Learn more
Introducing the Dynamic Global Wallet Kit: A powerful toolset for developers to build ecosystems around their apps or chains!
Table of contents
Traditionally, crypto wallets were associated with one owner who controls one public/private key pair. Public-key cryptography, in turn, depends on keeping the private key actually private. This creates a significant burden on the key holder, who often has to keep the key safe, accessible and retrievable. Hence, the criticism follows that the average user is potentially not the best guardian of their private keys.
To tackle such criticism, an alternative would be to share the responsibility of the keys between multiple parties, a process that can increase safety and retrievability, but risks harming accessibility. Across crypto, two primary approaches have risen to handle such an option while holding accessibility nearly constant - multi-sig and multi-party computation.
Multi-signature, on the one hand, creates multiple locks and requires all or a quorum of the parties to approve a transaction. The number of keys and how they are distributed can be customized based on the security requirements of the wallet — a savings account may require a larger majority than a checking account. Conversely, to hack the wallet and steal the funds, the attacker would need to obtain multiple independent keys, which is a much harder task.
Multi-Party Computation (MPC), on the other hand, breaks a single key into shards, distributing them across locations and requiring a ceremony to put them back together using advanced math and zero-knowledge proofs. A new generation of wallets that leverage MPC has become popular due to its distributed key generation and malleable key management.
In this blog post, we cover the basics behind multi-signature setup and math, from MultiSig designs to the current generation of MPC wallets, and their impact on the market.
In the second installment of our Wallet Wars trilogy blog posts, we briefly mentioned multi-signature wallets such as Safe or Armory. MultiSig wallets were natively supported during the early bitcoin development and are probably the earliest example of multi-party key management.
MultiSig shares the responsibility for the vault’s security by multiplying the locks. Instead of a single key that locks the vault, MultiSig creates a vault with multiple locks and keys and assigns the keys to multiple parties.
Multiple keys are generated for a corresponding vault with multiple locks.
All or some of the keys are inserted into the locks
Pros:
Cons:
MPC stands for multi-party computation. It refers to a set of cryptographic techniques that allows multiple parties – each holding their own private data – to evaluate a computation without ever revealing any of the private data held by each party.
MPC enables key management in a distributed fashion by “breaking the key” into multiple parts – rather than a single owner having to be responsible for a private key, multiple parties can hold partitions of the private key, and some subset of them can come together to sign transactions.
Adi Shamir, an MIT cryptographer, published a paper in 1979 called 'How to Share a Secret.’ The author outlined a method to split hidden data into n pieces where at least k pieces were necessary to reveal the original secret (where k is greater than n/2). This method was known as Shamir's Secret Sharing Scheme (SSSS). The mathematical intuition behind SSSS is that for a given k point, we can find a polynomial equation with degree (k-1). For example:
The idea is to build a polynomial with degree (K – 1) such that the constant term is the secret code and the remaining numbers are random. The constant term can then be found by using any K out of N points generated from this polynomial by using Lagrange’s Basis Polynomial.
For example: Let the secret code S = 65, N = 4, K = 2.
This protocol maps very cleanly for public key encryption. The private key is the constant term. Each party receives one of the four points. When a signature is needed, any two parties/points suffice to reconstruct the polynomial and deliver the constant term/secret code. In other words, the key is “broken into multiple pieces” and the pieces are sufficiently redundant that you don’t need all four to reassemble a functioning key.
A regular-looking vault with a single lock is generated. A single corresponding key is generated, and split into multiple pieces.
All or some of the key fragments are assembled into a functional key.
Pros:
Cons:
Threshold Signature Scheme (TSS) addresses the shortcomings of both Multi-Sig and SSSS. TSS uses the same methodology as SSSS but distributes the key generation, so there is no single point of failure during key creation and key signing. As a result, each of the parties creates a key independently. They then combine forces to forge a modular lock where each module of the lock corresponds to one of the keys. This modular lock can be shaped so that even if only a subset of the keys is available, the vault can still be unlocked. In the end, the modular lock looks exactly like a regular lock.
To sign, each of the keys is used in turn to unlock the lock part of the way.
A regular-looking vault with a single modular lock is generated. Multiple corresponding keys are handed out to multiple parties.
Each key is inserted and can turn the lock to some small degree. All or some portions of the keys are needed to fully unlock the modular lock.
Pros:
Cons:
Over time, MPC and specifically TSS have gained popularity as a promising solution to the single user single key problem. One of the first consumer MPC wallets was pioneered by Israeli company KZen when they launched their self-custodial ZenGo wallet in 2019. ZenGo uses threshold signatures, with the two parties being 1) its own servers, and 2) the client’s phone or cloud storage.
Fireblocks, an enterprise-oriented MPC firm, provides institutions with crypto infrastructure to manage their assets through MPC wallets and participate in the decentralized finance market. They experienced an eightfold increase in the speed and throughput of transactions using their new MPC-CMP algorithm, which preprocessed signatures to reduce signatory processing delays. Earlier this year, Fireblocks raised $550m from investors valuing the company at $8 billion.
Japanese crypto exchange Liquid migrated its wallet infrastructure to use MPC technology after six years of service. The change had minimal disruption to users, only requiring them to start using the new wallet address that the exchange automatically generated. In April 2022, Liquid was bought by FTX for an undisclosed amount.
Meanwhile, the digital asset company Sepior provided users with a Do It Yourself (DIY) MPC wallet implementation where users and institutions could configure their wallets depending on their transaction latency, throughput, and scalability requirements. In July 2022, blockchain node infrastructure provider Blockdaemon acquired Sepior.
The MPC acquisition spree extended into this year when several established crypto firms acquired MPC wallet providers which had a sizable customer base: PayPal acquired Israel-based start-up Curv, which provided enterprise-grade MPC technology; Gemini purchased MPC technology developer Shard X; Coinbase bought Unbound Security; USD Coin issuer Circle took over crypto infrastructure start-up Cybavo.
MPC solutions are quickly gaining popularity (or are quickly acquired). Since the “vaults” and “keys” in the MPC paradigm are indistinguishable from regular ones, wallet providers can relatively easily switch from non-MPC to MPC protocols. Additionally, wallet providers might want to offer semi-custodial wallets that leverage MPC technology to split key management responsibility between a centralized party such as Coinbase or FTX, and the end user.
That said, multi-sig wallets wallets have continued to remain a strong option for advanced security. With free offerings from Safe, and a growing eco-system on top of it, including companies like Multis, it is far from a won battle. It seems that we’re still in early days of the multi-sig and MPC days, with MPC providing a promising approach as a key method for securing wallets without the need to remember mnemonic phrases or the risk of losing access to one's single key.
Share this article