> ## Documentation Index > Fetch the complete documentation index at: https://developers.circle.com/llms.txt > Use this file to discover all available pages before exploring further. # Key management > How Circle Wallets secures keys with MPC and passkeys across developer-controlled, user-controlled, and modular wallets. Circle Wallets secures keys differently depending on the [wallet product you choose](/wallets/account-types). Developer-controlled and user-controlled wallets use [multi-party computation (MPC)](#multi-party-computation-mpc). Modular wallets use [passkeys](#passkeys). The following table summarizes how keys are secured for each wallet type. | Wallet type | Key type | Who controls | Where keys live | | ------------------------ | -------- | ------------------------------------------- | ----------------------------------------------- | | **Developer-controlled** | MPC | You, using the entity secret | Circle-hosted MPC nodes, or self-hosted | | **User-controlled** | MPC | Your user, using their key shard credential | Circle-hosted MPC nodes | | **Modular** | Passkey | Your user | Your user's device (with optional cloud backup) | ## Multi-party computation (MPC) MPC splits the private key into shards held by separate parties, so no single party ever holds the complete key. This means a compromised server or stolen credential alone cannot leak the full key. ### Developer-controlled wallets Developer-controlled wallets use 2-of-2 MPC. You can let Circle host both nodes, share hosting with Circle, or host both nodes yourself. Circle offers a key backup and recovery tool. [Contact Circle](https://help.circle.com/s/submit-ticket?language=en_US) to learn more about this tool, or to set up shared or self-hosted node hosting. * **Circle hosts both nodes (default):** Signing is protected by an [entity secret](/wallets/dev-controlled/entity-secret-management#entity-secret-ciphertext) that you create and store on your server. The entity secret is required to create wallets and sign transactions. This option is ideal for getting started with minimum setup effort. * **Shared node hosting:** You and Circle each host one MPC node. Circle provides a keyguard service that you host on your servers to authorize signing before every transaction. This splits private key management across two parties on different servers. * **You host both nodes:** You host both MPC nodes with the keyguard service authorizing signing for every transaction. This setup may be required in certain regulatory jurisdictions. The following diagram shows how signing is split across two servers in shared node hosting. ```mermaid theme={null} flowchart TB subgraph circle["Circle"] direction TB cw["Circle Wallets"] kms["Key management service (KMS)"] node1["Circle MPC node"] cw --> kms kms -->|"Circle's key share"| node1 end subgraph you["You"] direction TB server["Your server"] verify["Your verification logic"] kg["Circle keyguard service"] node2["Your MPC node"] server -.->|"Transaction details"| verify kg -.->|"Transaction details"| verify verify -->|"Approval"| kg kg -->|"Your key share"| node2 end server -->|"API request to create a transaction"| cw node1 <-->|"Message queue"| node2 ``` ### User-controlled wallets Circle uses 2-of-2 MPC for user-controlled wallets and hosts both nodes. Only your users can sign after they [authenticate](/wallets/user-controlled/authentication-methods) with social login, email + OTP, or PIN. **Backup and recovery:** If your users forget their PIN, they can recover account access by answering security questions. See [Recover an account](/wallets/user-controlled/recover-account). ## Passkeys Modular wallets use passkeys as signers. Passkeys live in the secure enclave (a dedicated security chip on the user's device), so only your users can sign transactions. **Backup and recovery:** Your users can back up their passkeys using the FIDO2 backup standard supported by iCloud, Google Drive, and password managers like 1Password.