A Deep Dive into TSS-MPC: Dynamic’s Focus on Security and Flexibility

Imagine trying to solve a puzzle with your friends where each of you holds a unique piece, but the rules state you can never combine all the pieces in one place. Instead, you must work together, each contributing your part, to reveal the final image without ever showing your full piece to anyone else. This concept of collective problem-solving is the essence of Multi-Party Computation (MPC).

Why is Multi-Party Computation (MPC) Important?

Multi-Party Computation (MPC) allows multiple parties to jointly compute a function without revealing their inputs to one another. Though now gaining traction, MPC has been studied by cryptographers since the 1980s. Due to computational complexity, early implementations were too slow for most consumer blockchain use cases, but recent advances have solved this and opened up new possibilities.

In crypto, MPC enhances security by never having a full private key exist. Instead, multiple shards of the private key are held by different and independent entities. In addition to no single entity holding the full key, the private key is never fully reconstructed, even during transaction signing. This eliminates the risk of a single point of failure.

It doesn’t just reduce risks like data breaches and key theft—it eliminates the need to ever expose a full private key. In 2019, regulators explicitly recognized MPC as an example model for self-custody wallets. Here’s how it works:

What is TSS-MPC?

Threshold Signature Scheme Multi-Party Computation (TSS-MPC) is a type of MPC designed for operations like signing transactions. Here are the core benefits of TSS-MPC:

• Distributed key generation: Instead of a single entity creating and storing a private key, TSS-MPC distributes the key creation process across multiple participants. This ensures no single party ever has access to the full key, even at the moment of generation.
• Distributed signing: Multiple participants can collaboratively sign transactions without exposing or reconstructing the private key. It’s not only ideal for non-custodial wallets but also for high-security, compliance-driven multi-party governance.
• Availability: TSS-MPC ensures operational continuity, even during outages. This removes dependency and introduces unique concepts such as recovery mechanisms.
• Threshold flexibility: You can adjust signing thresholds at any time (e.g., 2-of-3, 3-of-5) to match evolving security needs, making it more flexible than static MPC setups.
  ‍

How TSS-MPC Boosts your Security

Whether for individuals or organizations, TSS-MPC’s advanced approach to security offers strong safeguards for secure transactions. Below are key characteristics of TSS-MPC that enhance security for digital asset protection:

1. No single point of failure: By distributing key shares across multiple parties, TSS-MPC eliminates the risk of a single compromised device or server leading to total key exposure.
2. Resistance to attacks: Even if an attacker compromises one or more parties, they cannot access the full private key without exceeding the threshold required to reconstruct it.
3. Protection during signing: TSS-MPC ensures that the private key is never fully assembled during transaction signing, reducing exposure to keylogging or memory-based attacks.
4. Customizable thresholds: Organizations can set thresholds for key reconstruction, balancing security and usability according to their specific needs.
   ‍

Comparing TSS-MPC to Shamir Secret Sharing (SSS)

Shamir Secret Sharing (SSS) involves splitting a private key into multiple shares to enhance security. However, SSS differs from TSS-MPC in their approaches and has a few important drawbacks. Here are the main differences:

• Key reconstruction: SSS requires a set number of shares in a single location to fully rebuild the private key, briefly exposing it in the process. In contrast, TSS-MPC signs transactions using only the distributed key shares, so the private key is never fully reconstructed.
• Flexibility: While SSS is simpler to implement, it lacks the dynamic capabilities of TSS-MPC, which supports real-time signing and adjustable threshold policies. Organizations using wallets for active transaction signing often prefer TSS-MPC for its security and adaptability.
• Use cases: SSS is best for storing keys that are only needed occasionally. TSS-MPC, on the other hand, is ideal for high-security, continuous applications like institutional wallets, regulated crypto custody, and multi-party governance.
  
  

Pairing MPC with Trusted Execution Environments (TEEs)

Trusted Execution Environments (TEEs) create a secure enclave where computations take place, shielding them from external threats. By combining MPC with TEEs, cryptographic operations can be executed within a protected hardware environment. This approach ensures that critical operations happen within a tamper-resistant environment, while still enabling secure multi-party computations.

At Dynamic, we leverage TEEs to protect critical operations within a secure, tamper-resistant environment. Sensitive computations remain isolated, minimizing exposure to external threats. This adds an extra layer of defense beyond software-based security models. With this framework, we’re able to provide a multi-layered security model built for real-world use cases.
‍

Should a Key Be Split at All?

Another alternative is to secure the full private key within a highly controlled environment, and only decrypt it within a TEE. In this method, a key is stored in a secure database in encrypted form. When needed, the key can be securely decrypted and used within a TEE, ensuring it remains isolated from the broader system.

This approach works well in certain environments, but unlike TSS-MPC, server-side storage centralizes security. While it eliminates the complexity of multi-party computation, it does require trust in the provider itself. With TSS-MPC, this trust is distributed instead.
‍

Summarizing the Comparison

Why Dynamic Utilizes TSS-MPC

Traditional private key management forces a choice: self-custody with risk of loss or over reliance on centralization. TSS-MPC removes this tradeoff by distributing keys across multiple parties. This means that users stay in control without single points of failure.

Static approaches like Shamir Secret Sharing (SSS) introduce key exposure risks during reconstruction. Unlike SSS, TSS-MPC ensures that no single entity ever reconstructs or possesses the full key, making it the best fit for non-custodial wallets and institutional security. This eliminates a major attack vector while keeping security airtight. At the same time, TSS-MPC provides us with important capabilities such as the ability to refresh keys, or independently recover shares.

With TSS-MPC, users and organizations maintain full control over transactions. And while MPC historically has been too slow for consumer crypto use cases, new TSS-MPC protocols enable fast and distributed signing. Dynamic enables developers to integrate TSS-MPC easily, ensuring secure authentication without compromising user experience.

‍