Rob Behnke
June 22nd, 2023
One of the main selling points of blockchain technology is that it is trustless. Instead of relying on a centralized organization to maintain a ledger tracking the history of the network, the blockchain uses a decentralized system to accomplish this task. A network of independent nodes is provided with incentives to play fairly in a system that doesn’t rely on any of them as a single point of failure.
While the underlying infrastructure of the blockchain may be trustless, many modern applications of it are not. In some cases, one party or a small group has complete control over a protocol, which is why rug pulls are such a problem. Centralizing control increases risk and the chance for a bad actor to misuse the power granted to them.
However, this is not an unsolvable problem. Multi-party computation (MPC) is a useful cryptographic tool that makes it possible to build usable, decentralized systems.
MPC allows distributed computation with secret values. One of the classic examples of MPC is the Millionaire’s Problem. In this experiment, a group of people wants to determine which of them has the highest salary without revealing their individual salaries to one another.
A non-MPC solution to this is to find a trusted third party who can be trusted to hear the participants’ salaries and report back on which is the highest. However, this is not always possible and can defeat the point of the exercise.
With MPC, each of the participants in the scenario will individually perform some computation and provide the result to the other parties. By comparing their results, the participants will be able to determine whose salary is the largest. However, these public messages and results are designed to not reveal the individual salary of any participant.
One of the biggest security challenges in blockchain technology is private key security. Private keys are used to generate digital signatures to approve blockchain transactions. Anyone who knows the private key associated with a blockchain account can generate a digital signature for that account. This is one of the main reasons why private key theft and rug pulls are such major problems in the cryptocurrency space.
One way to manage this threat is to break up a private key into multiple different key shares. This is often implemented as an M of N scheme where a minimum of M out of a total of N shares are needed to generate a valid digital signature. Under such a scheme, stealing a single key share — or any number of shares less than M — provides no benefit to the attacker.
Schemes for implementing M of N key sharing — such as Shamir’s Secret Sharing (SSS) — have been around for some time. However, they often require a setup phase in which a secret key is generated before being broken up into key shares and distributed to the various participants.
After this setup phase is completed, the original, complete secret key is destroyed. However, there is still a risk that a participant in the process made a copy of the original key or that it was not fully deleted, enabling them to unilaterally generate digital signatures.
MPC provides the ability to set up a key sharding protocol without this risky setup process. Each holder of a key share independently generates their own share without revealing it to any other party. Then, they use MPC to calculate the public key associated with the account without ever calculating the corresponding private key.
By calculating the public key, they make the account usable because it is now possible to verify digital signatures using that public key. However, by avoiding the generation of the complete private key as part of the process, they eliminate the risk that it might be leaked or abused.
MPC can be used for any use case where it’s useful to decentralize a particular calculation. While there may be multiple uses for this on the blockchain, the most widely applicable is protecting private keys.
MPC wallets — which use MPC to protect private keys — fill a similar niche to multi-signature wallets. In both cases, decentralizing control over a blockchain account reduces the risk of private key theft and rug pulls.
Using MPC instead of algorithmic multi-signature approaches has a few benefits, including:
Protocol Agnosticism: MPC creates a private or public key that is indistinguishable from one generated using a single private key. This allows it to be used with any protocol, even if the protocol doesn’t explicitly support multisignatures.
Efficiency: MPC wallets generate a single signature, while multisignatures generate one for each signatory. A single signature requires less data, which decreases gas fees.
Privacy: With multisig wallets, a signature is generated by each signer, revealing exactly who signed, which hurts privacy and can help inform attacks targeting these keys. With MPC, only a single signature is generated, concealing the number and identities of the signers.
MPC can be a powerful technology for blockchain privacy and security. If implemented correctly, it can decentralize control over blockchain accounts and the process of performing sensitive calculations.
However, MPC can provide a false sense of security if not designed and implemented securely. For help in designing and testing the use of MPC in your blockchain project, get in touch with Halborn.