dark logo
Get Started

M-of-N Wallet

Crypto WorkFlo incorporates an M-of-N Wallet feature, enabling the creation of a multi-signature wallet. This wallet necessitates a minimum number of user signatures (M in the M-of-N) to authorise a transaction before it can be executed. N represents the total number of individuals with whom the wallet is shared.

The M-of-N wallet within Crypto WorkFlo employs the Shamir Secret Sharing algorithm to divide the private key into multiple parts, which are subsequently distributed to the N users. At no point is the private key stored by Crypto WorkFlo. It exists in memory on one of our servers only momentarily when it is created and divided into shares for each user, after which it is immediately removed from memory. The private key can only be reconstructed by combining the shares from M of N users. This occurs during a transaction signing ceremony, and once again, the private key exists in memory only fleetingly before being removed.

The M-of-N wallet in Crypto WorkFlo has two lifecycle stages. The first stage is the creation stage, where the wallet is created, and the private key is divided into shares and distributed to the users. The second stage is the signing stage, where the wallet is utilised to sign transactions through a multi-phase signing ceremony. The wallet can be used to sign transactions as long as it is in the ACTIVE state and at least M of the N users are available.

As with any M-of-N wallet, it is important to note that users cannot be removed from the wallet. If trust is lost in M of the N users, your wallet can be compromised even if these users no longer have access to Crypto WorkFlo. Such a minimal group of compromised users will be able to reconstruct the private key by combining their shares. Conversely, M-of-N trusted users can reconstruct the private key using their shares without needing access to Crypto WorkFlo.

Although it is mathematically possible to add additional users (increase N), this is not currently supported by Crypto WorkFlo.

M-of-N wallet creation overview

The M-of-N wallet creation process is a multi-step process that involves the following steps:

  • Wallet Creation - The wallet is created with the minimum number of signatures (M) and the total number of shares (N). The participants are also selected during this phase.
  • Public Key Gathering - Each participant creates a public-private key pair that is used by the server to encrypt the secret share of the participant. The private key is stored in each user's browser for use during the next step of the M-of-N wallet creation.
  • Wallet Creation and Encryption - After the public keys of all participants are gathered, a new random wallet is generated and the private key of the wallet is split into N shares using the Shamir Secret Sharing algorithm. The shares are encrypted using the public keys of the participants and stored for later retrieval. The private key is immediately destroyed after it is split.
  • Secret Share Distribution - The encrypted secret shares are distributed to the participants. The participants will download their encrypted secret share, which will be decrypted in their browser using their private key stored in the browser during the previous stage. The user must save their secret share in a secure location.
  • Wallet Ready - Once all the participants have downloaded their secret shares, the wallet is ready to be used. The wallet will be in the READY state and can be used to sign transactions.

M-of-N wallet creation procedure

Navigate to the M-of-N Wallet application and click on the New Icon icon. Fill in the details and click on the Save Icon icon.

M-of-N Wallet Application

Properties

  • Wallet ID

    Auto generated wallet ID. Read only. This field is readonly.

  • Status

    The status of the M-of-N wallet. The possible values are ACTIVE and INACTIVE.

  • Description

    A free-form description of the wallet.

  • Wallet Address

    The address of the M-of-N wallet. This field is readonly and will be filled-in after the private key was created.

  • State

    The current state of the wallet. The possible values are NEW, INIT_GATHER_PUB, INIT_SECRET_DISTR, and READY. This field is read-only.

    • NEW

      The wallet is new, and the number of minimum and total participants can be defined. The participating users must be selected before it can move to the next phase.

    • INIT_GATHER_PUB

      The wallet is in the process of gathering the public keys of the participants. The public keys are used to encrypt the secret shares of the users.

    • INIT_SECRET_DISTR

      The wallet is in the process of distributing the encrypted secret shares to the participants.

    • READY

      The wallet is ready to be used.

