What is Multi-Party Computation (MPC) And How Does it Secure Digital Assets?

發佈於 Mar 19, 2021 | 部落格


With cryptocurrency prices at all-time high levels, investors and custodians like digital asset exchanges and institutional funds are becoming increasingly concerned with the security measures they implement to safeguard their assets. 

In 2020, billions of dollars were stolen from exchanges and over $150 million from DeFi protocols. The $275 million Kucoin hack for example happened because private keys became compromised. In the last 2 weeks alone PanCakeSwap, Paid Network, Roll and Cream.Finance were compromised, totalling millions of dollars. 

As a result, the strongest possible wallet and transaction encryption and security technology is now quickly becoming a must-have, instead of a luxury, for digital asset custodians. One of the best strategies to protect your assets is to use multi-party computation (MPC). Recently, Curv was bought for an estimated $200m by PayPal for its MPC expertise. Companies like Cybavo with their expert security team also specializes in MPC technology. Let’s dig a bit deeper and see what the big fuss about MPC is, its history and use cases. 

What is Multi-Party Computation (MPC)?

Multi-party computation (MPC) is a cryptographic protocol that powers shared computation without compromising the security and privacy of data. It is a method of distributing computation across several individuals where no single party can see the other individuals’ information.

MPC builds on the conventional cryptographic mechanisms that lean toward security and privacy by allowing the involved parties to compute data without a third-party to intervene. Other names for multi-party computation include secure multi-party computation, secure computation, or privacy-focused computation.

History of MPC

The viability of privacy-focused computation started creeping into the cryptography world in 1982. Before then, cryptographers only focused on encrypting messages between two parties. In 1982, 2PC (2-party computation) ignited the MPC engine.

Andrew Yao introduced 2PC, which solved the millionaires’ problem by providing cryptographic methods to interact with “true”, “false”, and other “Boolean logic”. For example, he wanted to help two wealthy individuals, Bob and Alice, to know who’s richer than the other. The hurdle, then, was conducting the computation without revealing their personal wealth.

Yao practically applied the 2PC method in 1986. In 1987, computer scientists O. Goldreich, A. Wigderson, and Silvio Micali also delved into 2PC, taking it a notch higher by including more parties in computation through generalization. This led to the introduction of the GMW approach, which provided an MPC computation with the ability to guard against dishonest participants. 

In 1990, MPC entered broader awareness  when it started getting utilized for mobile security, universal composability, and other areas.

However, it was not until 2008 when a practical, secure, and fully private application took place. And in 2010, the technology found its way into digital asset wallets, enhancing its security features. In 2019, the first iteration of the multi-party computation key-refreshing algorithm came to life.

Digital Asset Custodial Platforms

Before looking at how badly cryptocurrency custodians need privacy-focused computation, let’s look at why we need the technology in the cryptocurrency scene.

Holding a private key gives you the capability to send an asset to another party. Therefore, if the key is in another person’s hands, such as a custodian, then you don’t fully control your assets.

In fact, there’s an adage among crypto investors that states “[not your [private] keys, not your coins,”] which discourages anyone from storing the bulk of their crypto wealth on exchanges and other custodial wallets that don’t grant them full control over their private keys.

Cryptocurrency storage comes in the form of either hot or cold wallets. Hot wallets store private keys online while cold or hardware wallets store the keys inside a physical offline device, communicating only through a tethered USB connection (like Ledger Nano S or Trezor) or encrypted Bluetooth (like CoolWallet and Ledger Nano X).

Mostly, digital currency custodians hold private keys for their customers. Before MPC, crypto custodians relied on cold vaults to secure these assets. Unfortunately, hackers have found ways to withstand the cold, so to speak, and breach these vaults, stealing millions worth of user funds. 

This has been proven countless times by all the hacking incidents that occurred on centralized exchanges in the past 2-3 years and discouraged users to shy away from online wallets and only keep a small portion of their funds on exchanges for trading purposes. 

On the flip side, hardware wallets have gained immense popularity for their detachment from the internet, narrowing the attack vector from hackers. Additionally, enterprise users bet their wealth on the crypto key management features offered by this type of hardware. However, it turns out that they are not foolproof.

Why Do Cold Wallets Need MPC?

