API + MCP live · talk to us

// GLOSSARY

X25519

An elliptic-curve Diffie-Hellman key-exchange algorithm over Curve25519 — fast, compact, and widely trusted (used in TLS 1.3 and Signal). In trading infrastructure it lets a client encrypt secrets, like venue API keys, to a service's public key.

X25519 performs Diffie-Hellman key agreement on Curve25519: two parties, each with a keypair, derive the same shared secret without ever transmitting it. That shared secret then keys a symmetric cipher for the actual payload. The algorithm is a modern default — small keys (32 bytes), constant-time implementations, and deployment in TLS 1.3, SSH, and Signal.

Where it fits in trading infrastructure

The custody problem: you must give a routing service the ability to use your Kalshi or Polymarket credentials without emailing plaintext keys around. An X25519-based scheme lets your client encrypt the credentials to the service's public key at submission time — anything in transit or at rest in between sees only ciphertext, and only the holder of the service's private key (ideally hardware-guarded) can unwrap it, typically into an envelope encryption hierarchy for storage. This is the approach Mithril uses for venue-key custody.

What it doesn't do

Key exchange is one layer, not the whole story: it says nothing about who may use the decrypted key, when, or within what limits — that's authorization and risk limits. The full custody picture is in agent custody for prediction markets.