Guardian: Role-Gated MPC Wallets for AI Agents

AI agents on blockchains need wallets that work without human intervention—yet no single component should be trusted with the full private key. Existing approaches force a choice: hot wallets grant autonomy but no constraints; smart accounts enforce on-chain policies but with gas overhead and scoped session keys; and multi-party computation (MPC) wallets treat all co-signers as interchangeable.

We present Guardian Wallet, a role-gated MPC wallet where the private key is split into three shares, each bound to a distinct operational role: the agent
  (autonomous execution), the governor (policy enforcement), and the sovereign (human oversight). Any two of the three shares can co-sign a transaction, but each
  pair carries different authority: normal operation, manual override, or emergency bypass. The governor only releases its share after policy checks pass, making
  the wallet role-gated: which pair co-signs determines what is allowed.

We validate this design on Ethereum using the CGGMP threshold ECDSA protocol. Key generation completes in 1 s with pre-computed auxiliary data, signing takes 1.1 s median on localhost, and policy evaluation adds under 2 ms. We compare against smart accounts, hosted MPC wallets, and decentralised MPC using verified production deployments.