Create holder groups

​

What are holder groups?

To use MPC Wallets, you first need to create holder groups. There are 3 types of holder groups: Main Group, Signing Group, and Recovery Group.

​

Main Group

Creating a Main Group is mandatory before you can create an MPC Wallet. You may begin to use the MPC Wallet once the Main Group is successfully created. As best security practices and to ensure the utmost safety for your assets, it is a good idea to set up your Signing Group and Recovery Group as soon as you can, and back up all holder groups. You can create multiple Signing Groups to cater to your business requirements, but it is recommended to create only one Recovery Group. (Best security practices for your holder groups available soon on our Developer Hub.)

​

Create a Main Group

When creating the Main Group for your MPC vault, you have the option to choose either mobile co-signer or API co-signer. Make sure you understand the primary purposes and prerequisites of each co-signer type in the table below before proceeding further.

Co-Signer Type	Mobile Co-Signer	API Co-Signer
Primary Purposes	The mobile co-signer is an organization member who uses Cobo Guard to securely sign transactions. Their TSS Node ID is generated by their Cobo Guard. If you are using the WaaS 2.0 API to create a holder group, you can copy the TSS Node ID in your Cobo Guard by tapping > My Public Key > TSS Node ID > Copy TSS Node ID.	The API co-signer is a server node that utilizes the TSS Node package to automatically sign transactions. Its TSS Node ID is generated using the provided TSS Node software package and must be done before setting up the wallet. See TSS Node Technical Setup for further instructions.
Prerequisite Steps	Your chosen key share holders need to: Download Cobo Guard. Set up Cobo Guard as a Multi-Factor Authentication (MFA) method of their Cobo Accounts. Be added to your organization as a member.	Your chosen key share holders need to provide you with their generated TSS Node ID. See TSS Node Technical Setup for further instructions.

After you’ve chosen a co-signer type and set up the prerequisites, follow the instructions below to create a Main Group. Note: Only the users who have been assigned the Operator user role in the organization can create a Main Group.

1. Log in to Cobo Portal.
2. Click > MPC Wallets.
3. Select your vault and then click Create Main Group under the vault name.

4. On the Create Main Group dialog, navigate to the Key Share Holder 2 section, and then complete the following configurations:

   • To use Mobile Co-Signer, select a Holder (the TSS Node ID will be filled in automatically), then click Confirm.

   • To use API Co-Signer, enter a Holder name, fill in the TSS Node ID generated using the TSS Node software package, then click Confirm. See TSS Node Technical Setup for further instructions.

5. Inform the relevant key share holder to confirm on their end.

   • Notes:
     • If using mobile co-signer, a Confirmation page appears on Cobo Portal. Please remind the selected key share holder to to confirm in their Cobo Guard. On the selected key share holder’s Cobo Guard app, tap the Security Verification message to open the Security Verification page. Review the information, then click Yes, it is me. A Become Key Holder message will soon then be sent to the key share holder’s Cobo Guard, click it to open the Become Key Holder page, review the information, then click Approve. Selected key share holder should now tap the Generate Key Shares banner on their Cobo Guard to enter the My Account page, tap Pending Key Generation under Key Shares to enter the Key Shares page. On the Key Shares page, click Start to enter the Generate Key Shares page. The key generation process will begin. Click OK when the Key Generation Success message is displayed on Cobo Guard.
     • If using API co-signer, ensure to bring the TSS Node online within 24 hours. The confirmation process is completed as soon as the TSS Node goes online.

6. Once the key generation process is completed in step 5, the Group Status will show as Active.

   You might need to refresh the Cobo Portal page to see the updated result.
   A default wallet will be automatically created for this vault upon successful key generation.

​

Signing Group

Signing Groups are created using the Main Group. You can create multiple Signing Groups for different members depending on your business needs.

​

Create a Signing Group

Similar to creating the Main Group, you have the option to choose either mobile co-signer or API co-signer when creating the Signing Group. Make sure you understand the primary purposes and prerequisites of each co-signer type before proceeding further.

After you’ve chosen a co-signer type and set up the prerequisites, follow the instructions below to create a Signing Group. Note: Only the users who have been assigned the Operator user role in the organization can create a Signing Group.

1. Log in to Cobo Portal.
2. Click > MPC Wallets.
3. Select your vault and then click on the upper right hand corner.
4. In the Key Group Management page, click Signing Groups > Create Signing Group.

