Beyond Canister Control: Inside the Menese Protocol's Canister-User Threshold Signing Breakthrough

The Internet Computer (ICP) has long championed the concept of "chain-key cryptography," enabling canister smart contracts to natively hold keys and sign transactions across foreign blockchains like Bitcoin and Ethereum. However, a latent vulnerability has persisted: if a subnet's node providers are compromised, or if a rogue actor manages to breach a Secure Encrypted Virtualization (SEV) hardware enclave, the canister’s private key shares could theoretically be reconstructed.

To eliminate this systemic risk, the developers behind Menese Protocol—a multichain execution infrastructure backed by Egypt's Mercatura Forum—have announced a paradigm-shifting breakthrough: Canister-User Threshold Signing.

The 2-of-2 Split: Dual-Sided Protection

At its core, the new protocol introduces a 2-of-2 Multi-Party Computation (MPC) signature scheme. Instead of the canister generating and holding the entire signing key through the subnet, the cryptographic key is split:

• Share 1 lives on-chain, managed securely by the decentralized canister.
• Share 2 is kept locally by the user (e.g., on a smartphone or local browser extension).

This division creates a dual-sided security shield that solves two of Web3's biggest security headaches at once:

1. Immunity to Subnet Compromise

Even if node providers collude or a hardware-level exploit leaks the state of a canister on an SEV subnet, the attackers only gain access to one key share. Without the user's local share, they cannot construct a valid signature or move a single cent. The network is rendered mathematically incapable of acting unilaterally.

2. Programmable Defense Against Local Hacks

Conversely, if a user’s local device is compromised by malware, the hacker cannot steal the funds. Because the canister holds the second key share, it acts as an active, on-chain policy engine. Developers can program the canister to enforce multi-factor authentication, daily transaction limits, or trigger a social recovery cooldown if suspicious activity is detected.

Under the Hood: Speed and Post-Quantum Security

Multi-party threshold signing is notoriously resource-heavy, but the Menese team has bypassed performance bottlenecks by implementing an asynchronous presigned pool. The canister pre-computes signing components during idle periods. When the user requests a transaction, the protocol consumes a pre-signature to finalize the process in just 5 seconds, with active optimizations underway to drop latency to a mere 2 seconds.

Furthermore, the protocol is built to support a variety of cryptographic curves, including cutting-edge post-quantum algorithms, ensuring long-term resilience against future computing threats.

Ultimately, this breakthrough elevates the Internet Computer from a trusted cloud to a zero-trust execution layer, putting absolute sovereignty back where it belongs: in the hands of the user.