Secure multiparty computation (MPC) protocols, originating from the seminal works of Yao and Goldreich et al., allow a group of mutually distrusting parties to compute a joint function fon their private inputs. Typically, the security of such protocols is deﬁned with respect to the ideal model where fis computed by a trusted party T. Updated news about bitcoin and all cryptocurrencies Multiparty computation: The Trojan Horse of crypto regulation Every once in a while, the crypto community crowns a new king for secure transactions, and the latest king seems to be multiparty computation, or MPC. Nov 22, · Every once in a while, the crypto community crowns a new king for secure transactions, and thelatest king seems to be multiparty computation, or MPC. This year, MPC adoption by custodial and noncustodial players has progressed and gained market traction at a .
Multiparty computation bitcoinMultiparty computation: The Trojan Horse of crypto regulation | Bitcoin Insider
Now, some big strides in another hugely important field of cryptography — secure multiparty computation, or MPC — point to a potential Holy Grail situation of both usability and security in a decentralized system.
The beauty of the KZen model is that security is no longer a function of one or more entities maintaining total control over a distinct private key of their own — the core point of vulnerability in cryptocurrency management until now.
Instead the key is collectively derived from individual fragments which are separately generated by multiple, non-trusting computers. The private key that executes the transaction is thus a collectively generated value; at no point is a single, vulnerable computer responsible for an actual key. KZen is not the only provider of MPC solutions for blockchain key management. Unbound, another Israeli company, is going after the enterprise marketplace with its MPC solutions for crypto security.
It makes a repeated case for why MPC is superior to the two preferred approaches to crypto security of the moment: hardware security modules HSM , on which hardware wallets like Ledger and Trezor are built, and multi-signature multisig technologies, which are favored by exchanges. But bringing them into a transactable, online environment poses an overly cumbersome challenge when you want to use those keys to send money. Not only does this approach fail to resolve the dependence on a third-party, but there are serious doubts about whether any such solution can be forever safe from hackers, who are constantly improving their methods for getting over firewalls.
In best-case scenarios, the constant IT upgrades becomes a massive money suck. But in both cases, vulnerabilities have been exposed. Multisig models arguably offer protections across such attacks, because a breach requires simultaneous control of more than one key held in separate locations, but the fact is that multisig solutions have also failed because of both technical and human vulnerabilities inside jobs.
And in each case, the ledger-specific design of the underlying cryptography means there is no support for the kind of multi-asset wallets that will be needed in a decentralized interoperable world of cross-chain transactions. By contrast, KZen is boasting that its key-less wallet will be a multi-ledger application from day one. For some time, the heavy resources needed to carry out these network computing functions made it a challenging, costly concept to bring into real-world environments.
But rapid technical improvements in recent years have made this sophisticated technology a viable option for all kinds of distributed computing environments where trust is an issue. Israel has fostered a remarkable concentration of cryptographic expertise in this space. It would be unwise to assume that MPC, or any technology for that matter, will provide a perfect, totally infallible solution to security problems.
It is always true that the biggest security threats come when human beings complacently believe security is not a threat. The sole difference here lies in how the sender sends the payment.
With a bank, the sender instructs the bank to release the funds; with an MPC provider, the sender and provider jointly sign the transaction. Both parties submit a partial key that is then transmitted to the blockchain by the MPC service provider.
However, the issue is that such backdoors also exist in MPC providers. There is no argument here that MPC providers are just bad guys who want to rob their clients of their funds. As reputable, professional companies working with institutions, they need to meet a primary demand from their clients — that crypto funds are recoverable if someone loses their key. Private key security has long been a sticking point for institutions and crypto firms.
So the ability to recover funds in the event of a key loss is absolutely critical for any firm that is claiming to offer secure crypto storage.
Ultimately, this means that MPC companies could play the same role as banks. If a legal authority demands an MPC service provider to stop a transaction, it will be compelled to do so.
Furthermore, if MPC providers allow users to recover lost keys, it means that a regulator could also issue a demand to confiscate funds. Again, assuming this is a legally binding request, the provider would be forced to comply if they want to stay in business. The regulators are already here. While overall compliance is still low, we can rest assured that the FATF will continue to widen the net until all Virtual Asset Service Providers are included.
The same regulatory conditions apply to all companies who directly or indirectly hold, manage or control virtual assets. So it follows that this regulation creates the same expectations from MPCs as those that are currently applied to the banking system. In the end, this could mean large transactions become reportable to the regulator, and clients are subject to the same Know Your Customer and Anti-Money Laundering requirements as they are for a bank account.
If more evidence were needed, we only need to look at the big banks who have already recognized that MPC technology offers benefits that fit with their existing compliance frameworks. Citibank and Goldman Sachs have already invested in MPC providers, and we can expect many more to be announced very soon. With the United States Treasury Office of the Comptroller of the Currency having already green-lit crypto custody services for federally chartered banks, MPC offers a regulator-friendly way for banks to start digging into the crypto pile.
The fact that MPC service providers limit the mobility of their customers by creating dependency on their own wallets could also prove to be attractive to banks, creating a kind of forced loyalty far removed from the vision of open finance that is held dear by many in the crypto space.
On a technical level, MPC is impressive and might fit perfectly for players who have no concerns about regulators getting involved in crypto. This is a good enough reason to think twice before advocating or using it. The route there is still long and winding, but it would be a step in the right direction for those who advocate the original vision of decentralized, open networks underpinning an internet of value.
I urge you to ask your MPC service provider what happens if you lose your wallet or your seed. This article does not contain investment advice or recommendations.