Cregis Research: Why is an MPC wallet more secure than a regular wallet?

Cregis Research: MPC Wallets vs. Regular Wallets - What Makes Them More Secure?

Common plugins for wallets, such as Metamask, work by generating a seed-mnemonic-public-private key through the BIP 39 protocol. The private key plaintext is required for each transaction.

However, MPC wallets only have private key shards, saved on different devices. Thus, during the transaction signing process, plaintext private keys are not exposed, and even if a user’s device is hacked, the complete private key cannot be obtained. But there is still a risk for users…

Recently, wallet security has once again become a focal point of public opinion. In early March of this year, a large number of addresses with ARB airdrops leaked their private keys, triggering a “scientific feast” for hackers. Earlier, an industry OG warned on Twitter: “I have discovered a new way of stealing coins. In foreign KTVs, fraudsters quietly modify and implant malicious programs into the shared charging treasure of the KTV. Guests wait for a long time in the KTV singing, drinking, and consuming until their phone runs out of power. They then borrow the charging treasure, thinking that it is charging their phone, but it is actually reading the data in the phone and stealing the private key in the wallet.”

How can ordinary web3.0 players protect their wallet assets in the dark forest on the chain and avoid tragedy? MPC wallets are currently becoming more popular as a solution, but how do they work? Are they really completely safe to use? This article will provide accurate scientific knowledge for everyone.

• Nansen CEO: Expansion speed was too fast, costs were too high, and 30% of employees have been laid off.
• After carrying a huge debt and shutting down TradeBlock, the former crypto empire DCG is now struggling for survival with one arm.
• Understanding ERC-6551 in one article: How to change the rules of NFT gaming?

Firstly, MPC (Multi-Blockingrty Computation) is a zero-knowledge proof technology path proposed by Professor Yao Qizhi of Tsinghua University in 1982. In practical application scenarios, it covers a large number of modern cryptography technologies, such as public key cryptography algorithms such as RSA, ElGamal, and ECDSA, as well as the Shamir secret sharing protocol. The combination of these technologies makes MPC highly secure and scalable, ensuring the following security requirements:

• Distributed encryption can divide data into multiple parts, stored in different participating parties to avoid data leakage risks;

• Zero-knowledge proof can prove the truth of a fact without revealing other information related to the fact;

• Secret sharing can distribute information to multiple participants, ensuring that no party has independent control over the information as a whole.

The current industry standard for applying the MPC concept in wallet products is:

1. Each wallet manager (participant) holds a key fragment;

2. When a transaction is required, a certain number of participants collaborate and, in a TEE (a trusted encrypted execution environment), reconstruct the complete private key and complete the signature process.

This business process ensures that the plaintext private key is not exposed during the transaction. Even if the device storing the key fragment is hacked, the hacker cannot obtain the complete private key, thereby improving security.

It is not difficult to see that the core difference between a multi-signature wallet implemented through MPC technology and a multi-signature wallet implemented through smart contracts such as Safe (i.e., Gnosis) is that the latter relies on private keys (blockchain addresses) to participate in multiple signatures, which still carries the risk of participant private key theft. However, participants in an MPC wallet do not possess the complete private key, but instead use key fragments to implement threshold signatures, thereby eliminating single-point risks.

But is the asset completely secure now? Obviously not!

Although MPC wallets have secured the signature process, they have presented a post-risk [fragment security management strategy] to users.

There are currently three mainstream private key fragment management strategies for MPC wallets: [self-hosting mode], [hybrid hosting mode], and [centralized hosting mode]. Among them, the [self-hosting mode] is most in line with the hardcore crypto-native concept: users need to manage the mnemonic phrase and all key fragments themselves, and once the mnemonic phrase and all saved fragment devices are lost, the assets will be dormant on the chain. However, although the [hybrid hosting mode] and [centralized hosting mode] strategies can achieve functions such as recovery on unfamiliar devices and social recovery, the fragment hosting party cannot completely eliminate the risk of human malice, so the security level is as dependent on the founder’s reputation as CEX.

Therefore, when choosing an MPC wallet, users will face a dilemma: 1. Choose [self-hosting mode] products and spend more energy and cost to protect the mnemonic phrase; 2. Choose [hybrid hosting mode] and [centralized hosting mode] products to enjoy a usage experience close to web2.0, but must trust the product operator will not act maliciously.

In summary, the security of the MPC wallet is related not only to the signature process but also to the management strategy of key sharding.

[Self-custody mode] is more suitable for enterprise-level users: those who pursue thorough security and have sufficient manpower and resources to ensure that their mnemonic and storage devices for shards are not all lost at the same time. [Mixed custody mode] and [centralized custody mode] are more suitable for ordinary web3.0 players: those with small fund sizes and diversified holdings who have a rigid demand for centralized scenarios and therefore trust human nature (even if they encounter disasters like FTX, the losses are relatively small).

However, the author believes that when users withdraw funds from centralized institutions, whether individuals or teams, they will inevitably hope to obtain a higher level of security, which is obviously contradictory to the wishes of [mixed custody mode] and [centralized custody mode]. The release of Ethereum’s EIP-4337 means that in the future, DApps can provide users with services that support social login, social recovery, and other web2.0 product experiences through the technical path of account abstraction. Based on its special usage scenarios (chain games, social networking, etc.), users’ sensitivity to security is relatively low; this business model will inevitably cause great impact on the product market of [mixed custody mode] and [centralized custody mode], and may even completely eliminate these types of products after EIP-4337 is officially launched.

We will continue to update Blocking; if you have any questions or suggestions, please contact us!