Reasons MPC Is The Next Gen Of Private Key Security

Multi-signature wallets are now the norm for organizations managing cryptocurrency, as they boost protection of the assets over single-key wallets. However, recently, there have been new innovations in cryptographic technology in Multi-Party Computation (MPC) are setting the stage for a new age of key management.

MPC is now being described as the “holy grail” of both usability and security According to Michael J. Casey, head of blockchain research at the MIT’s Digital Currency Initiative.

As is the case with all technological advances there is confusion and misinformation frequent in the early stages. We are able to leverage the most advanced technologies in MPC and as a result we have spent a significant amount of time educating customers and regulators as well as other partners on its use cases and use cases.

In this blog we’ll look at some reasons why we believe MPC and threshold signatures are superior to multi-sig technology , and finally deliver on the flexibility and security that is required to become an entirely new type of private key security.

1. MPC Doesn’t have a single point of Failure

Similar to a Multi-Signature configuration a private key within an MPC-based solution is never made or stored in a singular location. MPC technology guards keys from getting compromised by cybercriminals as well as internal corruption and fraud. This prevents any employee, as well as a group of workers from stealing digital assets.

2. MPC Solutions Are Protocol Agnostic

There are not many cryptocurrency protocols that accept Multi-Sig and those that do, have very distinct implementations from one another. This makes it difficult for Multi-Sig providers to be able to accommodate new chains.

Additionally there are some wallets that do not allow transfers from Multi-Sig smart contracts. This causes various issues and friction with exchanges when funds are transferred from the Multi-Sig smart contracts address.

However, MPC relies on the standardized cryptographic signature algorithm (ECDSA or EdDSA) that is used in all blockchains, which makes the use of MPC feasible across different blockchains. That means that organizations who use MPC can swiftly and efficiently add new crypto currencies to their platform.

3. MPC Technology Has Academic Validation and Practical Implementation

Although MPC technology was first used within the cryptocurrency MPC wallet context only a few years ago, it has been the focus of academic research since the beginning of the 1980s and has been subject to extensive public peer review.

To keep this in mind, every vendor that uses MPC have enlisted and have invested heavily in security assessment and penetration testing providers, such as NCC Group, to review their system.

Since as the MPC implementation is incompatible with blockchain protocols (see #2 above) The attack surface is small, and each revision changes the implementation for all protocols. Unfortunately, this is not the case with the on-chain Multi-Sig option, because each protocol requires an MPC wallet service provider use a different code.

A few well-known examples of when poor Multi-Sig implementations failed:

The Multi-Sig Parity Wallet – Poor implementation caused malicious actors to take around $30 million worth of Ethereum as part of one the largest hacks of a wallet to date.
Parity Wallet Hacked (Again) – A hacker again gained access to the wallet , and then froze $300m worth Ethereum. Some customers may have lost up to $350,000 worth of their digital asset.
There are vulnerabilities in Bitcoin Multisig The team of researchers discovered A vulnerability in this Bitcoin Multi-Sig check implementation was utilized in development environments despite the widespread use of this software, the flaw still remains.

4. MPC Technology Provides Greater Operational Flexibility

As your company grows, you will need to alter the way you access and transferring the digital asset. This may include deciding the number of employees required to sign transactions or add new key shares once you have hired new employees or revoking shares after employees depart and changing the threshold required to sign transactions (e.g. from 3 of 4 to “4 of 8”).

In this instance, Multi-Sig addresses will bring a host of issues to your organization as they are pre-set in the wallet.

It means that once a wallet is created the ‘M of N structure is set. If an employee is newly hired and you need to alter the sign-off of your MultiSig wallet from “3 of 4” to “3 of 5,” for instance, you’d require:

a. Create a brand new wallet by using the new scheme

b. Transfer all your assets into the new wallet

c. Notify all counterparies in your network that the address for your wallet has changed.

Step (c) is extremely difficult and dangerous as counterparties could accidentally transfer funds to the old deposit address. If the funds were sent there, the funds will be lost for ever.

