Secure multiparty computation (MPC) is a cryptographic technology that allows a number of parties to compute on encrypted data, without sharing the data between parties. Blockdaemon is the industry leader in applying MPC to provide lifecycle key management, use and protection, without any dependency on specialized hardware or trusted third parties.
Blockdaemon's world-renowned experts in cryptography have invented many of the essential protocols required for practical implementation of threshold cryptography to provide virtualized key management systems that maintain security even if some parties become corrupted.
Effective implementations of threshold cryptography provide the enhancement of a variety of security properties, such as confidentiality, integrity, and availability. These properties contribute to enabling a better and more compelling form of key management solutions.
Our threshold cryptographic solutions are made possible through the application of multiparty computation (MPC).
The founders of Sepior, which was acquired by Blockdaemon in 2022, have been at the frontier of R&D, implementation and commercial use of MPC since 2008. Jakob Pagter, head of MPC technology development at Blockdaemon, and other team members were members of the first team to implement MPC in live business operations as part of the Danish Sugar Beet Auctions in 2008.
Since those early days, our team has expanded the scope and optimized the performance of MPC by a factor of 1,000,000. Examples of some of the improvements and foundational work of this team include:
Our team also led the formation of the MPC Alliance in 2019, and continues today with representation on the Board of Directors and as President. We invite you to visit the MPC Alliance website to learn more.
Threshold cryptography using MPC can compute a particular result, such as the code used to encrypt or decrypt data by requiring just t of n shares, without having to reveal the secret shares between any of the parties. Threshold cryptography with MPC can use mathematical techniques to achieve NIST-approved algorithms such as RSA and DSA signatures, and AES enciphering and deciphering, without ever creating a conventional whole key. Eliminating the creation of a whole key on any physical or virtual machine, at any time, effectively eliminates the conventional risks of key theft from those devices.
Blockdaemon’s implementations of threshold cryptography incorporate secret sharing, thresholds, and MPC to provide industry leading key management solutions that operate in completely virtualized environments, in concert with any physical or virtual client devices.
Secret sharing is a fundamental technique used in cryptography. It enables a secret, such as an encryption key used to sign-off or otherwise approve a transaction, to be split into multiple (n) shares which are distributed across multiple parties. This reduces the potential for a key to be stolen when one of the parties becomes compromised.
Verifiable secret sharing also enables the detection of misuse or corruption by a shareholder. The corruption of a single share could potentially affect the integrity of a recombined key. Blockdaemon’s secret sharing model allows for the generation of a new share to replace any share, without having to create a new key and distribute new shares to all parties. This enables maximum system integrity and availability with operational simplicity.
With conventional cryptography models, all of the shares must be recombined to recreate a whole key which can then be used for cryptographic functions. If one or more shares is unavailable, the key cannot be recreated from the partial shares and transaction approvals may become delayed or prevented. When all shares are recombined to form a whole key which is stored on a device, the key then becomes at risk to be copied or stolen.
Blockdaemon’s threshold model provides the ability to reconstruct lost or corrupted key shares from a threshold (t) number of shares, but not from fewer than t shares. This approach protects the secrecy and the availability of the key, even if one or multiple parties with key shares become compromised, as long as fewer than n-t systems are affected. This results in increased integrity and availability of key management for increased security.
However, secrets and thresholds alone do not mitigate the risks of key theft when a whole key is recreated.