Multi-signature wallets have become the standard for institutions managing cryptocurrencies as they enhance the security of assets over single key wallets. Recently, however, new cryptographic breakthroughs in Multi-Party Computation (MPC) are ushering in a new generation of private key security.
MPC is now being hailed as ‘the holy grail of both usability and private key security’, according to Michael J. Casey, senior advisor for blockchain research at MIT’s Digital Currency Initiative.
But as the case with most technological developments, misinformation and confusion are common in the early days. At Fireblocks, we leverage the cutting-edge advances in MPC and as a result have spent a lot of time educating customers, regulators, and partners around its benefits, implementation, and use cases.
In this post, we’ll dive into some of the key benefits of MPC, and the reasons why we believe MPC and threshold signatures have surpassed multi-sig technology and ultimately deliver on the flexibility and security required to become the next generation of private key security.
1. MPC Has No Single Point of Failure
Similar to a Multi-Signature configuration, a private key within an MPC-based solution is never created or held in one single place. MPC technology offers private key security by protecting the key from being compromised by both cybercriminals and from internal fraud and collusion, preventing any employee, or group of employees, from stealing the digital assets.
2. MPC Solutions Are Protocol Agnostic
Not all cryptocurrency protocols support Multi-Sig and those who do, have very different implementations from one another. This makes it more difficult for Multi-Sig providers to support new chains.
In addition, not all wallets support transfers from Multi-Sig smart contracts. This causes various issues and friction with some exchanges when funds are moved from a Multi-Sig smart contract address.
However, multi-party computation works on the standardized cryptographic signature algorithm (ECDSA or EdDSA) that is used across most blockchains, making the implementation of MPC possible between different blockchains. This means that institutions that utilize MPC can quickly and easily onboard new cryptocurrencies onto their platform.
3. MPC Technology Has Academic Validation & Practical Implementation
While MPC technology was only applied within the cryptocurrency wallet context relatively recently, it has been the topic of academic research since the early 1980s and has undergone extensive, public peer reviews.
With this in mind, all vendors that use MPC have engaged and invested heavily in cryptographic assessment and penetration testing providers, such as NCC Group, to review their implementation.
As the MPC implementation is agnostic to the blockchain protocol (see #2 above), the attack surface is minimal and each review fixes implementation for all the protocols. Unfortunately, this is not the case with an on-chain Multi-Sig solution, as each protocol requires the wallet provider to implement a different code.
A few well-known examples of when poor Multi-Sig implementations went wrong:
- The Multi-Sig Parity Wallet – Poor implementation lead malicious actors to steal around $30m worth of Ethereum in one of the biggest wallet hacks to date.
- Parity Wallet Hacked (Again) – A hacker again gained access to the wallet and froze $300m worth of Ethereum. Some customers lost up to $300k worth of digital assets.
- Vulnerabilities in Bitcoin Multi-sig – Discovered by the Fireblocks Research team, a vulnerability in the Bitcoin Multi-Sig check implementation was deployed in development environments and, despite the popularity of this codebase, the vulnerability still remains.
4. MPC Technology Offers Better Operational Flexibility
As your organization grows, you will need to adjust the process of accessing and transferring your digital assets. This will include deciding on the number of employees required to sign a transaction, adding new key shares as you hire new employees, revoking key shares as employees leave and modifying the required threshold to sign transactions (e.g. from ‘3 of 4’ to ‘4 of 8’).
In this scenario, Multi-Sig addresses will pose various challenges for your organization as they are pre-set to the wallet.
This means that once a wallet is created, the ‘M of N’ structure is fixed. If a new employee is hired and you want to change the signature of a Multi-Sig wallet from ‘3 of 4’ to ‘3 of 5’, for example, you would need to:
a. Create a new wallet with the new scheme
b. Move all your assets to the new wallet
c. Notify all your counterparies that the wallet address has changed
Step (c) is extremely challenging and dangerous as counterparties could accidentally send funds to the old deposit address. If sent there, these funds would be lost forever.
