What is Multi-Party Computation? Intro to Seedphrase-less Custody

What is Multi-Party Computation? An intro to secure, seed phrase-less custody

MPC (multi-party computation) wallets are challenging the seed phrase-based status quo that most wallets rely on today. MPC wallets utilize multi-factor security to have multiple parties confirm each transaction on the blockchain, making it extremely difficult for a threat actor to compromise them. MPC helps address some risks of seed phrase-based models, like malware and social engineering, while providing secure crypto custody options. 

So, what is MPC technology, and how can we utilize it to store our crypto and digital assets safely? Let’s dive in. 

History of MPC

Multi-party computation (MPC) is nothing new. It is a cryptographic method invented in the 1980’s, that enables multiple entities with secret information to complete a task together without disclosing any individual’s secret information.

There are uses for this beyond information security, such as analyzing sensitive data without revealing individual pieces of information. Imagine a business where employees want to learn if they are fairly compensated without revealing individual salaries. In this case, each employee’s “secret” information is their individual salary. 

The Institute of Electrical and Electronics Engineers uses the example of Nurses using MPC to calculate their average salary. Here’s how it works:

“Say you are interested in the average salary of registered nurses who work in intensive care units. Nurse A’s salary is $100K. To find the average salary using additive secret sharing, the multiparty computation protocols split this $100K into three randomly generated shares: $40K, $35K, and $25K. Nurse A then keeps one of these secret shares ($40K) for herself and distributes one secret share each to Nurse B ($35K) and Nurse C ($25K).

The salaries of Nurse B and Nurse C follow the same multiparty computation protocol. When the secret sharing is completed, each person holds three secret shares: one from Nurse A’s salary, one from Nurse B’s, and one from Nurse C’s.

At this point, all three nurses have contributed their personal information, yet no nurse can determine the exact salary of any other nurse. Therefore, the data remains private.

Even though these secret shares do not reveal personal information, they are still beneficial. Once all the secret shares are added together and then divided by three, we still get an accurate average of all three nurses’ salaries.”

What are MPC wallets, and how do they secure your crypto?

MPC wallets are custody wallet solutions with key features that help avoid the risks of malware that come with browser or app based wallets like Metamask or weaknesses in private key/seed phrase generation. MPC keys comprise multiple encrypted components that are distributed among multiple parties. These are called “shares.” All components, or shares, must approve transactions for the wallet to act on-chain. 

The primary benefit of this technology is that it requires at least two shares of this distributed secret to sign any transaction, so even if one share is compromised, an attacker won’t be able to gain access to the wallet. Attackers would have to gain access to all the shares simultaneously, which is exponentially more complex and, therefore, keeps your crypto more secure. MPC providers can customize whether a wallet requires all shares to confirm a transaction or if only some shares must approve. 

Most crypto wallets leverage seed phrases to grant access. Users must protect this seed phrase secret or risk losing access to their wallet or having it stolen by malicious actors. This occurs most often in one of three ways:

1. A user loses access to their seed phrase by misplacing it or it being destroyed (such as in a fire or natural disaster)
2. A user downloads malware that grants a malicious actor the ability to retrieve their seed phrase or their private keys that are not secured on special devices or hardware wallets
3. A user is tricked into giving away their seed phrase through social engineering or phishing

MPC wallets address #1 and #3 by never granting the user a seed phrase. You can’t lose or accidentally give away something you never had to begin with! Both hardware wallets and MPC wallets address #2 by ensuring the key is never located on any single, online device. Hardware wallets do this by keeping the key entirely offline, while MPC wallet keys are distributed between multiple devices.

Those looking to avoid the risks of seed phrases may consider multi-factor wallets that offer a familiar Web2 experience with multi-factor security. These wallets require multiple security checks to ensure the operator is authorized to use the account. There are two primary categories of multi-factor wallets: 

1. Multi-signature wallets - “multisigs” like Safe are smart contracts requiring multiple wallets to confirm transactions. 
2. MPC wallets

MPC wallet users are not responsible for protecting a seed phrase or private key. Instead, they must ensure they have access to log in to the wallet and understand how to recover the wallet based on how each MPC wallet handles recovery (often a combination of an email address, a recovery file, or a Face ID for mobile apps). Users can be confident that if their device hosting the MPC wallet is compromised, the other shares in the MPC system keep the wallet secure. In this way, MPC works as a 2FA wallet guarded by multiple parties. 

Caption Text: Seed Phrase security compared with an example of an MPC security model, based on ZenGo’s MPC model.

Get Started with an MPC Wallet

There are dozens of MPC wallets available today - most of which are commonly used by institutions to secure large amounts of cryptocurrency. Fewer MPC wallet solutions are available for individuals, and some wallets don’t always make it clear whether they are implementing MPC technology into their custody solutions. If you’re unsure, one easy way to tell if something is not truly MPC is if the wallet generates a seed phrase for you to secure. 

Zengo was one of the first wallets to integrate MPC technology for individuals rather than institutions. Zengo claims no user has been hacked since they were established in 2018. The wallet functions as a phone app and encrypts half of the private key on your device and the other half on their servers, which means that an attacker would be required to compromise both their servers and your device to steal from the wallet. Zengo is a great option for users without a separate hardware device to secure their crypto and want security features built directly into the wallet.

To interact with dApps on MPC wallets like Zengo, you’ll scan the WalletConnect QR code with your phone's camera and the app verifies that you are the true owner of the wallet through face ID or other security login functions. 

Other wallets have begun to implement MPC technology alongside social feature logins. We used a Gmail account to log into Ronin Wallet, which began offering MPC for social account logins earlier this year. Ronin allows individuals to use MPC technology OR seed phrases (not both) to access a wallet. 

Downsides to MPC

From a performance perspective, the primary downside to MPC technology is speed. By definition, MPC wallets require each party to approve the transaction. This could take time as your device verifies the transaction with the wallet and other parties. This takes seconds, not minutes, but it is still marginally slower than signing a transaction on Metamask. 

Some users may also want the ease of importing a seed phrase or a private key when moving to their new hardware device or browser-based wallet. It is possible to generate a private key to an MPC wallet once the owner has gone through a multifactor authentication process, but doing so defeats the purpose of using the MPC model to begin with. 

Relatedly, MPC wallet companies must account for the possibility of going out of business and enable users to recover the wallet if that occurs. Some approach this through an escrow model where a third party holds a decryption key to the company's share. The wallet owner can complete the recovery process, but it is not a traditionally permissionless system, as the escrow entity must verify that the request is legitimate (and presumably could deny it). This recovery method is viable but some may view it as more complicated and less permissionless than recovering keys from a hardware wallet with a seed phrase if the manufacturer were to go out of business. 

Conclusion and the Future

MPC wallets breaks the mold of traditional self-custody solutions to mitigate some risks of seed phrases or single-factor wallets, but they might not be for everyone. The idea of maintaining a seed phrase might be second nature to someone who has used hardware wallets for years and has a system in place for storage. New entrants to crypto might find MPC more attractive than securing a seed phrase however, as MPC removes the security burden from users and the login and account recovery processes look more like Web2. 

You don’t have to completely switch to MPC to take advantage of its benefits, either. One might use an MPC wallet as a signer on a multisig, for their long-term “vault” holdings, or when they’re on the go and don’t want to bring a hardware wallet. Every user should have a Wallet for Every Occasion! 

MPC technology may be used in the future to help secure smart wallets, ensuring redundancy and resiliency across multiple wallet types. Whatever you choose, do your own research and ensure that you have a security system that will withstand a multitude of threats.