Multi-sig and MPC (multi-party computation) both prevent unauthorised parties from approving transactions by removing the single-point of compromise. But what's the difference between the two?
On this page, we'll explain:
1. What they are; and
2. Summarise the key differences between the two.
If you're still keen to know more after that, you can check out our in-depth blog post on the topic.
Let's dive right in!
Multi-sig refers to a multi-signature wallet - a wallet that requires two or more parties to sign and approve a transaction. Multi-sig works by requiring more than one key to be used to sign transactions before they can be executed.
MPC is similar to multi-sig in that it requires two or more parties to approve each transaction. However, there's one major difference. With MPC there is only one private key involved in signing the transaction. But the private key is sharded and distributed amongst trusted counterparties. Transactions are signed cryptographically by each key piece. And the pieces never need to come together. Meaning that the private key never exists in its entirety at any given time.
Now, this subtle difference offers MPC some major advantages over multi-sig.
Because multi-sig involves signing transactions independently with multiple keys, it must be supported by the protocol. However, not all protocols provide support for multi-sig. And those that do have very different implementations from one another. Which makes it difficult for multi-sig wallet providers to securely support new protocols.
In contrast, with MPC only the final signature is on chain. The key pieces each sign off chain. So MPC is protocol agnostic.
The fact that multi-sig depends on third party support means its limited when it comes to future innovation.
The access structure of a multi-sig is fundamentally tied to its wallet address. This means that if you want to change the access policy, to account for a user leaving the group or a new user joining the group, you can’t. The funds have to be transferred to a new multi-sig to accommodate changes to the policy configuration. This is a nightmare for fast-paced organisations.
With a multi-sig all signatures are recorded on chain making them visible to anyone willing to look. This means its possible for hackers to track and trace authorised persons on a multi-sig. It also means you can't have structural anonymity when it comes to your organisation's treasury, because anyone looking at the blockchain will know how many signatures are required to approve transactions for your multi-sig. And potentially who holds the private keys to your multi-sig.
Ok, so I've mentioned some of the drawbacks of a multi-sig. But how does that compare to MPC?
Well...
MPC is leaps and bounds ahead of multi-sig when it comes to securing your digital assets.
Here are just some of the reasons why:
As I mentioned above, MPC does not require protocol support because all of the key pieces sign the transaction off chain. Only the complete signature is used to approve transactions on chain. This means that MPC can be used securely with any protocol.
With MPC keys can be refreshed or recovered if lost or destroyed.
Changes to your policy configuration can be made without changing the public address. For example if you want to add a new user to the quorum or remove an outgoing employee, it's trivial to do so with MPC. You don't need to transfer funds out of the wallet or create a new wallet. You can add key shards without compromising on security.
None of the key pieces sign the transaction on chain. Only the final signature is one chain. So it's impossible for third parties to know who is involved in signing a transaction with MPC.
If you're interested in learning more about multi-party computation and how it compares to multi-signature wallets, check out the latest post from our team below. They explain exactly what isMPC and why it's better than multi-sig.
Looking for an MPC solution to protect your treasury assets? Krayon's got you covered! Our treasury management platform uses multi-party computation to safeguard your digital assets. It's a way better alternative to Gnosis. Make sure to Contact us to request a demo today.
