In the world of digital assets and blockchain-driven solutions, security is the utmost priority for organizations across the globe. While numerous multi-party computation (MPC) providers vow to offer best-in-class security and service, what truly sets them apart is the underlying cryptographic proofs and infrastructure.
Given the consequences a security breach can lead to, it is crucial to make informed decisions when evaluating an MPC wallet provider. Whether you’re just getting started in crypto or already have an established product with an MPC wallet provider, these 5 questions should help you start a constructive conversation around MPC security.
Have you built a zero-trust architecture for your MPC protocol?
The best defense against cybercriminals is a multi-layered security approach that can provide redundancy if one of the security controls fails. There is no silver bullet for security, so ask your provider about the different security layers and hardware defenses to protect each attack surface. The goal is to eliminate reliance on a single security technology.
Are you up-to-date on the latest MPC algorithms, and are you utilizing an open source MPC protocol?
There are multiple peer-reviewed MPC algorithms that exist (i.e. GG-20, MPC-CMP, MPC-CMPGG) available today. Check if your wallet provider utilizes an MPC protocol that is peer-reviewed and fully audited before you implement and release your product or offering to customers.
In addition, find out if the MPC protocol is open source so that you, as a customer, can inspect it or have it reviewed by a third party. Open-sourcing code promotes transparency and attracts a community of users, researchers, and developers as it encourages knowledge sharing and the collective advancement of software security.
Is your implementation audited by top third-party security companies?
Determine if your MPC provider invites third-party security firms to review the MPC implementation you’re utilizing, and its underlying cryptography. How often do audits take place? Are they conducted regularly or whenever significant changes occur?
Third-party audits often provide an objective perspective, validate claims, or challenge basic assumptions that your MPC provider might miss, which ensures security and credibility. It’s a best practice for any service provider to regularly undergo audits as they can expose vulnerabilities in the code, infrastructure, and critical operating systems of a protocol – including employees operating the platform.
Trusted firms include ISO, NCC Group, C4, Comsec, Halborn, and Trail of Bits.
Third-party audit examples:
Fireblocks is setting the gold standard for adopting third party audits.
How are key shares created, distributed, and stored?
Ask your provider where shared keys are stored, how they are stored, and what policies and procedures are in place to govern access to those keys. As a best practice, MPC key shares should be distributed between two or more organizations, have a high level of segregation between the networking infrastructure, as well as access control to each one of the shares.
If a single organization distributes its MPC shares across several locations – even if they’re far away from each other physically – it could still be insufficient for detouring hackers. A compromise is much less likely when MPC is distributed across multiple organizations that do not share servers or infrastructure.
One solution is to store a key share with an enterprise cloud provider. For example, Fireblocks stores users’ MPC shares within SGX hardware-isolated enclaves hosted by two different cloud providers: Microsoft Azure and IBM Cloud. In all cases, key shares are distributed so that no one (not Fireblocks, the customer, nor any individual cloud provider) can access the entire key.
Liquid Exchange is a real-world example of the importance of shared keys distribution.
- The Liquid exchange hack: On August 19, 2021, Japanese cryptocurrency exchange Liquid announced that it was hacked, with the perpetrators stealing about $97 million in crypto and transferring it to four different wallets. The primary issue was that key shares were not distributed amongst different parties using different storage infrastructures, nor placed within secure confidential computing enclaves.
Do you have an in-house cryptography team to respond to potential vulnerabilities or attacks?
It is crucial to have an in-house cryptography team to ensure that cryptographic protocols are deployed correctly. Cryptography teams have the knowledge and expertise to find and resolve vulnerabilities in a timely manner to ensure your funds are always safe and secured . It is a red flag if your MPC wallet provider does not employ a cryptography team to manage the security of its wallet infrastructure and proactively communicates risks to you.
Find out what their incident response strategy or communication plan is in the event a vulnerability or attack is identified, and how they plan to communicate with internal security operations and customers.
The BitGo TSS Zero Vulnerability and BitForge are real-world examples that reinforce the importance of having cryptography teams in place to manage wallet security.
- BitGo TSS Zero Vulnerability: In early 2023, Fireblocks’ cryptography research team found a critical vulnerability in BitGo’s TSS wallet implementation that allowed for a malicious actor to extract a full private key, either from the BitGo or client-side of the equation. Upon verification that the Zero Proof vulnerability was actually exploitable in a real-world scenario, the Fireblocks team contacted BitGo’s security team and notified them of the vulnerability, and made it clear that client funds were at risk. The BitGo team responded and took the appropriate action to secure the implementation.
- BitForge: In August 2023, the Fireblocks cryptography research team uncovered BitForge – a series of zero-day vulnerabilities in some of the most widely adopted implementations of MPC protocols, including GG-18, GG-20, and Lindell17. As part of the disclosure process, multiple wallet providers, Coinbase WaaS and Zengo, and their cryptography teams stood out as the best-in-class at managing and resolving the issues promptly, ensuring their users were well-protected.
Being aware of your vendor’s security status is crucial to ensuring your business runs efficiently without potential disruptions. That’s why Fireblocks works diligently to communicate potential vulnerabilities to the cryptography ecosystem, and we encourage everyone to engage in an open dialogue with your MPC wallet providers to ensure visibility and alignment.
Check out the BitForge Status Checker to find out if your provider might be impacted.