Blockdaemon Blog

What are MPC Wallets and Why Should Every Institution Have One?

Wallet
Sep 17, 2024
By:
Frank
Wiener
&

Are you up to speed on MPC and wallet security?

Download our white paper on Exploring Multiparty Computation in Threshold Cryptography to get the full story.

MPC is the acronym for secure multi-party computation, which is a specialized subfield of cryptography used to protect digital secrets. MPC wallets protect the secret private key used to digitally sign and authorize digital asset transactions. For cryptocurrencies and other digital assets, protecting the private key is paramount to secure digital assets.

MPC also creates a threshold framework for multiparty control, making it well suited for institutional applications. Institutions often prefer the option to require multiple approvals before a transaction can be signed, and MPC provides this capability with great efficiency. 

This combination of advanced security with multiparty control makes MPC the ideal choice for institutional MPC wallet applications.

Are MPC Wallets more Secure than Conventional Crypto Wallets? 

MPC uses multiple parties to collectively generate, store, and use private keys in the form of distributed key shares. These shares are stored on different machines, ideally under different administrative control. With this approach, a complete private key never exists on, or is known to, any single party throughout the entire key lifecycle. This mitigates the risk that a single party, such as a Hardware Security Module (HSM), an admin, or an executive user with access to a complete key, could become corrupt or compromised, resulting in key theft or misuse.

What are the Advantages of MPC Wallets?

MPC Wallets offer many advantages, primarily making private keys both secure and accessible for legitimate use.

One way to protect a secret is to lock it away and make it so physically inaccessible that no one could practically gain access to steal it. Yet this makes using the secret key equally difficult. 

Rather than creating physical isolation and costly physical access controls, MPC wallets typically use a combination of highly accessible online hosting environments, such as secure cloud enclaves and mobile phones. 

Hosting one or multiple MPC nodes in secure cloud enclaves, such as AWS Nitro, with remote attestation and secret injection, yield some of the highest security frameworks available. Another MPC node hosted in a user’s mobile phone further elevates security and accessibility by introducing another secure and highly decentralized hosting environment. 

After years of due diligence, many of the world’s largest custodians and traditional financial institutions have embraced MPC wallets specifically due to this combination of security and accessibility.

Are all MPC Wallets Online?

While online wallets provide an ideal balance of  both security and accessibility, regulatory compliance and other governance criteria may warrant the need for offline or air-gapped key storage and usage. MPC wallets can and in some cases have been developed where some or all key shares can be generated, stored, and used without ever connecting the hosting node to the internet.

Recent innovations in MPC cold wallets enable some MPC wallets to support hybrid models. In this model, the wallet front end provides dashboard visibility, transaction creation, policy controls, and approvals using online operations, while the actual transaction signing is executed offline using air-gapped devices. 

Are all MPC Wallets Multiparty Controlled?

All MPC wallets must use two or more parties to generate, store, and use private keys. However threshold signature schemes used for signing operations can be implemented using automated API approvals for single user apps, a fixed multiparty signing scheme or a user-definable m of n signing scheme. 

Some MPC wallets include policy controls to define the preferred approval model and threshold signature scheme. For example, you might create a policy that allows for manually created one-off transfers or automated transfers of predefined amounts to pre-specified recipients on a recurring basis with no additional approvers, with API approval, or with quorum human approvals. MPC wallets can support a wide variety of threshold and approval models.

Are MPC Wallets Better than Multisig?

Multisig wallets were introduced for multiparty transaction signing in Satoshi’s Bitcoin white paper in 2011. The first MPC wallet was introduced in 2018, and provided considerable enhancements over multisig. Some example benefits include off-chain multiparty signing which eliminated the multisig need for smart contract programming, lower cost transaction fees by avoiding smart contract processing, universal protocol compatibility, simplified operations, and ongoing support. This Top 5 Reasons blog provides additional comparisons of MPC wallets using threshold signatures and multisig.

What are the Delivery Options for MPC Wallets?

MPC wallets are available via multiple delivery and procurement options:

  1. Hosted MPC Wallet services

MPC Wallets are available as a subscription wallet as a service, typically running on your mobile device. Options exist for individual and institutional wallets. Hosted MPC Wallets are typically preferred by high networth investors and smaller businesses who are not comfortable hosting their own wallet infrastructure.

  1. Self-hosted MPC Wallets

MPC Wallets are available as software packages for institutional deployment on premises using public or private clouds and/or mobile devices, etc. Options exist for automated deployment of MPC nodes in secure clouds to simplify installation. Self-hosted wallets are typically preferred for custodians and larger institutions that require complete control over all aspects of the wallet infrastructure.

  1. Build Your Own MPC Wallets

Many institutions prefer to build their own MPC wallets to address specialized needs or a desire to provide wallet level differentiation. In this scenario institutions have a choice to build their own MPC technology stack using open source MPC reference specifications or to license pre-built, broadly deployed and field-proven MPC from a reputable MPC wallet technology provider. 

Do all MPC Wallets have the Same Level of Risk and Security?

MPC is a technology and it can be applied to solve a wide range of security and privacy challenges. As a result, any vendor using some form of multi-party computation may claim to offer an MPC wallet, but the security efficacy and trustworthiness of those wallets can vary widely. 

For example, a wallet may be developed by junior or even senior level cryptographers following published academic research papers on MPC and threshold cryptography. However, security experts will advise you that MPC is extremely complex and can easily be implemented in a manner that yields unanticipated security vulnerabilities, even when implemented by cryptography experts. Therefore it is highly recommended that MPC wallets or MPC technology used to build your own wallets are sourced from well established, field-proven suppliers of MPC, and that the MPC technology and entire security stack have been audited by third party security experts. 

Blockdaemon: A Trusted Supplier of MPC Wallets and Technology

Blockdaemon is widely regarded as having one of the industry’s most experienced, respected, and trusted MPC cryptography teams. On acquiring Sepior in 2022, Blockdaemon introduced the world’s first MPC wallet in 2018, working in partnership with SBI Holdings of Japan.

Since then, Blockdaemon has been providing the turn-key Institutional Wallet and Builder Vault MPC technology to institutions ranging from startups to multiple of the world’s largest banks, custodians, exchanges, wallet as a service providers, and custody technology providers. Our Advanced MPC technology has undergone years of third party audits and reviews, and been widely exercised in real-world MPC wallet deployments. 

Share

Get Started with Blockdaemon Today!

Contact us to learn how we can help you power your blockchain business.
Unparalleled Security & Compliance
Seamless Integration & Scalability
Dedicated Customer Support