• No single point of failure
Generate threshold keys where the secret never exists in one place — not during setup, not ever. No trusted dealer. No 'we promise not to look.' No single point of compromise to subpoena, breach, or audit.
Built for organizations where no single party should be trusted with the keys
Decentralized Networks
Multiple validators sign together — nobody holds the master key.
No coordinator. No single point to leak from.
The key structure is secure from generation — not patched secure after the fact.
Multi-Org Consortia
Joint key control with no single dealer to compromise.
One compromised party can't collapse the structure.
Legal can confirm no single entity ever held the full key.
Privacy Infrastructure Builders
No third party ever holds your keys — so there's nothing to promise, leak, or subpoena.
Cryptographic guarantees, not policy promises.
Betrayal isn't discouraged. It's prevented.
What makes this different
Most key generation ceremonies require a trusted dealer who temporarily holds complete access to the master key. That's the vulnerability and it's the single point of compromise that regulators, auditors, and adversaries all target. Here's how we eliminate it
No single point of betrayal
The secret key never exists in one place—not during generation, not after.
Asynchronous Distributed Key Generation (ADKG) at the protocol level
No dealer to compromise, no coordinator who could leak shares
"The math makes it impossible" beats "we promise we won't look"
Doesn't fail when someone's late
Asynchronous by design—participants join when they can, network hiccups don't kill progress.
No "everyone online at exactly 3pm UTC" coordination nightmare
Fault-tolerant liveness even when nodes are slow or offline
Ceremonies complete without perfect synchronization
Works with your existing stack
Drop into your current threshold signature or encryption infrastructure without rewriting everything.
Production-ready, not a research experiment
Standard share formats, no proprietary lock-in
Compatible with existing threshold crypto libraries
The full stack. No trusted dealer required
ADKG module (Stoffel Lang)
The cryptographic core that handles distributed key generation—so you're not implementing research papers at 2am.
VM orchestration
Manages asynchronous progress and verification automatically. No manual coordination, no timing bugs.
Ceremony SDK
Init, join, derive, re-share — everything you need for the full key lifecycle. No coordination overhead, no single point of failure in setup.
Verifiable share exchange
Parties exchange and verify shares cryptographically. If someone cheats, everyone knows immediately.
Published public keys
Standard output formats for threshold operations. Use with any compatible threshold crypto stack.
Threshold share management
Each participant holds their share securely. No single party can act alone, no party knows the full key.
For Engineering Teams
Privacy tech that doesn't wreck your velocity
You shouldn't need a PhD in cryptography to generate threshold keys securely. The complexity lives in the protocol. Your integration stays simple.
Async by Default
Participants join when ready. No complex orchestration logic in your app code.
Standard Interfaces
If you're using threshold crypto today, this plugs in. No proprietary formats to reverse-engineer.
Built-in Verification
Share validity checks happen automatically. You don't debug cryptographic proofs at runtime.
Clear Error Messages
When something fails, you know why. No 'ceremony failed: error 0x4F2A.'
Production-Ready
Not a research prototype. Designed for systems where downtime costs money.
How it actually works
Start the ceremony
Initialize in Stoffel Lang. Participants join via SDK when they're ready—no synchronization dance required.
Generate keys without a dealer
Parties exchange verifiable shares — the full secret is never assembled anywhere, not even temporarily. That means there is no master key to compromise, subpoena, or hand over. Because it was never assembled.
Use the keys
Publish the public key. Each participant keeps their share. Run threshold signatures, encryption, or randomness generation—no party can act alone, no party knows the full key.
The Part That Matters: If someone compromises one participant, they get one share. Useless without the threshold. If someone demands you hand over "the master key," you can honestly say it doesn't exist.
FAQ
Have more questions? Contact our team with any questions you may have.
How is this different from a standard key ceremony?
Standard ceremonies require a trusted dealer who temporarily holds god-mode access during setup. ADKG is dealerless—the secret never exists in one place at any point. No temporary trust, no 'we deleted it afterward.'
What happens if a participant drops offline?
Asynchronous by design. Participants can join late or drop temporarily without killing the ceremony. Progress continues as long as enough parties (above threshold) remain active.
Can I use this with my existing threshold crypto stack?
Yes. Standard share formats, compatible with most threshold signature and encryption libraries. If you're already using threshold crypto, this should plug in without rewriting everything.