Deploy.Finance
  • What is Deploy.Finance?
    • Key Features
  • Quickstart Guide
    • Open Your Wallet
    • Launch Your First Agent
    • Export Private Keys
    • Withdraw Funds
  • Deploy.Finance's Foundational Elements
    • What is a Deploy.Finance Wallet?
    • Private Key Management
    • How Privy Enables Deploy.Finance Wallets
    • What are Deploy.Finance Agents?
  • What is Income:Funding Rates? The Delta Neutral Agent
    • Delta Neutral 101
    • How the Deploy.Finance Agent Executes the Strategy
    • Income: Funding Rates Risks
  • FAQ
  • What are Deploy.Finance Risks?
Powered by GitBook
On this page
  • Privy's Private Key Generation Process
  • Privy's Key Management Architecture
  • Privy's Session Management
Export as PDF
  1. Deploy.Finance's Foundational Elements

How Privy Enables Deploy.Finance Wallets

PreviousPrivate Key ManagementNextWhat are Deploy.Finance Agents?

Last updated 16 days ago

Deploy.Finance's wallet infrastructure is enabled by , a leading class solution provider of authentication and wallet infrastructure.

Privy builds authentication and wallet infrastructure to enable better products built on crypto rails. Get started in minutes to onboard users with wallets, spin up self-custodial wallets for users, and securely sign transactions through your app.

Deploy.Finance's agents and infrastructure leverage Privy's to generate wallets with private keys and sign transactions to complete delegation and withdraw activities.

Below is a description of the private key generation process and key management from Privy's documentaiton.

Privy's Private Key Generation Process

Privy generates private keys using distributed key sharding with Shamir's Secret Sharing (SSS), splitting each key into encrypted shares stored across separate security boundaries.

The process involves:

  • Three share types: Device/enclave share (stored on user's device/TEE), auth share (stored by Privy), and recovery share (user-managed or Privy-backed).

  • Open-source cryptography: Uses the audited shamir-secret-sharing library, the most widely used open-source Typescript implementation of SSS.

Privy's Key Management Architecture

Privy's key management architeture has several layers to mitigate risks associated with storage and retrieval.

  1. Secure Assembly: Private keys are only temporarily reconstructed within secure execution environments when exactly two shares are present.

  2. Storage Isolation:

    • Web clients: Device share stored in browser's domain-partitioned local storage.

    • API integrations: TEE (Trusted Execution Environment) acts as remote device.

  3. Export Controls: Private key exports require explicit policy permission via HPKE-encrypted API.

Privy's Session Management

Privy enables secure delegation of Deploy.Finance's smart wallet activities through session keys using a combination of cryptographic controls and trusted execution environments.

Here's how this is implemented:

  2. Key provisioning Privy's API creates a session key pair within a Trusted Execution Environment (TEE), splitting the private key using Shamir's Secret Sharing:

    • One share stored in the TEE

    • One share encrypted with user credentials

  3. Secure key assembly When needed, the session key is temporarily reconstructed in the TEE using HPKE-encrypted API calls.

The session key remains active, allowing the agent to autonomously execute trading activities until you revoke access.

Learn more about Privy's process for key generation and management .

User consent initiation You submit a request (such as "Delegate funds to DD NOS), triggering a delegation request requiring explicit user approval through Privy's client SDK. This generates a cryptographic proof of consent stored on-chain or in secure storage.

One share held by Privy's infrastructure

Learn more about Privy's security architecture .

Privy.io
4
4
4
4
4
4
1
here
5
8
5
6
here