As the digital revolution takes over, cybercriminals have found glaring faults in cold wallets.

While cold wallets are theoretically as safe as you can get due to its lack of connectivity, they can still be breached because individual investors and companies make mistakes, sharing their private keys or recovery seeds with the wrong party either accidentally or on purpose, for example with a friend. 

Phishing, malware and supply chain attacks throw wrenches in the works

Ways an investor can reveal their private keys and get hacked are many, for example falling for a phishing scam (online or telephonic), unknowingly installing malware or ransomware on their device, or leaving their recovery paper wallet in an unsecured location, where others can lay eyes on it. 

Then there are of course physical tampering threats, such as supply chain attacks (see Ledger) where the wallets get compromised before they reach the customer, and other man-in-the-middle threats, which were highlighted in 2019’s wallet.fail conference. And if all else fails, of course there’s Trezor’s infamous “$5 dollar wrench attack” argument. 

Security during transfer isn’t guaranteed

A cold wallet only secures assets as they are stored in the device, not during transit. Furthermore, digital assets need to be moved to a hot wallet to complete a transaction, which compounds the problem.

Hardware Vulnerabilities 

Hardware vulnerabilities are hard to spot and even harder to fix. In 2019-2020, exploits became the norm in the crypto world. Usually, by the time they are detected, someone would have already used them to steal user funds. And resolving these shortcomings takes months, if not years.

How Does Multi-Party Computation (MPC) Work?

Luckily, there is an alternative solution. We just need to merge crypto private keys with MPC. This would allow multiple parties to hold parts of a single key, with no single party knowing which section of the key the others hold. Consequently, cryptocurrency holders don’t have to provide the real key to a custodian, thus, avoiding a single point of failure.

One of MPC’s greatest features is secret sharing. In order to anonymously distribute data between parties, each individual’s data is subdivided into chunks and shared with others in the group. Notably, the data pieces have no meaning by themselves.

To elaborate, let’s share number A with a value of 42 between two computers. The number has to be divided into two (A1-A2). A1 has 50, and A2 is -8. A1 goes to one computer, and A2 goes to the next. So, when we add A1 and A2, we get 42. In doing so, neither computer knows the actual value of A.

The exact mechanism applies when dealing with private keys to digital assets. With a private key, the transaction passes through all the parties, with each adding their section of the key without revealing or accessing the other parts of the key.

Examples of MPC in Practice

To better understand the twists and turns of using MPC in real-world applications, let’s take a simple example. Three employees, John, Grace, and Jackie, want to know whether they are underpaid. Computing their salaries is even more challenging since they work at different companies. John earns $60K, while Grace and Jackie make $70K and $80K, respectively.

Applying secure multi-party computation would involve dividing and masking each person’s salary. For example, John’s data can be represented as $10,000, $100,000, and $-50,000. Grace takes -$40,000, $120,000, -$10,000 while Jackie’s salary could be $180,000, -$30,000, and -70,000. Note that there are infinite ways to generate three numbers that add up to the same value.

Each participant shares two of their pieces with the others. Interestingly, when each sums up their allocated values, they each get a figure which, from the surface, is meaningless. However, if each gets the final three values and divides by three, it gives a similar average.

The application of MPC to private keys uses the Threshold Signature Scheme (TSS), a subsection of privacy-focused computation that allows a key to be split and shared among different computers. Since MPC is purely software, there’s no rebuilding of the keys. Therefore, it provides room for decentralized transaction signing.

Multi-party Computation MPC Algorithms

Here are some MPC algorithms currently in use. 

Gennaro and Goldfeder 

This is among the top MPC algorithms in use. Unfortunately, it has efficiency issues, especially with the data shards, since it requires users to wait for nine signature iterations. Additionally, it has no room for use in hardware wallets like those used by custody platforms.

The Lindel et al. Secure Multi-party Algorithm

Lindel et al. MPC differ from Gennaro and Goldfeder by requiring eight instead of nine signature rounds. Unfortunately, it still lacks support for cold wallets. Additionally, it doesn’t provide the required efficiency for today’s usage.

The Doerner et al. Algorithm

The Doerner et al. algorithm has a threshold of six signatures but doesn’t match today’s operational efficiency.


