MPC (Multi-Party Computation) technology is a firmly established concept designed to securely manage, share, and modify digital information. The MPC approach enables multiple parties to perform computations within a single database while maintaining complete anonymity from each other.
Although the MPC model has been in existence for several decades, its significance has grown significantly, especially with the advent of blockchain networks such as polygon blockchain and crypto wallets. Here, we will dive into the characteristics, advantages, and certain limitations associated with the MPC approach in the context of crypto wallets.
How MPC Wallets Operate
MPC (Multi-Party Computation) wallets employ a cryptographic technique known as “secret sharing” or threshold schemes. In this process, the user’s private key is divided into N distinct shares, which are then distributed across separate servers or devices. The reconstruction of the complete private key and the ability to sign transactions require a minimum subset of T shares, known as the threshold.
The two primary secret sharing schemes utilized in MPC wallets include:
Shamir’s Secret Sharing: Developed by Adi Shamir in 1979, this algorithm divides the private key into N shares. Any T shares can reconstruct the key, while T-1 or fewer shares reveal nothing about the key. No individual shareholder possesses complete knowledge of the private key.
Additive Secret Sharing: In this scheme, the key is split into shares corresponding to numbers that sum to the value of the private key modulo some prime number P. Any T of the N shares can be added together (mod P) to derive the original polygon staking wallet’s private key.
In practical terms, the N shares in an MPC wallet are distributed across pools of servers controlled by distinct entities. For instance, in a 2-of-3 scheme, key shares may be allocated to servers operated by a Cloud Service, the User’s Device, and a Third-Party Database. To spend funds, a collaborative effort of any 2 out of the 3 parties’ servers is necessary to reconstruct the ethereum or polygon blockchain private key and co-sign the transaction. No single party possesses enough information to derive the key independently.
This approach eliminates single points of failure, ensuring the security of a user’s funds as long as at least T servers remain uncompromised. Even if one company’s servers are breached, the hacker only gains access to one share of the private key, rendering it useless on its own. Robust encryption and security protocols protect communication channels when shares are transmitted between parties for transaction signing.
MPC wallets also depend on decentralized validation protocols, such as Intel SGX, to prevent any one party from corrupting their share of the key. This guards against malicious behaviors like inserting a backdoor during key generation. Multiple audits and open-source validation contribute to overseeing and ensuring transparency regarding the security of MPC protocols.
Advanced MPC wallet designs take an additional step by sharding the private key into multiple groups of shares. For instance, a 2-of-3 scheme might further split the key into 3 subgroups of shares, each with its own 2-of-3 threshold. This added layer of security requires an attacker to breach multiple subgroups to gain enough shares to reconstruct the complete private key.
Are hardware Ethereum/ Polygon blockchain wallets susceptible to hacks?
Despite being designed to safeguard private keys offline, rendering them resistant to malware attacks, hardware wallets are not entirely impervious to risks and can be vulnerable in various scenarios.
One such vulnerability is exposed through power glitches. In this type of attack, the hardware circuit board is inundated with a sudden surge of power, potentially causing damage to the user’s device. The shockwave of energy can disorganize the device’s circuit, enabling attackers to access sensitive information.
Another form of attack is the side-channel attack, where the attacker observes a hardware ethereum/ polygon multisig wallet’s behavior during a transaction. By discerning the device’s noise when the correct PIN is entered, a side-channel attacker can “listen” to the user’s device and decipher its PIN.
Because hardware wallets are physical objects, they are not immune to the transportation phase. Instances have been reported where hardware wallets were tampered with during transit, not to mention the existence of fake wallets that employ phishing messages to deceive users.
Enhanced security with MPC wallets
MPC cryptography, also known as multi-party computing, involves splitting the traditional private key into multiple individual “shares”. This approach significantly enhances security by eliminating a single point of vulnerability, namely the private key. MPC technology is widely adopted by major institutions, providing custody solutions for companies like Liminal. Notably, Coinbase has announced the development of an MPC wallet tailored for specific applications.
Conclusion
Selecting an MPC wallet is not a one-size-fits-all decision, as suitability varies for different users. MPC wallet stands out as an excellent choice for individuals or small teams seeking enhanced security and usability. Meanwhile, institutional investors can explore a broader array of options, including solutions like Liminal. To identify the best MPC wallet for your needs, consider the following aspects: dApp Connectivity, User Experience, Wallet Security, Native Features, User Interface Design, Customer Support. Given that an MPC wallet serves as the foundational infrastructure for institutional custodians, investors, and traders, the selection process should align with your specific requirements.
