Blockdaemon’s complete node stack supports the flow of data and value for millions of users. Our customers include top tier financial institutions, crypto native companies, exchanges, and many more…
Secure Multiparty Computation (MPC) is a technology that is gaining widespread interest for both data privacy and protection applications. This article focuses on the use of secure MPC to protect digital assets under custody.
Book a call for your very own demo of the Blockdaemon Wallet™, or read on to get a closer look at what’s new.
In this scenario, the objective of secure MPC is to provide bank-grade protection against the theft or misuse of private keys that are used to digitally sign and authorize transactions for digital assets under custody. Secure MPC facilitates this objective through the following attributes:
This secure MPC approach to custody wallet key management eliminates the risk that the breach of any single party, or possibly even multiple parties, could result in theft or misuse of the private key. When properly implemented as part of a broader security process and framework, secure MPC enables custody wallet services with the security efficacy of offline, cold-storage and the accessibility, scale, and automation of online hot wallets.
Secure Multiparty Computation (MPC) is a cryptography technology that enables a group of different data owners to jointly compute a function of their private inputs, without requiring them to share their private data with one another or any other party(1). For a digital asset custody wallet the “different data owners” are the multiple parties that are responsible to hold a share of a private key and use those key shares to provide their part of a multiparty approval of a transaction. Their “joint computation” generates a single digital signature to release digital assets for transfer to a third party.
Some background for readers less familiar with cryptocurrency and digital asset technologies:
Digital asset wallets are based on a cryptographic public-private key pair. The public key is used to indicate the address of the wallet and verify the of authenticity of an associated signature. The private key is used to generate a verifiable digital signature, which authorizes the blockchain to release digital assets associated with the wallet. The public key is shared publicly, so that other parties know where to send outgoing digital assets or where incoming digital assets were sent from. The private key must be kept secret, because anyone with access to the private key can use it to generate a signature and transfer digital assets from the associated wallet to any other wallet of their choosing.
For digital assets using public blockchain technologies such as Bitcoin, Ethereum or similar, these transactions cannot be reversed even when they are known to be fraudulent. Consequently, protecting the private key is paramount to protecting the wallet.
Any digital asset wallet is subject to attack, where an external hacker or malicious internal party gains access to the private key and uses it to steal the associated digital assets. The consequences of such a theft can result in asset losses worth millions to hundreds of millions of US dollars for institutional wallet users, and exchanges and custodians using wallets for their own needs or on their client’s behalf.
In an ideal-world, secure storage of the private key would be assured using existing security technologies and operational practices. Unfortunately, we live in the real-world, where good people make innocent operational mistakes, where bad actors or compromised parties make unfortunate choices, and where security systems inevitably become compromised. This is particularly true when the rewards justify the persistent focus of skilled hacking resources. This is where secure MPC is required.
Secure MPC eliminates the existence of a complete key in the possession of any single individual or stored on any single physical or virtual machine. As a result, there is no single party that could be corrupted or otherwise compromised and yield access to the private key.
Security of Multiparty Computation
The security of Multiparty Computation (MPC) is based on the model that no single party ever possesses an entire secret, eliminating the threat that the compromise of a single party could result in disclosure of the secret. But that alone is not sufficient to fully trust in the security of MPC(2).
Secure protocols must withstand adversarial attacks, where an adversary controls one or more of the parties in the computation. To achieve this, secure MPC requires protocols and often other mechanisms to assure the following attributes, even if some of the parties are or become corrupt:
How is Secure Multiparty Computation Implemented
Secure Multiparty Computation (MPC) protocols can be developed using many different techniques. The preferred techniques vary depending on adversarial models and the optimizations(3). Following are examples of common techniques to use secure MPC for digital asset wallet security.
SHAMIR’S SECRET SHARING
Shamir’s Secret Sharing (SSS) is a cryptography algorithm developed by Adi Shamir in the late 1970s. It is a form of secret sharing where a secret, such as the private key, is divided into multiple parts called shares and can be recreated using less than all shares. With SSS, shares are distributed to different parties so that no single party possesses the full secret, minimizing the risk that a single party could become compromised and disclose the secret.
Threshold cryptography builds on Shamir’s secret sharing model to enable a set of parties to carry out a cryptographic operation, such as creating a digital signature, without having to recombine shares to create a full key. Instead, each party uses their share of the key to generate their share of a computed output, in this case, a partial signature. When enough partial signatures are combined, a complete threshold signature is generated.
Threshold cryptography and Shamir’s Secret Sharing can be designed to enforce specific security models and operational criteria. Some examples include the ability to support m of n quorum approvals, and the option to specify that a particular party must be one of the m approvers before a complete signature is generated.
Threshold cryptography also introduces a framework for specifying the number of parties that may become corrupt and still allow secure MPC to maintain correctness and privacy. Correctness relates to the signature, which must be validated by the public key to be a legitimate signature. The privacy relates to keeping the key shares and private key secret.
How Does Secure MPC Protect Custody Wallets?
Secure Multiparty Computation (MPC) is a cryptography technology that can be used to protect private keys for any key management application. Wallet security is just one specialized application. Secure MPC achieves superior key security through a combination of attributes:
What Makes Secure MPC The Preferred Custody Wallet Technology?
Secure Multiparty Computation (MPC) is not the only wallet security technology, but it is considered the best and increasingly the choice for new custody infrastructures. Some of the benefits of Secure MPC include:
Blockdaemon Wallet – A Trusted MPC Wallet Security Technology Partner
Since 2014, Blockdaemon has been singularly focused on developing the world’s highest performing secure MPC solutions for key management applications. Our world-renowned cryptographers have been at the forefront of the MPC revolution for multiple decades. Our team consists not only of experts in the field of secure MPC, but also experts in the practical application of MPC in real-world applications.
Blockdaemon offers secure MPC technology SDKs, libraries, software, and integration expertise to assist platform and service providers with custom integrated MPC solutions that work within your existing framework and constraints. We also offer full turn-key solutions through some of our customers who have become business partners. We invite you to review one of our white papers(4), contact our sales team, and to visit www.blockdaemon.com for more information.
Fill out the form to connect with one of our product experts and learn how Blockdaemon can help you unlock the power of blockchain.