In contrast, MPC wallets allow for ongoing modification and maintenance of the signature scheme. For example, changing from a ‘3 of 4’ set-up to any other set-up would require existing shareholders to agree on the new distributed computation and the addition of a new user share. In this process the blockchain wallet address (deposit address) is maintained, so that:
- You don’t need to create a new wallet
- You don’t need to move any funds
- Your counterparties can continue to use the existing address
This makes the process of scaling operations or making any adjustments to the way your team operates frictionless and, ultimately, eliminates the risk of accidentally losing funds due to critical operational changes.
5. MPC Allows for the Lowest Transaction Fees
Wallets based on Multi-Sig, whether they are Bitcoin P2SH Multi-Sig or Ethereum smart contract-based Multi-Sig, are associated with higher fees than regular, single address transactions.
MPC wallets, however, are represented on the blockchain as a single wallet address, with the actual distributed signature computed outside of the blockchain. This translates into having the lowest fees possible for the transaction.
This can be critical when issuing hundreds of transactions per day, especially in B2C applications.
6. MPC-Based Solutions Provide for Hidden Signatures and Off-Chain Accountability
Accountability is probably one of the most misunderstood aspects of an MPC-based solution.
While it may appear beneficial for an organization to have on-chain transparency regarding the signing of signatures, this actually introduces a slew of privacy issues. More importantly, though, it also creates a security issue as it immediately reveals the signing scheme and workflow to all.
Institutions may not want to reveal: who is able to sign, how many users signed, how many users are required to sign, among other sensitive information, as it could potentially create a physical attack surface against that organization.
Instead, a benefit of MPC is that it provides off-chain accountability so that each co-signing component can audit which of the keys participated in the signing without it being made public to outsiders. For example, Fireblocks keeps an audit log of the keys participating in each signing cycle and customers, should they so wish, are also able to maintain an audit log on their end.
Furthermore, due to limitations related to fees and mutability, some Enterprise Wallet Providers that employ on-chain Multi-Sig can only use a 2-of-3 signature scheme for their hot-wallets, regardless of their customers’ organizational structure and policies (See #4 and #5).
Usually, one share is with the wallet provider, one share is with the customer and one share is held as a backup. However, as the customer’s share is distributed across all the customer’s users, when a transaction is signed there is no cryptographic guarantee to know exactly which of those users used that share. This makes any claims of ‘accountability’ unreliable.
Solutions based on MPC, however, remove these flaws and are able to provide a thorough and trustworthy record to allow for true accountability.
7. MPC Technology Reinforces Hardware Isolation
Hardware Isolation Modules (HSMs and Secure Enclaves) are an important means of protecting cryptographic material when the system is compromised. But HSMs alone are not sufficient for providing the best solution for your private key security.
Likewise, MPC alone is only part of the solution.
As a result, this has given rise to a misconception that both MPC and HSMs are substitutional technologies.
Instead, the use of MPC in addition to hardware isolation systems, such as HSMs, is critical because HSMs alone are not completely bullet-proof (See this evaluation of HSM technology).
Moreover, implementations with HSMs suffer from the fact that if the authentication token or HSM client is compromised, an attacker can empty the wallet. Indeed, compromise of the client’s credentials or the transaction generation code is all it takes to do this, and these items don’t live inside the HSM.
At Fireblocks, we combine MPC and HSM technologies to exponentially increase the security of the system and create a real defense-in-depth crypto security platform.
In this way, all of Fireblocks’ MPC key material is stored and distributed across hardware isolated Intel SGX technology-enabled servers (Intel’s Secure Enclave) and mobile device secure enclaves (TEE). In addition, the execution of the MPC algorithm and the Policy Engine are all implemented inside of the secure enclave, preventing malicious external and internal actors from modifying the execution or policy engine.
Conclusion: Why MPC is the next generation of private key security
Institutions know that in order to be competitive, there can be no compromises between private key security and accessibility. MPC technology allows for businesses to capture market opportunities and deploy their digital assets in a secure environment that simply was not possible before.
To learn more about MPC and how it is implemented in the Fireblocks platform, download our ‘Fireblocks’ Multi-layer Philosophy for Securing Digital Assets’ white paper.