5. The Signing Group creation process is the same as the Main Group creation process. See Create Main Group for detailed instructions.

​

Manage Signing Group

​

Convert Signing Group into Main Group

In certain situations, you may want to convert a Signing Group into the Main Group. For example, if the current owner of the Main Group is leaving the organization and you need to assign a new person to own the Main Group, you may choose to convert a specific Signing Group into the new Main Group.

Follow the instructions below to convert a Signing Group into a Main Group.

1. Log in to Cobo Portal.
2. Click > MPC Wallets.
3. Select your vault and then click on the upper right hand corner.
4. In the Key Group Management page, click Signing Groups and then select the Signing Group to be converted.
5. Click Upgrade to Main Group.

6. Click Confirm to upgrade the Signing Group to the Main Group.

7. The Signing Group is now the Main Group. Note: If there was only one Signing Group before the conversion, the list of Signing Groups will become empty post-conversion.

​

Delete a Signing Group

Follow the instructions below if you want to delete a Signing Group.

1. Log in to Cobo Portal.
2. Click > MPC Wallets.
3. Select your vault and then click on the upper right hand corner.
4. In the Key Group Management page, click Signing Groups and then select the Signing Group to be deleted.
5. Click Delete Group.

6. Click Confirm to delete the specified Signing Group.

7. The specified Signing Group is now deleted.

​

Recovery Group

Recovery Groups serve two main purposes: Recover the whole private key and create a new Main Group if your Main Group and backup copy are lost or compromised. To learn more about backup and recovery, see Back up holder groups and Recover key shares.

Similar to creating the Main Group and Signing Group, you have the option to choose either mobile co-signer or API co-signer when creating the Recovery Group. Make sure you understand the primary purposes and prerequisites of each co-signer type before proceeding further.

After you’ve chosen a co-signer type and set up the prerequisites, follow the instructions below to create a Recovery Group. Note: Only the users who have been assigned the Operator user role in the organization can create a Recovery Group.

​

Create a Recovery Group

Note: You must first create the Main Group before creating a Recovery group. Follow the instructions below to create a Recovery Group.

1. Log in to Cobo Portal.
2. Click > MPC Wallets.
3. Select your vault and then click on the upper right hand corner.
4. In the pop-up window, select a Recovery Group mode and click Confirm.

• With Cobo Participation: A 2-3 signature scheme will be used. Cobo holds one key share, and the remaining two key shares are held either exclusively by your Organization or jointly with a third party.
• Without Cobo Participation: A 2-2 signature scheme will be used. Cobo does not hold any key shares. The two key shares are held either exclusively by your Organization or jointly with a third party.

5. If you select With Cobo Participation, follow the instructions below to complete the creation:

• Select either Self Recovery or Third-Party Recovery. Self Recovery requires key shares held by Cobo and your Organization, while Third-Party Recovery requires key shares held by Cobo, your Organization, and your trusted third-party.
• Select your key share holders.
  • To use Mobile Co-Signer, select a Holder (the TSS Node ID will be filled in automatically).
  • To use API Co-Signer, enter a Holder name, fill in the TSS Node ID generated using the TSS Node software package.

6. If you select Without Cobo Participation, follow the instructions below to complete the creation:

• Select either Self Recovery or Third-Party Recovery. Self Recovery requires key shares held by your Organization, while Third-Party Recovery requires key shares held by your Organization and your trusted third-party.
• Select your key share holders.
  • To use Mobile Co-Signer, select a Holder (the TSS Node ID will be filled in automatically).
  • To use API Co-Signer, enter a Holder name, fill in the TSS Node ID generated using the TSS Node software package.

7. Click Confirm.
8. The status will show “Pending Key Holder Confirmation”. Inform all key share holders to confirm on their ends. See Generate and back up your key shares for instructions on how key share holders can conduct this confirmation process.
9. Once all key share holders have confirmed on their Cobo Guard apps, wait for the key generation process to conclude, then the Recovery Group will be created.

​

Delete a Recovery Group

Follow the instructions below if you want to delete a Recovery Group.

1. Log in to Cobo Portal.
2. Click > MPC Wallets.
3. Select your vault and then click on the upper right hand corner.
4. In the Key Group Management page, click Recovery Groups and then select the Recovery Group to be deleted.
5. Click Delete Group.

6. Click Confirm to delete the specified Recovery Group.
7. The specified Recovery Group is now deleted.
   Did you find this document helpful? Please submit feedback to share your thoughts with us.