Wamu

• Name: Wamu
• URL: https://wamu.tech/
• Category: multi-user threshold-signature wallet protocol / identity-bound signer middleware / decentralized-identity-authenticated MPC infrastructure
• Summary: Wamu is worth cataloging not as another wallet brand, but as a protocol attempt to bind multi-party threshold signing to user-controlled cryptographic identities without falling back to onchain multisig evaluation or centralized identity middleware. Its main move is unusual and analytically useful: each participant’s secret share is not simply stored as a local MPC shard. Instead, the share is split so reconstruction requires a deterministic signature from that participant’s associated identity. Around that core, Wamu adds peer-authenticated key generation and signing rounds, identity rotation, quorum-approved access-structure changes, and share-recovery flows designed for asynchronous consumer devices. That makes it a strong comparison point for Safe-style multisigs, institutional MPC wallets, threshold-signing research stacks, and identity-bound smart-account control systems.
• What it does:
  • Augments non-interactive threshold-signature schemes such as CGGMP20, and says the pattern can generalize to GG20, CMP20, and FROST-style schemes that tolerate asynchronous communication
  • Splits each party’s threshold secret share into a stored sub-share plus a second sub-share derived from a deterministic signature by that party’s associated cryptographic identity, so the identity signature becomes a prerequisite for reconstructing the live share
  • Adds peer-to-peer cryptographic-identity authentication to key generation, signing, and optionally key-refresh rounds through replay-resistant signed challenges
  • Defines identity-authenticated requests, identity challenges, identity rotation, quorum-approved requests, share addition/removal, threshold modification, and share-recovery procedures on top of the underlying threshold-signature protocol
  • Targets decentralized teams and mainstream users using ordinary consumer devices in asynchronous settings rather than controlled low-latency institutional environments
  • Supports backup and recovery flows where a signing share plus sub-share can be stored, optionally encrypted, on user-controlled secondary or device-independent storage without directly exposing the live threshold secret share
  • Publishes modular Rust crates that separate Wamu Core sub-protocols from a CGGMP20-specific augmentation layer
• Key claims:
  • The reusable mechanism is not merely threshold signatures for teams; it is identity-bound share reconstruction. Wamu makes a user’s external cryptographic identity signature part of what reconstructs the threshold-signing share, rather than only using the identity as an app-layer login or approval signal.
  • That gives Wamu a different control surface from Safe-style multisigs. Safe evaluates multiple signatures and policy onchain, while Wamu tries to keep policy and quorum approval offchain and emit a single threshold signature with ordinary-wallet interoperability.
  • It also differs from many institutional MPC wallet stacks because the project explicitly frames centralized identity infrastructure, synchronous networking, and operator-controlled environments as things to avoid rather than as normal assumptions.
  • The identity layer is the real chokepoint. Wamu says any cryptographic identity provider can work if signatures are deterministic and non-interactively verifiable, which means the practical trust model shifts into identity-key custody, signature determinism, recovery policy, and the peer network that verifies identity-authenticated requests.
  • The recovery design is analytically important. By backing up a signing share and sub-share pair that are still insufficient without the identity signature, Wamu tries to separate recoverability from raw secret-share exposure.
  • The biggest caveat is implementation maturity. The official Rust crates are explicitly labeled pre-alpha proof-of-concept software that has not been independently audited and should not be used in production.
  • Wamu belongs in the active corpus because it exposes a lower-layer shared-custody pattern that later MPC wallet, smart account, or identity wallet narratives often flatten away: identity authentication, share reconstruction, quorum approval, rotation, and recovery are all separate protocol surfaces.
• Whitepaper: Wamu publishes both an official whitepaper and a technical specification on its website. The strongest reviewed primary materials for this pass are collected in ../whitepapers/wamu-primary-sources-2026-05-13.md.
• Sources:
  • https://wamu.tech/
  • https://wamu.tech/whitepaper
  • https://wamu.tech/specification
  • https://github.com/wamutech/wamu-spec
  • https://raw.githubusercontent.com/wamutech/wamu-spec/master/README.md
  • https://github.com/wamutech/wamu-rs
  • https://raw.githubusercontent.com/wamutech/wamu-rs/master/README.md

Internal linkages

• Strongest comparisons: safe, turnkey, and chain-signatures.

• Use Wamu when the question is whether team-wallet control lives onchain, in a signer service, or inside identity-bound recovery and quorum workflows.

• Last reviewed: 2026-05-30 UTC