Cryptocurrency wallets serve the purpose of securely storing, sending and receiving digital assets like Bitcoin, Ethereum, and other tokens. These wallets hold the private keys necessary for accessing and managing funds associated with specific blockchain addresses. However, there are various obstacles that users encounter when using wallets, hindering new users from entering the crypto space and creating challenges for crypto development.
Thus, the implementation of effective solutions becomes paramount. One notable solution is the adoption of Multi-party Computation (MPC) Wallets. This article will discuss the challenges posed by traditional crypto wallets and highlight the advantages of utilizing MPC for a more robust solution.
Challenges Faced by Traditional Crypto Wallets
In the last article on crypto wallets, we have walked you through the concept of crypto wallets and the necessary changes for achieving widespread adoption. We explained how each EOA (Externally Owned Accounts) wallet typically employs a seed phrase, also known as a recovery or mnemonic phrase. This sequence of words is generated during wallet creation and acts as a safeguard, enabling users to recover their wallet and assets if the original one becomes lost, damaged, or inaccessible.
While seed phrases provide a high level of security and control over cryptocurrency wallets, some people may find them cumbersome to manage or worry about the possibility of losing or forgetting the phrase. Seed phrases need to be stored securely and kept safe for the long term, as losing the phrase can result in permanent loss of access to the funds in the wallet.
In response to the growing need for enhanced protection of crypto funds, the industry is turning to MPC wallets as a more resilient and smarter choice.
MPC Wallets as a Solution: Elevating Security & User Experience
How do MPC Wallets Work?
Figure 1. How MPC Wallets Work. Source: Mercuryo
Multi-party Computation (MPC) is a cryptographic technology that divides private keys into multiple encrypted shares called ‘shards’. These shards are distributed among multiple parties which can be other wallet users or the wallet provider's servers. Each party then uses their shard to compute their own signature share. Only when these signature shares come together can one authorize transactions and gain access to the digital assets.
Again, the participating entities do not have to reassemble the private key; all they need to do is to gather the required signatures to authenticate one transaction. This means the private key shares of each party do not get revealed, guaranteeing the assets' safety during the entire procedure as no party will be able to gain control of the others' shares and put their hands on the assets.
In this aspect, the mechanism of MPC can be said to be superior to EOA wallets that rely on singular private keys or seed phrases, because now MPC wallets eliminate the risk of a single point of failure (1).
What If One Party’s Private Key Share is Compromised?
Thanks to the threshold cryptography on which MPC wallets are designed, a perpetrator would have to infiltrate a lot of shares beyond the set limit (the threshold) to access the private key, which makes system attacks considerably tougher. In this case, the threshold represents the minimum number of shares required for cryptographic tasks like transaction signing. Depending on the security needs and the number of involved devices or participants, this threshold can be adjusted.
Not only do MPC wallets possess high attack tolerance, but their level of fault tolerance is also remarkable. Even if certain devices or shares become unavailable, the remaining shares can continue cryptographic operations, as long as the threshold requirement is met (2).
Let's take a look at Cypherock’s hardware MPC solution. In this case, you can imagine your private key is like a pizza, split into five slices. One is a hardware wallet, and the other four? They are contactless cards. If you want extra cheese for security? Add a PIN to all slices. To buy a pizza (= send a transaction), you just need a slice and the hardware wallet. As for Cypherock users, some go James Bond, hiding slices worldwide. Others? They stash a slice at home, toss some in bank vaults, or hand them to their BFFs (3).
Figure 2. Cypherock’s hardware MPC solution. Source: Cypherock
Besides, MPC wallets can also enhance protection against threats like keyloggers (recording keystrokes secretly), phishing (deceptive attempts such as identity theft, etc.), and malicious software (harmful codes) since the private key is never entirely revealed to any equipment (4).
But if you ever find yourself in an attack or forgetting your private key share, a standalone Emergency Escape function for asset retrieval can be integrated. This distinct capability lets you retrieve your assets without a third-party's involvement, asking for just two out of the three access methods that you use to generate your private key: a device, a cloud backup, or a protected account sign-in, at least in the case of OKX (2).
