Powering <5ms signing for 50M+ on-device wallets
How Privy provides the flexibility to balance speed, ownership, and control by leveraging on-device signing alongside TEEs
Debbie Soon
|Oct 2, 2025
Every transaction in crypto comes down to the same thing: a digital signature proving control of a private key. The critical architecture design choices around generating this signature lead to different levels of speed and control.
Privy’s on-device system enables 5ms signing speeds and secure signature generation directly on a user’s device. This is work we’ve built over 3 years, powering tens of millions of on-device wallets globally and optimizing every aspect of this deployment modality across security, performance, and ergonomics.
We’ve long understood that speed and security are two of the essential traits any wallet solution must provide customers. In order to power world-class applications across trading, banking and consumer, your wallet should be both fast and programmable.
This is why Privy natively offers powerful features like time-bound policies and has servers colocated with applications globally. Additionally, Privy enables you to configure the execution environment for wallets in your application. Simply put, a Privy wallet can be run on-device or in a Trusted Execution Environment (TEE) – a verifiable hardware environment run in the cloud.
Today, Privy is the only wallet provider to offer both on-device and TEE-based environments for wallet signing at scale.
In both cases, private keys are sharded and never stored in complete form. They are only temporarily reconstructed when needed, and can only be done so by the appropriate wallet owner. This means that Privy can never access keys on a user’s behalf, and also ensures that we avoid dependencies on a single infrastructure provider.
TEE-based signing: Keys are reconstituted in a secure enclave (TEEs built on Amazon Nitro Enclaves). Privy TEEs are distributed globally, allowing you to colocate with them for the fastest signing speeds of 100ms.
On-device signing: Keys are reconstituted in a secure, isolated environment on your user’s device enabling near-instant signing speeds (<5ms) and avoiding network round trips.
Our architecture enables you to configure wallet signing either on-device or in a TEE, letting you choose the best approach for your use case.
What is on-device signing?
With on-device signing, wallets are reassembled on the user’s device directly. The private key is generated locally, sharded into multiple key shares, and the shards are encrypted. Signing is performed in-memory only, in an isolated iframe environment on the user’s device.
With on-device execution, Privy secures wallets directly on user devices using browser-enforced isolation via iframes. This relies on the same browser security boundaries that have been battle-tested for decades, securing billions of dollars in daily financial transactions across the modern Internet.
The Privy iframe runs in a separate process with its own isolated memory space, completely separated from your application. This isolation is enforced by:
Authenticated, strongly-typed message passing
Browser process and memory separation
Strict origin and frame ancestor validation
Content Security Policy controls that strictly lock down network access
When a transaction needs to be approved:
The user authenticates their identity in order to enable wallet access
The app presents the payload (e.g. “swap 1 USDC for ETH”).
The device prompts the user for confirmation, typically using biometrics or passkeys if MFA is enabled.
The device reassembles the private key in memory from encrypted key shares to sign the payload and sends back only the signature.
The key never leaves the device, and the server never sees it. Key export is secured by user interaction directly with the secure iframe. This means applications can never access user keys.
Transactions feel instant since you don't have to wait for a network roundtrip to ask for a signature. The user also has direct authenticated control over the signing key and must be online for all wallet actions.
What is TEE-based signing?
With TEE-based signing, the secure enclave acts as the signing engine. The private key is generated and secured by a Trusted Execution Environment (TEE). On creation, the wallet private key is split into key shares, and shares are encrypted within the secure enclave. Reconstitution of the key can only occur with valid authentication and policy approval.
TEE-based signing is used for both enterprise key management and user-based applications. For user-based applications, when a transaction needs to be approved:
The user authenticates their identity in order to enable wallet access.
The app presents the payload (e.g. “swap 1 USDC for ETH”).
The user authenticates the wallet request from their client.
The secure enclave validates the request against configured policies (such as spend limits, whitelisted addresses, or required approvals).
The enclave reassembles the private key in memory from encrypted key shares to sign the payload and returns only the signature.
The key itself never leaves the enclave, and end-user devices never hold it.
Deciding between on-device and TEE-based signing
The right signing model depends on your product’s needs. Each approach comes with distinct strengths and tradeoffs. Where on-device signing limits the interaction model for the wallet, it has best-in-class speed. TEE reconstitution enables broad flexibility and control, at the cost of a network round-trip.
On-device signing enables:
Speed: Signing can take less than 5ms since they are generated locally with no network roundtrip.
Ownership: Users control their keys directly, and wallet interactions stem from in-app user action.
Best for: Consumer wallets or any applications designed to be on-device by default, including trading flows.
TEE-based signing enables:
Policy controls: Requests pass through policy checks (limits, approvals, allowlists) before being signed.
Auditability: Every action can be logged and monitored for compliance.
Automation: Allows applications to take actions even when users are offline, such as executing queued transactions or recurring flows.
Best for: Banking applications or any user apps that require policy enforcement, backend-driven flows, or onchain automation.
These systems are battle-tested and run at scale, with Privy securing tens of millions of wallets across both modalities globally.
Secure by design
All Privy wallets come with a broad set of opt-in protections designed to keep keys safe, whether they are signing on-device or in a TEE. Developers can enable the features that best fit their product, such as:
Transaction MFA: All wallet actions can require additional user-in-the-loop verification, such as with biometrics or passkeys.
HttpOnly cookies: Protect sessions by ensuring cookies are inaccessible to JavaScript and reducing attack surface.
iframe-gated key export: Key export is always gated by a direct iframe interaction, so apps never have your private key.
And more protections are on the way, including granular on-device policies, hardware-backed secure enclaves on mobile , and non-exportable CryptoKeys for direct on-device persistence.
Best of both worlds
In practice, many products can benefit from both modalities. Privy enables applications to make use of either. At the end of the day, you get fast, secure signing. Privy orchestrates the underlying systems that enable these powerful, flexible wallets.
Builders should not have to design their product to fit the limits of the infrastructure they choose.
Instead, your choice of infrastructure should adapt to the needs of your product — whether that’s giving end-users instant, local signing or powering enterprise-scale automation with secure enclaves.
Privy delivers both modalities seamlessly, with security at the core. Tens of millions of wallets already run on this architecture, and we’re just getting started — with new upgrades and protections that will shape how wallets are built for evolving and expanding use cases.
