Multi-party computing (MPC) analysis: a bold new vision for cryptocurrency protection

The author, Michael J. Casey, is chairman of the CoinDesk Advisory Board and a senior consultant for blockchain research at the Massachusetts Institute of Technology (MIT) Digital Currency Initiative.


Image source: pixabay

Advances in cryptography are merging to help developers bring blockchain applications closer to the core decentralization principle that underpins the technology.

Inventions such as atomic-level swaps, zk-SNARKS, and smart contracts based on lightning networks are giving developers the dream of true peer-to-peer trading, in which neither party nor external intermediary can act maliciously. As you can see, the number of unmanaged and decentralized exchanges (DEX) services used to trade encrypted assets is increasing.

This is exciting. But it also reveals another big problem that hinders the widespread use of cryptocurrency and blockchain technology: secure key management.

For a long time, the surest way to protect private keys—allowing the holder to control the underlying cryptographic assets—has been too clumsy, not universal enough, or difficult to implement on a large scale. For the sake of security, the user experience is sacrificed.

Now, in another very important area of ​​cryptography, Secure Multi-Party Computing (MPC), some significant advances have been made, indicating that usability and security are a potential holy grail in decentralized systems.

A keyless wallet

Last week, KZen, based in Tel Aviv, announced the specifications of the new ZenGo wallet, marking the progress in the field. ZenGo uses MPC and other sophisticated encryption tools (such as zero-knowledge proof and threshold-encryption techniques) to share the responsibility for signing a particular cryptographic currency address between a group of untrusted entities.

The beauty of the KZen model is that security is no longer a function of one or more entities that have complete control over their own unique private key – so far, this is at the heart of the vulnerability in cryptocurrency management. Instead, the key is derived from a single fragment generated by multiple untrusted computers.

This model takes advantage of the genius of MPC cryptography.

Using this approach, multiple computers that are not trusted can each compute a particular segment of a larger data set to collectively produce the desired public result, without any node knowing the details of the other segments.

Therefore, the private key that performs the transaction is a collectively generated value; in no case is a single, vulnerable computer responsible for an actual key. (The KZen website has a useful explanation explaining how it works.)

KZen is not the only provider of blockchain key management MPC solutions. Another Israeli company, Unbound, is entering the enterprise market with its cryptographically secure MPC solution.

Unbound's blog provides a different perspective on the same argument.

It repeatedly explains why MPC is superior to the two currently preferred encryption security methods: hardware security module (HSM) and multi-signal (multisig) technology, the former is built on hardware wallets (such as Ledger and Trezor), the latter is subject to The exchange's favor.

Attack compromise compromise

If KZen and Unbound are trusted, the MPC solution solves both the hot and cold storage compromises in key management and the self-managed hosting problem.

A cold wallet is a key that is stored in a completely offline environment that is beyond the reach of an attacker. It is safe as long as the key is offline. (Although you really don't want to lose the piece of paper that prints the private key.)

However, if you want to use these keys to send money, putting them in a transferable online environment can be a very cumbersome challenge. If you're just a HODLer that trades very little, this may not be a problem, but it is a serious limitation to the prospect of blockchain technology transforming global commerce.

On the other hand, so far, the hot wallet is notoriously vulnerable.

Whether it's the ruthless "SIM hijacking" attacking people's mobile phones, emptying hosted (third-party hosting) wallets, or self-hosting properties on mobile phones, there are countless horror stories experienced by retail participants. Of course, we all know the story of hacking attacks on hosted exchanges – from Japan, Hong Kong, Canada to Malta.

At the same time, the solutions currently sought by regulated institutional investors – custodians and exchanges – have established a “military-grade” hosting solution similar to Fort knox – essentially containing a compromise. Not only does this approach not solve the reliance on third parties, but there is serious doubt as to whether any such solution can be permanently protected from hackers, as hackers are constantly improving their approach to firewalls. In the best of circumstances, continuous IT upgrades can become a huge money suck.

Replace HSMs and multi-signatures

With MPC, it is not that existing security technologies are useless.

Ledger and Trezor's hardware devices—a more flexible cold wallet—are widely used by individuals who are uncomfortable with external third-party hosting and self-hosted wallets on online devices. In addition, multisig solutions have proven to be robust enough to be used by most exchanges.

But in both cases, the loopholes were exposed. To a large extent, these risks are due to the fact that, regardless of how complex the surrounding security model is, all important keys are always in a single point of failure.

Just last week, the researchers demonstrated how to invade remote hardware security modules. The irony is that the researchers are from Ledger, which relies on HSM to protect customers' keys.

"The Multisig model can provide protection against such attacks because the attack requires simultaneous control of multiple keys in different locations, but the fact is that the Multisig solution has failed due to technical and human weaknesses (internal operations).

More importantly, both solutions are inherently limited and need to be customized to specific specifications or books. For example, password developer Christopher Allen pointed out last week that HSMs are particularly limited by government standards.

In each case, the book-specific design of the underlying cryptography means that multi-asset wallets are not supported, and in a decentralized, interoperable cross-chain transaction world, such wallets are required.

In contrast, KZen boasted that its keyless wallet was a multi-book application from day one.

Challenges and opportunities

To be sure, MPC has not been confirmed in the practical sense.

The large amount of resources required to perform these network computing functions over time has made it a challenging and costly concept to introduce them into the real world. However, rapid technological improvements in recent years have made this complex technology a viable option for a variety of distributed computing environments where trust is an issue.

Key management is also not its only application on the blockchain. MPC technology plays a key role in Enigma's "secret contract" work, founded by the Massachusetts Institute of Technology (MIT), as part of a comprehensive plan to create a "decentralized network privacy layer."

It is not wise to assume that MPC or any related technology will provide a perfect, completely reliable solution to security issues. When people complacently believe that security is not a threat, security threats will emerge.

However, if you consider how to combine this technology's vision for better key management with Enigma's vision—an MPC-based secret contract layer and a broader decentralized, interoperable asset exchange. Moving forward, then a truly compelling blockchain-based P2P commercial will begin to emerge.

At least, you need to pay attention to this area.