Being the latest, the MPC-CMP algorithm hosts superior features to the above three MPC algorithms as it only requires one signing round for a transaction to be validated. Therefore, it increases the signing speed by 800% relative to previous algorithms, which matches today’s operational needs.

This new version removes the necessity to physically access a hardware wallet by adding a minute-long key refresh mechanism. This feature reallocates the key shards within minutes, thus, improving storage security. 

MPC Usage on Cold and Hot Wallets

Cold wallets offer superior security compared to hot wallets since they allow offline transaction signing before commencing an asset’s movement online, which is a more secure process considering that if a malicious actor intercepts the transaction, they would have no access to the secret key.

Unfortunately, cold wallets aren’t designed for high-speed usage like cryptocurrency exchanges since it takes up to 48 hours for them to move assets. Additionally, hardware wallets don’t protect against credential theft and deposit address spoofing.

On the other hand, hot wallets are too exposed to online threats for anyone to trust them with their virtual wealth. Think of the error-prone address copying and pasting procedures involved. Some hot wallet providers think multi-sig is the appropriate solution, but not all blockchains support this functionality.

Multi-party computation, on the other hand, removes the single point of failure by distributing the private key across multiple blind devices (no one knows about the other). When the whole key is required, the participating devices, or an agreed section of those devices, activate.

Since a private key is never reconstructed, hackers will have an extremely rough time attempting to penetrate since they would have to simultaneously hack a decentralized set of different devices with varying operating systems. 

How MPC Compares with Other Security Methods

The great contender to MPC is hardware security modules (HSMs). In this method, security comes from physical devices that are inserted into a computer or mobile device to complete a transaction.

Unfortunately, HSMs don’t fit into intricate business applications such as those utilizing cloud-based systems. Furthermore, HSMs limit the number of protected keys, and their deployment can’t be automated.

Most importantly, an HSM centralizes the keys, leading to a security risk that is meant to be avoided in the first place. With MPC, on the other hand, the keys are divided into chunks and distributed across devices in multiple locations. Moreover, it allows the automation of the transaction signing process since everything is software-based. This makes MPC a superior security method to HSM.


A good MPC should also be bundled with very secure identification solutions to prevent the private key being used or hacked by someone else. This is a key strength of Taiwanese Fintech company CYBAVO.

The cybersecurity firm has created their own Authentication & Authorization App which their customers use to securely log in to their VAULT system. In addition, VAULT also supports Yubikeys authentication via their hardware security key solution.

CYBAVO secures private keys and provides management enterprise solutions for blockchain by using a multi-party computation to eliminate single points of failure in its secure key vault. Interestingly, it offers on-premises key storage where crypto private keys never leave their clients’ premises. Cybavo’s customers span from digital currency exchanges to crypto custodians or managers.

With CYBAVO, an enterprise can schedule the number of approvals needed during a transaction. The firm calls this the “chained and threshold approval process.” The company supports over 20 cryptocurrencies, including Bitcoin (BTC), Ethereum (ETH), Binance Coin (BNB), and Litecoin (LTC), as well as staking services for the likes of Ethereum 2.0

Notably, CYBAVO is among the founding companies that launched the MPC Alliance, an association of companies that collectively aims to improve privacy and data security through multi-party computation.

The demand for quality MPC-based service providers is on the rise, as indicated by the recent acquisition of Curv by PayPal for a rumored $200 million valuation. 

Curv provides enterprise-based cloud-centric options to secure cryptocurrencies using, yes you guessed right, MPC. This is an area that CYBAVO excels at as well and the company has quickly garnered industry praise and trust from leading crypto custodians.

Future Importance of MPCs for Institutional Investors

Although secure computation offers superior advantages over other traditional security methods, its widespread usage is only beginning to take shape in the commercial application scene.

Database and cryptographic data security, as well as Data-as-a-Service solutions, are some of the areas multi-party computation will have an immense impact on in the near future. Other MPC applications include off-exchange matching, privacy-preserving statistics, and cloud private key management.

Notably, corporate digital asset custodians prefer MPC due to its ability to provide easy, secure, and speedy access. 

To learn more about MPC and what it can do for you, contact Cybavo’s team of cyber specialists at info@cybavo.com.