1/ At Privy, security is foundational. We combine trusted execution environments (TEEs) and key sharding in a defense-in-depth model to eliminate any single point of failure. It’s how we secure 75M+ accounts and billions in volume across consumer, trading, and fintech apps.

2/ Why TEEs: Trusted execution environments (TEEs) are isolated, hardware-backed environments with no storage or network access. Privy uses AWS Nitro Enclaves, ensuring keys are only reconstructed inside the enclave and all actions can be cryptographically attested.

3/ Privy goes one step further with key sharding. Each private key is split into two shares: → Enclave share, secured inside the TEE → Auth share, encrypted and retrievable only with valid auth Stored across separate boundaries, neither share is usable on its own.

4/ Key splitting is done using Shamir’s Secret Sharing (SSS): a fast, reliable algorithm battle-tested at scale in systems well beyond crypto. 1Password, Cloudflare, Ledger, and HashiCorp Vault all use Shamir for secrets management or recovery.

5/ Privy chose TEE + key sharding over TEE-only or TSS-based MPC to balance: → Verifiable security → Low latency at scale → Programmable, dev-friendly control For embedded wallets, where UX and trust must go hand in hand, this model delivers security and flexibility.