Multi-signature wallets are now the norm for organizations managing cryptocurrency as they improve their security over one key wallet. In recent times, however, the latest technological advancements in cryptography Multi-Party Computation (MPC) are leading to a new era of management for keys.
MPC is being touted as the ‘holy grail of security and usability According to Michael J. Casey, the senior advisor for research on blockchain at the MIT’s Digital Currency Initiative.
However, as is the case with all technological advances confusion and misinformation are typical in the beginning. We make use of the latest advances in MPC and as a result we have spent a significant amount of time informing customers as well as regulators and partners about its use and usage instances.
In this article we’ll look at several of the main reasons why we believe that MPC and threshold signatures have outperformed multi-sig technologies and will ultimately provide the security and flexibility needed to be an entirely new type of security for private keys.
1. MPC Doesn’t Have a Single Point of Failure
Similar to a Multi-Signature configuration the private key in an MPC-based system is not stored or created in a single location. MPC technology safeguards keys from getting hacked by cybercriminals as well as from internal collusion and fraud, stopping any employee, as well as a group of workers, from stealing the digital assets.
2. MPC Solutions Are Protocol Agnostic
Some cryptocurrency protocols do not have Multi-Sig support and those that do, have very distinct implementations from each other. This makes it harder to Multi-Sig providers to work with new chains.
Additionally that, not all wallets allow transfer of funds from Multi-Sig smart contracts. This can cause a variety of issues and frictions with certain transactions when funds are transferred from an address associated with a Multi-Sig smart contract.
But, MPC is based on the standard digital signature cryptography (ECDSA also known as EdDSA) which is utilized in all blockchains, which makes the use of MPC feasible across different blockchains. That means that organizations who use MPC are able to quickly and effortlessly integrate new cryptocurrency on their platform.
3. MPC Technology Has Academic Validation and Practical Application
Although MPC technology was first used in the context of cryptocurrency wallets in the past It has been the subject of academic research since the beginning of the 1980s and has been subject to extensive public peer review.
In this regard, every vendor that uses MPC have enlisted and have invested heavily in the cryptographic assessment and penetration testing companies, like NCC Group, to review their MPC implementation.
Since MPC’s MPC implementation is independent of blockchain protocols (see the previous paragraph) The attack surface is very small and each review improves the implementation of all protocols. However, this isn’t the case for Multi-Sig solutions that are on-chain, since each protocol requires that the provider of the MPC wallet to use an entirely different protocol.
Some well-known examples of instances where bad Multi-Sig implementations failed:
The Multi-Sig Parity Wallet – Poor implementation led to malicious actors take around $30 million worth of Ethereum as part of one the largest hacks of wallets to this point.
Parity Wallet Hacked (Again) Hackers has gained access to the account and then frozen $300 million in Ethereum. A few customers have lost as much as 300k in digital currency.
Security vulnerabilities in Bitcoin Multi-sig discovered by the research team an issue with this Bitcoin Multi-Sig check implementation was implemented in development environments. However despite the widespread use of the source code, this vulnerability still persists.
4. MPC Technology Provides More Operational Flexibility
As your company grows and expands, you’ll need to modify the method of accessing and transfer of the digital asset. This includes deciding on the number of employees needed to sign transactions and adding key shares when you hire new employees and revoking key shares when employees depart and changing the threshold required to sign transactions (e.g. from 3 of 4 to 4 of 8).
In this case Multi-Sig addresses can present a variety of challenges to your company since they are already set in the wallet.
That means that when the wallet is established the ‘M of N structure is set. If you hire a new employee and you wish to change your signature on a Multi-Sig wallet 3 of 4 to 3 of 5, for instance, you’d have to:
a. Create a new wallet using the new scheme
b. Transfer all your assets to the new wallet
C. Notify all counterparies in your network that the address of your wallet has changed
The step (c) can be extremely difficult and risky as counterparties may mistakenly transfer funds to the old account. If they did, the funds will be lost for ever.
