● Threshold Raccoon · ML-lattice · NIST-I

Your key is never
in one place.

Post-quantum threshold key custody. The signing key is split across servers plus a passphrase only you know, and is never assembled — anywhere, ever. Any T-of-N parties cooperate to sign; fewer cannot. Compromise every server and, without your passphrase, an attacker still can't sign.

Run live demo ↓ How it works

● live demo — runs a real threshold custody ceremony server-side

Generates keys, signs with the passphrase party,
and verifies — live ✦

The mechanism

Threshold signing, post-quantum.

01 · Split

Never assembled

The lattice signing key is Shamir-shared across N party servers plus a passphrase party. The full key exists at no point — not even during signing.

02 · Passphrase party

You are mandatory

One share is derived from your passphrase via Argon2id, on your device, and never stored. Total server compromise still can't sign without it.

03 · T-of-N

Resilient + safe

Any T of N parties co-sign via a 3-round MPC (Threshold Raccoon). Fewer than T learn nothing and cannot forge. Output verifies as a plain Raccoon signature.

# run a real distributed ceremony locally
qwvault demo
qwvault keygen -t 3 -n 5 -o keys --share-pass PW
qwvault party  --share keys/share-1.enc ... # mTLS agent
qwvault sign   --vk keys/vk.bin --party 1=https://... --msg "..."