Multi-party computation (MPC) is a cryptographic protocol that enables multiple parties to compute a single function based on their individual inputs without any input being revealed to the other parties. MPC wallets are a practical implementation of MPC technology, offering benefits such as security and efficiency of fund transfer.
A standard cryptocurrency wallet such as MetaMask relies on a single private key. However, financial institutions and custodians handling large amounts of digital assets require more advanced methods to secure funds. A single key represents a point of weakness for hackers to target, so it’s a cybersecurity risk that should be mitigated.
Furthermore, corporate compliance rules require that organizations delegate fund responsibility to multiple parties under segregation of duty arrangements to prevent fraud. This also makes single-signature wallets generally unfit for institutional purposes.
Multi-signature (MultiSig) wallets, which require more than one private key to approve transactions, emerged as an early solution. However, MultiSig wallets come with some limitations. One is that all activity is visible on-chain, meaning it’s easy for malicious entities to trace and target responsible individuals. In a small enough group of signatories, taking control of the wallet is also feasible.
MultiSig wallets also come with operational challenges since the immutable nature of blockchain means that a key setup is permanent and cannot be changed when a jobholder changes.
MPC wallets overcome these challenges, reducing the risks and efforts for institutions handling digital assets.
How do MPC wallets work?
MPC wallets use a form of cryptography called multi-party computation, which enables multiple parties to jointly compute a problem without ever revealing their individual inputs. When applied to a wallet, MPC is used to split the private key into shares stored in different locations and linked to different users. When a transaction is requested, each share must be computed from its respective location to authorize the transaction.
Although MPC wallets are now a leading use case of MPC cryptography, the discipline was conceived in the early 1980s by Andrew Yao, a Chinese computer scientist and computational theorist. Yao devised the “Millionaire’s Problem,” which describes a scenario where two or more millionaires want to know which among them is the richest, without any of them having to reveal their personal wealth.
The Millionaire’s Problem presents a cryptographic challenge – how can each party provide their inputs privately without disclosing them to anyone while still computing an accurate result? The second part is as critical as the first – nobody who deviates from the protocol should be able to force any honest party to generate an incorrect output.
During the following decades, cryptographers developed Yao’s work to the point that the first practical implementation of MPC took place in 2008, enabling an auction of agricultural crops in Denmark.
However, institutional digital asset security has emerged as the leading use case for MPC cryptography, thanks to its many benefits over alternative types of wallets. They have become a core component of the digital asset security stack used by leading custodians, including BitGo, ZenGo, Fireblocks, Liminal Custody, and others.
Benefits of MPC wallets
There are several benefits to using MPC wallets, particularly compared to other options such as MultiSig wallets.
Security
MPC wallets are difficult to hack since it’s impossible to access the private key in a single location. Even during transaction signing, each key shard is computed separately so that the full private key is never assembled in any one place. This means that a hacker would have to somehow steal every key shard from its location and decrypt them all to be able to intervene in a transaction. As a result, MPC wallets are highly resilient against many known forms of cyberattacks, such as phishing or malware, as there is no one person or system serving as a single point of vulnerability.
Privacy
Whereas MultiSig wallets use on-chain signatures, potentially exposing approving entities to hackers, MPC wallets offer enhanced privacy. The signature is submitted on-chain, but the signing process is carried out off-chain, meaning it’s private. The on-chain signature looks the same as any other wallet, making it indistinguishable as an MPC-enabled transaction. Thus, this level of privacy also helps to enhance security.
Operational effectiveness
MPC wallets offer more ease of use for institutions handling large sums of digital assets in a chain of custody under strict compliance requirements for several reasons.
Firstly, they can be faster and more agile to use than cold wallets, where transaction signing must take place offline before being broadcast on the blockchain network. Before MPC technology became more widely available, the inefficiencies of cold wallets meant that many custodians relied on more vulnerable hot wallets to meet daily operational funding needs.
MPC key shards can be stored online since there is little benefit for a hacker in stealing a single shard. Therefore, MPC wallets can be more efficient and enable faster deployment of capital than cold wallets, with comparable security.
Changing keyholders is also much easier than with an immutable MultiSig wallet. With MPC, the parties simply agree to generate a new set of encrypted key shares based on the same underlying key, so funds never need to leave the wallet.
Drawbacks of MPC wallets
MPC wallets also come with several considerations for institutions.
Slower approvals
While MPC wallets can be more efficient than cold wallets, they are potentially still slower to use than other types of online wallets due to the longer transaction times involved in computing multiple signature shards.
Companies must also consider the optimal organizational setup for obtaining approvals efficiently, given the requirement to coordinate multiple parties for a signature.
Complexity
MPC wallets are sophisticated tools requiring technical expertise and an understanding of the specific complexities of setting up multi-signature approvals. It’s necessary to engage a specialist provider or employ someone in-house with expertise in MPC wallets and how to use them.
Not bulletproof
A final consideration is that although MPC wallets offer state-of-the-art institutional digital asset security, they are not necessarily a cast-iron guarantee of fund safety in all circumstances. If a hacker were to find and decrypt all necessary key shards, they could still intervene in a transaction.
Nevertheless, MPC wallets are still among the most secure options for digital asset storage on the market, and their benefits outweigh the drawbacks for most custodians.
MPC wallets essentials
- MPC wallets are a type of institutional digital asset wallet using Multi-Party Computation, an advanced form of cryptography.
- MPC enables multiple parties to jointly compute a private key as an output without revealing their respective inputs.
- MPC wallets offer enhanced storage and transaction security and are more user-friendly for institutions where compliance rules require that multiple signatories approve a transaction.