MPC wallets enable parties to share the responsibility of signing and encrypting data without any single party holding a complete private key. Cryptographic applications use multi-party computation (MPC) to generate digital signatures or decrypt data without sharing private inputs.
MPC wallets use a threshold signature scheme (TSS) to create shares of a private key. Through a process known as distributed key generation, the party distributes shares between the parties responsible for computation.
None of the parties ever hold a complete private key. Instead, they each hold a piece. The parties must always work together to create a public key (which is cryptographically derived from all shares of the private key) and signatures of transactions.
Organizations like exchanges, custodians, and other large digital asset businesses often prefer MPC wallets because this technology prevents trust in any single employee with a single key to assets.
Indeed, this kind of wallet require multiple parties to sign each transaction, reducing the risk of an ‘inside job’ or other rogue employee event.
Benefits and drawbacks of MPC wallets
Unlike wallets controlled by a smart contract, MPC wallets don’t depend on any specific protocol. MPC-compatible hardware wallets like Cypherock can interact with multiple blockchains because the MPC set-up mechanisms can remain on-device. Of course, although software wallets are less secure than air-gapped hardware wallets, software-based MPC wallets can similarly generate compliant signatures across multiple blockchains.
Some schemes like Lit Protocol can interact with off-chain data through HTTP requests, potentially making MPC useful for web properties. MPC wallets lack a single point of failure because no single device has all the information needed to reconstruct the private key.
They also lack seed phrases. As previously mentioned, MPC wallets conduct distributed key generation and never possess an entire private key from which to derive a seed phrase. So, MPC carries an added benefit: no one can use a conventional seed phrase to reconstruct an MPC wallet on an unauthorized device.
Of course, there are two sides to every coin. No seed phrases means MPC wallet owners can’t enjoy the peace of mind offered by conventional seed phrase recovery processes.
In terms of transaction fees, broadcasting a transaction onto a blockchain from an MPC wallet is no more expensive than a non-MPC wallet because the blockchain processes it as a single-signature transaction. This feature keeps transaction fees under control.
Adjusting the threshold signature scheme
Most of these wallets allow adjustments to their threshold signature scheme as an organization’s needs change. For example, as an organization grows, it might need to add more devices that hold a share of the original private key.
Adjusting the threshold signature scheme can improve security by making it more difficult for a dishonest actor to coerce cooperation from a quorum of key shares.
On the other hand, the ability to modify the threshold signature scheme creates more organizational ‘overhead’ in the form of policies and procedures for securely handling key shares. Lost key shares can be recovered offline but require additional security because each share is, mathematically, still a portion of a private key. It also requires routine audits and operational standards for using the wallet.
Most hardware wallets don’t support MPC
The two largest hardware wallet manufacturers, Trezor and Ledger, don’t support MPC. Ledger’s corporate stance is that they’re not easy to use by the typical customer.
Ledger called MPC wallets a relatively new application with untested security. It cited a lack of compatibility with seed phrase restoration processes. Ledger referred to an academic paper that described a security weakness in most implementations of the fixed-key advanced encryption standard (AES) that MPC wallets use.
Security professionals often favor fixed-key AES when implementing a symmetric key encryption cipher to encrypt data. However, a team of researchers found that it often gets implemented in a way that leaves gaps in the security proof.
In summary, MPC wallets have many unique features to secure an organization’s assets. Nevertheless, multi-party computation is not appropriate for the average user.
These wallets allow multiple parties to share the responsibility for managing a digital asset wallet that can hold an unlimited quantity of money. MPC has major drawbacks: no seed phrase recovery, and the need for organizational policies for managing unique key shares. In all, certain organizations prefer to use MPC to improve the ability to avoid putting their digital assets in the hands of a single party.