub + custom JWT all resolve to the same address for the same user.
Multi-Factor Authentication
Growth+TOTP (authenticator apps) on Growth+, FIDO2 WebAuthn (fingerprint/security keys) on Scale+. MFA can gate recovery, key rotation, and high-value signing operations.
Device Trust & Verification
All tiersDevice fingerprinting classifies devices as new, pending, or trusted. New devices require OTP verification. Sensitive operations require a trusted device.
Time-Locked Account Recovery
Scale+48-hour anti-theft time-lock. Three recovery methods: password-based, trusted device backup, and BIP-39 seed phrase. Recovery cannot complete before the lock period expires.
Encrypted Key Share Backup
All tiersExport key shares encrypted with scrypt KDF + AES-256-GCM. User stores the encrypted blob offline. Restore via import endpoint — no NERO access to plaintext shares.
Key Material Export
Growth+Backend delivers its share (sk_B) to the SDK via ephemeral ECDH encryption. Client reconstructs the full key locally for offline signing or wallet migration. Rate-limited.
Self-Custody Recovery
Scale+Full exit protocol — user decrypts both shares and computes sk = sk_A × sk_B. Import the private key into MetaMask or any standard wallet. Works without NERO online.
Distributed Node Infrastructure
EnterpriseBackend share sk_B split via Shamir's Secret Sharing across N nodes with T-of-N threshold. HMAC-authenticated node-to-node communication. Commitment verification on every reconstruction.
Audit Logging & Compliance
All tiersEvery signing, recovery, export, and device operation logged with user ID, wallet address, IP, action, and timestamp. Queryable API with date range and action filters.
True MPC at every tier
Competitors gate threshold cryptography behind enterprise pricing. NERO gives every developer — from a free prototype to a scaled production app — the same 2-party DKLS threshold ECDSA. The private key is never reconstructed for any customer, at any plan.
HSM Protection
Server key shares wrapped by AWS KMS or GCP Cloud KMS. Key material never leaves the hardware security module.
11-Layer Middleware
Request ID, logging, Helmet CSP, API versioning, device ID, content validation, size limits, global rate limiting, API key auth, CORS, per-key rate limiting.
Zero-Knowledge Proofs
Schnorr proofs of knowledge on every keygen round. Feldman VSS commitments for Pedersen DKG. Configurable enforcement mode: off, audit, or enforce.
Start building with NERO Auth
Create a project, get an API key, and integrate the SDK. Your users get self-custodial wallets in seconds.