Although this "seedless" method greatly differs from conventional key protection, certain MPC wallet versions might still employ seed phrases for enhanced security as an extra backup or recovery choice (3). This means that having your seed phrase ready is still important to regain possession of your assets in the wallet. There is yet a standardized method of recovery when it comes to MPC wallets. For now, the chosen process of getting your key share back is varied from one wallet provider to another.
Better User Experience
Traditional cryptographic methods often ask users to have trade-offs in terms of ease of use and security. While a straightforward UX/UI design might suggest compromised security, a product boasting top-notch security might confuse users with difficult technical knowledge. This is where MPC wallets shine.
To elaborate on this point, we’ll employ an example from Trust Wallet’s MPC solution, which is powered by the infrastructure provider Web3Auth. Their MPC software incorporates a system of five authentication factors, mandating the use of any two among those five to open access to a user's assets. These factors encompass a manual backup of the device key shard, online account login (Google, Apple, Telegram, Discord), device authentication, SMS OTP code, and a recovery email (3). This effectively narrows the division between Web2 and Web3 user experiences, presenting a more user-centric approach while still being able to preserve the state-of-the-art security that MPC wallets' technology boasts.
Other MPC wallets, such as Zengo, even stretch these capabilities to a real-world extent by featuring a biometric face map as a backup recovery method.
We anticipate a deeper insight into the on-going development of user experience by different MPC wallet providers during KBW 2023.
Room for Improvement
There are certain drawbacks associated with MPC wallets.
Slower Transaction Times: Transactions in MPC wallets may experience slower processing times compared to single-signature wallets. This is because multiple signatures are needed for transactions, leading to potential delays. Coordinating signatures from various parties, especially when they are in different time zones, can contribute to longer transaction times (1).
High Communication Costs: MPC wallets involve extensive communication among the parties participating in the MPC protocol. This increased communication can lead to higher bandwidth usage and network latency for the devices involved. Moreover, it may expose these devices to network security threats like denial-of-service (DoS) or man-in-the-middle (MITM) attacks (5).
Conclusion
As Web3 continues to evolve, the need for enhanced wallet security becomes paramount. Multi-party Computation (MPC) wallets present a smarter and more secure solution for protecting digital assets against various threats. By distributing private key shares and reducing reliance on one single point of failure, MPC wallets offer unparalleled security and flexibility. Users can enjoy the convenience while maintaining full control over their assets. Whether it's hardware-based or software-based, MPC wallets prove to be the smart choice for safeguarding digital assets in today's dynamic financial landscape. If you're considering integrating MPC or Multisig wallets into your project, options like Dfns, Web3auth, Blockdaemon, and Haechi Labs are available.
Reference
-
Juan Leal on thirdweb, What is an MPC wallet?, April 07, 2023
-
OKX, MPC Wallet: What is a multi-party computation (MPC) wallet?, April 05, 2023
-
James Cirrone on Blockworks, MPC Wallets Have a Trade Off. Is It Worth It?, May 09, 2023
-
Bizzllet, What is MPC?, April 25, 2023
-
Ivan Cryptoslav on CoinMarketcap, What Are Multi-Party Computation (MPC) Wallets?, May, 2023
M3TA Analytics — Website | Twitter | Telegram | Substack | CoinMarketCap | Threads
Established in 2022, M3TA is an AI-enabled data analytics platform dedicated to Web3 & emerging blockchains. Our team, composed of experts from Stanford, MIT, and Fortune 300 companies and seasoned in Defi, NFT, Metaverse & Gaming and Web3, distills over 10TB of data, covering 500+ projects and 5K+ tokens to produce clear insights for all audience levels. Boasting a robust presence in Korea, Vietnam, and South-East Asia, and spanning an evolving partner network, most currently with Google Cloud and FactBlock, M3TA is your trusted partner in unraveling blockchain complexities.
Writer & Reviewer: Research Analysts & Content Writers at M3TA Analytics
#MPCWallet #Seedphrase #PrivateKey #HardwareWallet #M3TA