Migrate from MPC_SSS to MPC_TSS support multi chains

Help - Core-Kit CoreKit JS SDK
1

Hi Web3Auth team,

I’m working on migrating my Web3 wallet app from MPC-SSS to MPC-TSS using the MPC Core Kit, and I need some clarification for my architecture.

Current Setup:

  • My app currently supports both EVM and Solana chains.
  • When a user logs in, we generate:
    • One EVM address
    • One Solana address
  • We used MPC-SSS and a shared Web3Auth token ID for both chains.

Migration Plan:

Now I’m migrating to MPC-TSS, and I understand that Solana and EVM use different libraries and require different instances (e.g., EvmWeb3Auth, SolanaWeb3Auth).

:point_right: Question:
Can I still use the same Web3Auth token ID across both EVM and Solana instances in MPC-TSS?

  • Is this safe and recommended?
  • Will the underlying TSS shares stay in sync?
  • Any important considerations or limitations I should be aware of?

Goal:

I want to maintain a consistent identity across both chains while minimizing risk of conflicts or unintended side effects when handling multiple instances.

Thanks in advance for your support! Any guidance or best practices would be greatly appreciated.

2

Thank you for the detailed background and clear explanation of your migration scenario!

Summary of Your Query:

  • SDK: MPC Core Kit SDK
  • Migration: From MPC-SSS to MPC-TSS
  • Chains: EVM + Solana (multi-chain support)
  • Goal: Use the same Web3Auth token ID for both EVM and Solana instances in MPC-TSS, maintaining consistent user identity and minimizing risks/conflicts.

Key Points & Guidance

1. Web3Auth Token ID Usage Across Chains

  • Yes, you can use the same Web3Auth token ID to initialize both EVM and Solana instances with MPC-TSS.
  • This is the recommended approach for maintaining a unified user identity across multiple blockchains.
  • The token ID represents the authenticated user session, not a specific chain or key.

2. Underlying TSS Shares

  • When using MPC-TSS, the shares are generated and managed per user session, not per chain.
  • Both EVM and Solana instances will derive their respective keys from the same set of TSS shares, ensuring consistency.
  • The actual cryptographic keys will differ (secp256k1 for EVM, ed25519 for Solana), but the shares are anchored to the same user identity.

3. Best Practices & Considerations

  • Initialization: Make sure to initialize both EVM and Solana SDK instances with the same token ID after user login.
  • Session Management: If the user logs out or the session expires, both instances should be invalidated.
  • No Risk of Conflict: Since the underlying shares are managed by Web3Auth and are chain-agnostic, there is no risk of cross-chain key conflicts.
  • Key Derivation: Each chain SDK will derive its key appropriately from the user’s shares, so you get different addresses for EVM and Solana, but they’re always tied to the same user.

4. References

Summary Table

Aspect MPC-SSS MPC-TSS (Your Migration)
Token ID per user Shared across chains Shared across chains
Key shares SSS shares per user TSS shares per user
Chain-specific key derivation Yes (different addresses) Yes (different addresses)
Recommended for multi-chain Yes Yes

Conclusion

You can safely use the same Web3Auth token ID across both EVM and Solana instances with MPC-TSS. This will maintain a consistent user identity, and the underlying TSS shares will stay in sync. There are no major risks or conflicts with this approach, and it is in line with Web3Auth’s recommended multi-chain architecture.

If you need code snippets or further implementation guidance, let me know!

Let us know if you have any additional questions or run into any issues during your migration. We’re here to help! :rocket:

Note: This response was generated by an AI bot and may require further verification. The Web3Auth support team has tracked this issue and will be responding as soon as possible.

Additionally, we would recommend you to join our biweekly Office Hours to get this resolved even faster. Web3Auth Developer Office Hours

3

Follow-up Question: Add New Keyless Account with Both EVM + Solana

Thanks for your previous support! I have one more question regarding our planned feature.

New Use Case:

Our team wants to allow users to add additional keyless accounts (not just recover their original one).
Each new account will generate:

  • One EVM address
  • One Solana address
    (using separate EvmWeb3Auth and SolanaWeb3Auth instances)

Plan:

We plan to have our backend generate a new tokenId for each new account.
The frontend will then use that tokenId to initialize both EVM and Solana instances to create a new keyless account (with a fresh key for each chain).

:point_right: Question:
Is this approach feasible and supported?

  • Can we safely use the same new tokenId across two different instances (EVM + Solana) for the same account?
  • Any recommendation to ensure proper identity management and avoid conflicts?

Thanks again for your help!