However, MPC allows for ongoing modifications and maintaining in the scheme of signatures. For instance, switching from a ‘3 of four setup to a different setup would require shareholders to be in agreement on the new distributed computation , as well as the creation of a new user share. This is where the Blockchain wallet’s address (deposit address) is kept, ensuring that:
There is no need to start a new wallet. an entirely new wallet
There is no need to transfer any money
Your counterparties are able to continue to use the current address
This makes the process of scaling up operations or making changes to how your team works effortless and will eliminate the possibility of losing money due to crucial operational adjustments.
5. MPC Allows for the Lowest Transaction Fees
Multi-Sig wallets regardless of whether they’re Bitcoin P2SH Multi-Sig , or Ethereum multi-sig based on smart contracts have higher costs than normal single-account transactions.
MPC-based wallets are identified in the blockchain system as one wallet address having the signature being computed on the blockchain. This means that they have the lowest possible fees for transactions.
This is crucial when you have to issue hundreds of transactions every day, particularly in B2C applications.
6. MPC-based solutions provide for hidden Signatures as well as Off-Chain Accountability.
Accountability is most likely to be one of the least understood aspects of an MPC-based system.
Although it might seem beneficial to an company to have transparency on the chain in the signing of signatures however, it actually creates an array of privacy concerns. But, more importantly it creates an issue with security since it instantly exposes the signature scheme and workflow to everyone.
Institutions might not want to disclose: who is able to sign, the number of users have signed up, and the number of users who are required to sign, and other confidential information, since it could create an attack surface physically the organization.
In addition, MPC offers off chain accountability to ensure that every co-signing element can verify which keys took part in the signing process without making it accessible to anyone else. For instance, some keep an audit log of keys that participated in every signing process, and customers who wish to can also keep an audit log at their own.
Additionally, because of limitations in relation to fees and mutability, certain Enterprise Wallet Providers who use Multi-Sig on-chain can only utilize the 2-of-3 signature scheme to sign their hot-wallets, regardless their customer’s organizational structure and policy (See the #4 and 5).
Most of the time, one share is with the wallet provider, while one share belongs to the customer and the other share is kept as a backup. But, since the share of the customer is distributed over all users of the client and when a transaction is executed, there is no cryptographic assurance that can be made to determine the user who used the share. Therefore, any claim of “accountability” untrue.
Solutions that are based on MPC However, they eliminate these weaknesses and are able to create a complete and reliable record that allows the true auditability.
7. MPC Technology Reinforces Hardware Isolation
Hardware Isolation Modules (HSMs and Secure Enclaves) are a crucial method of protecting cryptographic data in the event of a system breach. However, HSMs on their own aren’t enough to provide the most secure method of protect your private keys.
Similar to that, MPC alone is only one part of the solution.
This has led to the belief of the fact that MPC as well as HSMs are interchangeable technologies.
In contrast, the use of MPC as well as Hardware isolation devices, like HSMs, is crucial since HSMs on their own aren’t 100% bulletproof. (See this review on HSM technology).
Furthermore, applications that use HSMs are also affected by the fact that, if an authentication token, as well as the HSM clients are compromised an attacker could take over the wallet. In fact, compromising the credentials of the client or the transactions generation program is all it takes to accomplish this, and these things are not stored in the HSM.
We blend MPC and HSM technologies to dramatically enhance the security of the system and build a true secure defense in depth security structure.
This way the entire MPC important information is held and shared across hardware-isolated Intel SGX enabled servers (Intel’s Secure Enclave) and mobile device secure enclaves (TEE). Additionally the execution of the MPC algorithm as well as the policy Engine are all part of the secure enclave stopping malicious internal and external actors from altering the algorithm’s execution or the policy engine.
Conclusion
Institutions are aware that to compete they must make no compromise between security and accessibility. MPC technology allows businesses to take advantage of opportunities in the market and then deploy the digital asset in a safe environment, something that was simply not feasible before.
