Circle Unveils Star DKG Protocol for Hardware-Secured Crypto Wallets
Lawrence Jengar Mar 31, 2026 19:30
Circle Research publishes Star DKG, a new distributed key generation protocol enabling secure multi-device wallets with non-exportable hardware keys.
Circle Research has published a new distributed key generation protocol called Star DKG (SDKG), designed specifically for crypto wallets that use hardware-enforced key isolation—addressing a technical gap that's plagued production MPC systems.
The protocol, detailed in a preprint on arXiv, tackles a fundamental conflict: standard DKG protocols assume you can export, reshare, or rerun key shares to verify consistency. Modern hardware security modules, TEEs, and cloud KMS systems explicitly prevent this. SDKG works with these constraints rather than against them.
Why This Matters for Wallet Security
Most production MPC wallets today split private keys across multiple devices—your phone, a hardware wallet, a service provider's infrastructure. No single device holds the complete key, and transactions require multiple parties to co-sign.
The problem? Traditional DKG protocols were built assuming shares could be moved around, opened for inspection, or regenerated under different conditions. Hardware security boundaries that prevent key export—the very feature that makes them secure—break these assumptions.
"If your consistency proof needs 'open your share' or 'rerun the same proof with a different challenge,' a rollback-resistant enclave/KMS profile simply won't let you do that," Circle's researchers note in the technical writeup.
Technical Architecture
SDKG separates two concerns that classic DKG protocols bundle together: keeping shares confidential and ensuring all parties agree on a consistent key. The hardware handles confidentiality; SDKG handles consistency through three mechanisms.
First, Unique Structure Verification (USV) creates certificates that let anyone derive the correct public key from the transcript without accessing the underlying secret. Second, the protocol uses straight-line extractable proofs that work without rewinding—critical for rollback-resistant hardware. Third, new devices get enrolled through hardware-to-hardware sealing, bypassing the need to reshare keys.
The base protocol transcript runs approximately 11-13 KiB at 128-bit security. Additional recovery devices can be added post-setup without regenerating the wallet's public key.
Mandatory Co-Signer Model
SDKG targets what Circle calls the "mandatory co-signer" architecture—where a service provider must participate in every signing ceremony for compliance, risk controls, or fraud detection. The structure resembles a star: the service sits at the center, with user devices (primary and recovery) at the endpoints.
This isn't general-purpose threshold cryptography. The protocol specifically handles 1+1-out-of-3 configurations rather than arbitrary t-of-n setups. That's a deliberate tradeoff—matching how institutional and consumer wallets actually deploy in production.
Market Context
DKG research has accelerated recently. SSV DAO launched a DKG tool in January 2024 to improve validator key security, and distributed key architecture for blockchain wallets has seen significant academic attention through early 2025. Circle's contribution addresses a specific deployment reality: the gap between theoretical DKG security proofs and what actually works on TEEs, HSMs, and cloud key management services.
The protocol comes with caveats. Security proofs assume an idealized KeyBox abstraction rather than specific hardware. Like most DKG protocols, a malicious party can selectively abort—fairness isn't guaranteed. Circle also notes this is research, not a product announcement, though the company has obvious commercial interest given its wallet infrastructure business.
For teams building multi-device custody solutions on hardware security modules, the preprint offers both a formal explanation of why traditional approaches fail and a concrete alternative. The full paper includes deployment mapping and a checklist for matching KeyBox profiles to real hardware families.
Image source: Shutterstock.jpg)