Para Explained: Secure, Non-Custodial Wallet Infrastructure
Many embedded wallets sacrifice user custody for a smoother experience. Para delivers both: a seamless, non-custodial wallet powered by secure Distributed MPC and passkeys.
Para Architecture
Para is non-custodial by design and leverages several key concepts:
- Multi-Party Computation (MPC) Key Management: Para uses a 2-of-2 MPC system for secure key management, comprising a User Share and a Cloud Key.
- Distributed Key Generation (DKG): Ensures that the full private key is never assembled in a single location.
- Transaction Permissions Framework: Allows granular control over transaction signing across multiple applications.
With 2-of-2 Distributed MPC, one key share lives in secure enclaves on the user's device, secured with a passkey, and the other is encrypted in the cloud using HSM-backed infrastructure. The full private key is never assembled, leveraging distributed key generation ceremony, meaning:
- Para and the app never have full key access
- Users maintain cryptographic control over their assets
- Wallets can be exported, migrated, or recovered independently
This is a fundamentally different model from custodial or semi-custodial wallets, which create hidden custody and platform lock-in risks when they store and control private keys on behalf of users.
Flexible Add-Ons
Build the security and resilience your business needs, on your terms. Para supports configurable add-ons like 2FA, passkeys, biometric factors, and recovery flows – so you can adapt as your requirements evolve.
Transaction Permissions
Transaction Permissions provide granular control over transaction signing across applications by enabling user-facing confirmation dialogues. Applications can configure Para-managed prompts that require users to manually approve or deny any transaction or message signing event. It can be enabled for all wallets and transactions within a single application, offering a simple way to handle transaction approval without building custom UX.
Future Proof
Most embedded wallet providers lock builders into closed systems. Switch vendors, and you risk users losing access or facing a painful migration.
With Para, wallets are fully universal. Users can take their wallets anywhere, even without Para support. Private keys can be exported and recovered outside the original app, and teams can shift infrastructure without breaking the user experience.
Nitya Subramanian
WalletConnect Compatibility
Users can connect their Para accounts to third-party applications, such as Uniswap, via WalletConnect, eliminating the need for a separate extension wallet like MetaMask. For example, a user can log into your app with Para, then seamlessly sign into Uniswap through WalletConnect to execute a token swap. This integration ensures interoperability without requiring Uniswap or other applications to provide native Para support.
Para Recovery and Censorship Resistance
Traditional non-custodial wallets trade usability for control. Losing your seed phrase means users lose the wallet forever. Para avoids this with a recovery model that uses passkeys and Distributed MPC, eliminating the need for remembering a seed phrase entirely.
Each wallet is tied to a passkey secured by the user’s device (via iCloud Keychain, Android Keystore, etc.). If a user loses access, your app can trigger a recovery flow, where the user reauthenticates and a new key share is generated using Distributed Key Generation (DKG).
No single party (including Para) can access the full key, but users can regain full control with the right credentials. Para can never unilaterally sign transactions on behalf of users, and users can exit Para’s system whenever they choose. We have made available a fully offline, open source utility that can always be used, either via CLI or made available in hosted form by a third party.
Want to integrate non-custodial embedded wallets? Get started or get in touch!