  • Minimum Signatures (M)

    The minimum number of signatures required to sign a transaction. This value must be less than or equal to the total number of participants.

  • Total Shares (N)

    The total number of shares into which the private key is split. This value must be greater than or equal to the minimum number of signatures.

  • Participants

    A list of dropdown fields to select the participants who will be part of the M-of-N wallet. The participants must be valid users in the system.

After the M-of-N wallet is created, the wallet will be in the NEW state. To start the process of public key gathering, click on the button. The wallet will move to the INIT_GATHER_PUB state. Each user will need to log into the system and navigate to the M-of-N Wallets application and click on the Generate Key button. The public key of each user will be saved to the wallet, and the associated private key of the user will be saved in the user's browser for use during the last phase of the M-of-N wallet creation.

Once the last user has generated their public key, the wallet will move to the INIT_SECRET_DISTR state. At this point, the wallet address will exist, and each user's share of the private key will be encrypted, ready to be retrieved.

Each user must then log in and navigate to the M-of-N Wallets application and click on the Retrieve Secret Share button. The user will be notified that their secret share was copied to their clipboard and must save the secret share in a secure location. After all the users have downloaded their secret share, the wallet is ready to be moved to the READY state. It is paramount to ensure each user did indeed retrieve and save their secret share before the next action is performed. Any participant can click on the button to set it to the READY state. The wallet is now ready to be used to sign transactions.

Edit an existing M-of-N Wallet

Navigate to the M-of-N Wallet application and enter the details of the M-of-N Wallet into the search field, then press the enter key on your keyboard to search for the M-of-N Wallet. Click on the icon to start editing the M-of-N Wallet record. Only the status and description can be edited.

M-of-N Edit

Once you have edited the M-of-N Wallet record, you can click on the Save Icon icon to save your changes. The status can be set to INACTIVE to prevent the M-of-N Wallet from being used by Crypto WorkFlo. It will NOT prevent the wallet from being used outside of Crypto WorkFlo.

M-of-N Wallet Usage

The M-of-N Wallet can only be used in Crypto WorkFlo by selecting it as the wallet to be used on the workflow Contract Call node. Using the M-of-N Wallet to sign a transaction is a multi-step process that involves the following steps:

Assignment

Each one of the N participants will receive a workflow inbox assignment to sign the transaction.

Participation Key Generation

Each participant that would like to sign this transaction must route the workflow assignment. A dialog will be presented with the transaction details. Click on the Generate Key button.

M-of-N Wallet Application - Generate Key

This will generate a new temporary public-private key pair that will be used to encrypt the secret share of all the other participants for this signing ceremony. When M of the N participants have routed the workflow assignment and generated their participation keys, the transaction signing ceremony will move on to the next phase.

Participant Signing

Each one of the M participants will receive a new workflow inbox assignment. A dialog will be presented with the transaction details. The participant must provide their secret share, which will be encrypted multiple times, once with each of the remaining participants' public keys. By clicking on the Approve button, the encrypted secret share is sent to the server.

M-of-N Wallet Application - Approve

After the last (Mth) participant has supplied their secret share and approved the transaction, their secret share, along with their private key with which the other participants' secret shares were encrypted, is submitted to the server. The server uses this temporary private key to decrypt the secret shares of the other participants and reassemble the wallet private key. The transaction is signed and saved, after which the private key is immediately removed from memory.

A new dialog is presented to the participant with the signed transaction details and a Submit button to send the signed transaction to the blockchain.

M-of-N Wallet Application - Submit

Once the transaction has been included on the blockchain, a Continue button will be presented with which the workflow process can be moved further along.

M-of-N Wallet Application - Continue
Logo

If you are using this system for financial benefit, please consider donating ETH/MATIC/POL, USDC or USDT on the Ethereum main network or the Polygon network to this address: 0xA9e98B2a4988858f353EF59831c84Dac5F27eEDb

© 2025 Crypto WorkFlo. All rights reserved.

Company

Support