Multi-Party Computation (MPC) Adoption: The Cure For Institutional Crypto’s Security Headache?

发布于 Dec 27, 2021 | 部落格

MPC_title_banner

Introduction

Crypto investment is going mainstream and everyone wants a piece. With billion-dollar companies, traditional financial institutions, and even federal governments purchasing, mining, and accepting cryptocurrencies as payments, the big question remains though: How do you keep your asset safe? 

With phishing, hacking, scamming and ransomware attacks reaching endemic levels as they bleed ill-equipped crypto wallets dry, the importance of digital asset security has resurfaced into the spotlight. Poor wallet security, both custodial and non-custodial, remains a perennial threat to widespread crypto adoption. 

The rise of institutional interest and private investors in cryptocurrency has unfortunately led both of these parties to fall prey to bad actors who wish to take advantage of security flaws and mismanagement of private information that could help them anonymously steal your hard-earned coins and tokens.

While hardware wallet storage, multi factor authentication, air gap storage, and many other features are used to keep cryptocurrencies safe in cold storage, bad actors are constantly adapting to new advancements and measures through cunning, deceptive and exploitative means.

The safe off-line storage and management of your private key/ seed phrase is the only way to guarantee that you alone (or your exchange in the case of custodial wallets) can access your digital assets. Unfortunately, this is not a feasible solution for institutional wallets where more than one party is involved. Mistakes can and do happen, and they can be simple yet devastating

The biggest threat to digital asset ownership is the loss or theft of the private key. Hackers target the private key when it is exposed in memory (the only time it exists in a decrypted state) via various forms of malware and system exploitation.

With private key mismanagement being a significant risk to mass crypto adoption, institutions are beginning to adopt and integrate multi-party computation (MPC) technology to safely store crypto assets and data.

What is Multi-Party Computation (MPC)?

Multi-party computation (MPC) is a cutting-edge cryptographic approach that removes the reliance on a single private key instance (single point of failure) and instead generates multiple key-shares that exist in different locations and sometimes even in different networks. Each instance contributes its key-share to a deterministic algorithm that generates the signing event.

How does MPC help DeFi and exchanges?

While exchanges and wallet technology have continued to improve with mass crypto adoption, bad actors continue to find a way to bypass security protocols and access private funds, often taking millions of U.S. dollars worth of coins and tokens. 

With exchanges being responsible for handling millions or billions of dollars every day, all while holding the private keys to their customers’ custodial wallets, it becomes their obligation to use every available advancement to protect the security of their customers’ assets, and protect their own reputation against hacks or mismanagement of private keys or funds. 

How MPC technology ensures crypto asset protection

Many centralized and decentralized exchanges, as well as software companies, are taking a proactive approach to avoid future hacks and breaches of their stored assets.

MPC capabilities go beyond only preventing cryptocurrency theft. Functions such as secret sharing, which shares data anonymously among several parties, are invaluable to companies that store important data with real-world value to thieves, who will then hold the information hostage in exchange for a ransom. With the SolarWinds hack being the most recent global example of this kind of cybercrime, many companies are searching for solutions to protect sensitive data and information. 

Alternative solutions for private key security

Two similar but less secure methods have previously been used to store and maintain private keys or data, multi-signature (multi-sig) and hardware security models (HSMs)

HSMs, similar to hardware wallets, tout their security by using a physical device to complete a transaction. While this is secure for individual transactions, as your seed phrase can be stored on this device and activated for each transaction, it is not practical for intricate, large-scale business practices, such as cloud-based systems. Your entire private key is also stored on a single device, unlike other forms of security that divide your key to ensure it is secure.

Multi-sig requires a signature to be entered from multiple keys. While a better solution than having a single key, it does not scale well, as it can be difficult to keep up with the number of employees that have keys, whether or not they are the right individuals, or how many signatures are needed for a transaction. Furthermore, Multi-sig only supports a few types of blockchain and their associated digital assets and is therefore not a ubiquitous solution for secure private key management across the digital asset ecosystem.

Unlike multi-sig, MPC is blockchain agnostic and  allows for real-time modification of the signature scheme, making it infinitely more flexible and scalable.

While each of these solutions provide different security features, multi-party computation is the most secure and scalable option that security providers and investors should choose to trust with their cryptocurrency and data.

How CYBAVO provides peace of mind for institutional assets

Blockchain security company CYBAVO, one of the founding members of the MPC Alliance, has continued to improve its security capabilities by layering its MPC technology with a diverse array of additional security features. 

CYBAVO has developed a unique Authentication & Authorization App so that users can securely access their flagship product, the CYBAVO VAULT. CYBAVO VAULT is a secure storage and wallet management system designed for enterprises to perform streamlined blockchain transactions in a secure and efficient manner.

CYBAVO also enlists Sepior, a world-leading threshold security provider, with its Threshold Signature Technology (ThresholdSig), preventing your private key from existing entirely on any single device. 

CYBAVO, with its world-class team of cybersecurity veterans, provides an industry-leading solution that offers security features to ensure security throughout all the stages of a transaction. Their S&P AA-rated international insurance adds additional reassurance for institutional investors, and their ISO 27001 and NIST Certification further attest to their commitment to providing the most secure solution. Learn more about CYBAVO’s insurance here and important insurance criteria to consider when choosing the service provider.