However, MPC allows for ongoing revision and maintenance for the Signature Scheme. For example, changing from a ‘3 of four set-up to a different set-up would require existing shareholders to agree on the new distributed computation as well as the addition of a new user share. In this way, the blockchain wallet address (deposit address) is kept in place, which means that:

There’s no need to set up the wallet from scratch.
There is no need to transfer any money
Your counterparties can continue to use the existing address

This makes the process of scaling operations or making any modifications to the way your team performs effortless. It also reduces the chance of loss of funds as a result of critical operational adjustments.

5. MPC Allows for the Lowest Transaction Fees

Wallets based on Multi-Sig regardless of whether they’re Bitcoin P2SH Multi-Sig or Ethereum multi-sig based on smart contracts come with higher charges as compared to regular single-account transactions.

MPC-based wallets are identified via the blockchain one wallet address having the signature being computed on the blockchain. This results in having the lowest fee possible for transactions.

This can be critical when issuing hundreds of transactions every day, especially in B2C applications.

6. MPC-Based Solutions Offer Hidden Signatures as well as Off-Chain Accountability.

Accountability is probably one of the least understood aspects of an MPC-based system.

While it may appear beneficial for an organization to have on-chain transparency in the signing of signatures however, it actually creates a slew of privacy issues. In addition, it also creates an issue with security since it instantly exposes the process of signing and the scheme to all.

Institutions shouldn’t divulge: who’s able to sign, the number of users have signed up, and the number of users who are required to sign, as well as other information that is sensitive, because it could potentially create a physical attack surface against that organization.

The alternative is that MPC provides off-chain accountability so that each co-signing component can check which keys participated in signing without it being made public to outsiders. Some, for instance, keep an audit log of the keys used in each signature cycle, while customers are, if they wish have the option to keep an audit record on their end.

Additionally, due limitations in relation to charges and mutability Enterprise Wallet providers that use Multi-Sig on-chain can only utilize an asymmetrical signature scheme of two signatures for their hot-wallets regardless of their customer’s organizational structure and guidelines (See #4 and #5).

Usually, one share is with the wallet service provider, one share is held by the customer and the other share is kept as a backup. But, since the share of the customer is distributed over all users of the client and when a transaction is made, there isn’t a cryptographic guarantee of knowing exactly the user who used that share. Therefore, any claim of “Accountability” not reliable.

Solutions based on MPC can, however, eliminate the flaws and allow to produce a comprehensive and accurate record that allows for true accountability.

7. MPC Technology Reinforces Hardware Isolation

Hardware Isolation Modules (HSMs and Secure Enclaves) are a vital method of protecting cryptographic data when the system is compromised. But they’re not enough to offer the most secure means of protecting your private key.

As well, MPC alone is only part of the equation.

As a result, this has led to a myth that both MPC as well as HSMs are interchangeable technologies.

In contrast, the use of MPC as well as the use of hardware isolation mechanisms, such as HSMs, is vital as HSMs are not fully bulletproof. (See this review of HSM technology).

Furthermore, applications that use HSMs are also affected by the fact that if the authentication token as well as the HSM client is compromised, an attacker can steal the funds from the. In fact, compromise of credentials for the client or generated transaction code all it takes for this, and these items don’t live inside the HSM.

We combine MPC and HSM technologies to dramatically enhance the security of the system and create a real defense-in-depth security architecture.

In this way the entire MPC essential content is packed and stored on hardware isolated Intel SGX server that is technology enabled (Intel’s Secure Enclave) and mobile device secure enclaves (TEE). Furthermore the execution of the MPC algorithm, as well as its Policy Engine are all implemented inside of the secure enclosure, preventing malicious external and internal actors from modifying the execution or policy engine.

Conclusion

Institutions are aware that to remain competitive it is essential to make no compromise between security and accessibility. MPC technology allows companies to identify markets and use their digital assets in a secure environment that was just not feasible before.