privy

1/ At Privy, security is foundational.

We combine trusted execution environments (TEEs) and key sharding in a defense-in-depth model to eliminate any single point of failure.

It’s how we secure 75M+ accounts and billions in volume across consumer, trading, and fintech apps.

marketing @privy | 2x founder | ✍️ author digitalmavericks.xyz paragraph.com/@debbie | 👩🏻‍💻 occasional vibe coder + renaissance woman | 🇸🇬 in 🇺🇸

2/ Why TEEs:

Trusted execution environments (TEEs) are isolated, hardware-backed environments with no storage or network access.

Privy uses AWS Nitro Enclaves, ensuring keys are only reconstructed inside the enclave and all actions can be cryptographically attested.

3/ Privy goes one step further with key sharding.

Each private key is split into two shares:
→ Enclave share, secured inside the TEE
→ Auth share, encrypted and retrievable only with valid auth

Stored across separate boundaries, neither share is usable on its own.

5/ Privy chose TEE + key sharding over TEE-only or TSS-based MPC to balance:

→ Verifiable security
→ Low latency at scale
→ Programmable, dev-friendly control

For embedded wallets, where UX and trust must go hand in hand, this model delivers security and flexibility.

4/ Key splitting is done using Shamir’s Secret Sharing (SSS): a fast, reliable algorithm battle-tested at scale in systems well beyond crypto.

1Password, Cloudflare, Ledger, and HashiCorp Vault all use Shamir for secrets management or recovery.