# Threshold Signature Scheme ## Decentralized TSS Vaults Helios secures Bitcoin deposits with a **Threshold-Signature Scheme (TSS)** implemented on the MIDL layer. Vault keys are split among an on-chain **quorum of validators**; no single party ever controls a complete key. This design removes the single-custodian risk common in traditional solutions while retaining Bitcoin’s native settlement guarantees. ## Withdrawal Process - Three Mandatory Checks * **User Intent**: The depositor signs a **BIP-322** message that proves ownership of the UTXO. * **Validator Co-Signature**: A super-majority of validators jointly generate the TSS signature (t-of-N). * **Protocol Verification**: Helios smart contracts confirm the action aligns with protocol rules (e.g., loan repayment, liquidation) before broadcasting the transaction.\ Only when **all three conditions** are met does the vault release funds, ensuring continuous **self-custody** for the depositor. ## Additional Security Safeguards - Slashing & Watchtowers * **Economic Penalties**: Validators stake BTC that is **slashed** for invalid signatures or censorship. * **Fraud-Proof Window**: Each outbound spend is subject to a short challenge period, during which **independent watchtowers** can submit fraud proofs.\ A malicious validator majority cannot move assets without the depositor’s signature, and off-path signatures are rejected because the TSS key functions **only** through the custody module. ## Resilience & Recovery If validator liveness drops below safe thresholds, the protocol supports **on-chain validator rotation** and **time-locked recovery scripts**, enabling depositors to migrate funds without disruption. ## Institutional Alignment - Seamless, Revenue-Positive Integration **• Plug-and-Play Stack:** Helios relies on the **TSS primitives** already deployed by many enterprise custody platforms. **• Policy-Engine Continuity:** Existing **role-based approvals, velocity limits, and whitelists** map one-for-one to Helios contract calls, allowing operations teams to integrate the product without rewriting internal control matrices. **• New Yield Product:** A simple **“Bitcoin-native earn”** toggle can be added to current dashboards, giving clients access to DeFi returns while their BTC never leaves the base layer—enabling the provider to charge management or performance fees. **• Compliance by Design:** Real-time **Merkle solvency proofs**, Travel-Rule metadata feeds, and automated audit logs plug into existing reporting pipelines and preserve SOC 2 / ISO accreditation. **• Risk Ring-Fenced:** Slashable validator stakes, mandatory user co-signatures, and immutable contract guardrails eliminate rehypothecation risk and satisfy fiduciary capital-protection mandates. **• Competitive Differentiation:** Offering native BTC yield—without bridges or wrapped assets— that allows **1-block withdrawal** instead of long staking period broadens the custody provider’s product suite and positions it ahead of peers still limited to wrapped-token DeFi. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://helios-finance.gitbook.io/helios-finance/architecture/quickstart/threshold-signature-scheme.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.