Multi-Party Computation (MPC) is a cryptographic protocol that distributes a computation across multiple parties where no individual party can see the other party’s data.
That's the stock definition of multi-party computation.
What makes it relevant to crypto?
In this post, I'll walk you through everything you need to know about MPC and what makes it relevant to digital asset custody. And why one of the best strategies for protecting your assets is to use multi-party computation!
Traditionally when we think about custody of our assets we think of someone holding those assets on our behalf.
Now, historically that may have been accurate and for certain items it still is. Take gold as an example, gold has to be stored somewhere. Either we take the risk of storing it in our homes or at a bank, or we use a custodian to securely hold our gold deposits.
Then there are stocks and shares. Now whilst other securities were traditionally held as physical securities such as paper share certificates, custody of securities has evolved and today most organisations don’t hold physical share certificates. Instead those shares are held in third party databases such as CREST. And intermediary brokers hold securities in their CREST accounts on behalf of the underlying investors.
When it comes to digital assets, like Ethereum, there’s no asset to custody. Instead, there’s an on chain ledger that determines who owns what.
So when we talk about custody of digital assets, what are we actually custody-ing?
The answer to that is the private keys.
Your Ethereum Private Key represents who you are, and is used to control access to your assets in the Ethereum network such as Ether or smart contracts. The key itself is 32 random bytes of data that looks something like this:
So when we talk about custody of digital assets we’re talking about who is responsible for this private key and how secure it is.
And this is where MPC comes in.
MPC can be used to secure your private keys.
If you’re familiar with multi-sig then this should be straightforward for you. Because, similar to a multi-sig, MPC requires multiple parties to approve your transactions. The difference is that with MPC there’s only one private key. And that private key has been broken down and spread across multiple devices.
With MPC your private key is split into shards (or pieces). These shards are encrypted and distributed amongst your trusted parties on separate devices. The key shards don’t need to be reassembled on a single device. So you can keep each piece of the key completely separate and avoid ever having a single point of failure. But how can you sign transactions with MPC?
Well, each of the key shards can be used mathematically on separate machines to apply their piece of the key to sign a transaction. When you set up your MPC wallet, you decide the threshold for signing a transaction on your wallet. This could be ‘2 of 3’, or ‘3 of 5’, or ‘5 of 8’, etc. Only after ‘m’ of the parts have applied the mathematical function is the signature valid.
This means that no one party ever has the entire key. And the entire key is never present on any device. But the parties can still come together to sign a transaction.
The concept of secret sharing originated in 1979 with Adi Shamir. The idea being that a secret could be distributed amongst a group of people in such a way that no individual holds any intelligible information about the secret, but when a sufficient number of individuals combine their 'shares', the secret may be reconstructed.
This became known as Shamir’s Secret Sharing (SSS) and was one of the first secret sharing schemes in cryptography.
Shamir's secret is used to secure a secret in a distributed way, most often to secure other encryption keys. The secret is split into multiple parts, called shares, which individually should not give any information about the secret.
To unlock the secret via Shamir's secret sharing, a minimum number of shares are needed. This is called the threshold, and is used to denote the minimum number of shares needed to unlock the secret. An adversary who discovers any number of shares less than the threshold will not have any additional information about the secured secret - this is called perfect secrecy.
MPC offers one significant advantage over Shamir's secret sharing. In the case of Shamir's secret sharing, the independent pieces of a key need to be re-assembled on a single machine before they can be used to create a signature. This creates a single-point-of-failure on the machine where the key is re-assembled.
MPC, by contrast, does not require the parts to be reassembled on a single machine. Instead, each of the parts can be used mathematically on separate machines, and only after ‘m’ of the parts have applied this mathematical function is the signature valid. This allows each of the parts to remain completely separate and avoids the single-point-of-failure.
Looking for an MPC solution to protect your treasury assets? Krayon's got you covered! Our treasury management platform uses multi-party computation to safeguard your digital assets. Contact us to request a demo today.