The Power and Potential of Multi-Party Computation (MPC)
Assessing Limitations and Risks of Current Seedless Wallet Solutions in the Web3 Landscape
Disclaimer: Written in December of 2022.
What is Multi-Party Computation (MPC)?
Multi-Party Computation (MPC) is a cryptographic method designed to facilitate collaborative computation among multiple parties, each retaining their own fragment of sensitive information. Through MPC-based algorithms, these parties can collectively compute a desired result without compromising confidentiality. MPC enables multiple parties to evaluate a computation without ever revealing any of the private data given that each party withholds their own private data. Notably, in MPC, the combined data of all participants doesn't directly unveil the secret; rather, it serves as input for the computation at hand. As such, MPC is of the most powerful tools for protecting private keys in crypto.
Two Basic Properties of an MPC Protocol
Privacy - Private information must not be able to be inferred from the execution of the protocol. (Similar to a ZK proof. The difference can be found here)
Accuracy - If multiple parties deviate from the set standard or decide to share information with each other, it must not compromise the private information of honest parties.
In any MPC, parties each possess a piece of private data. These participants can then come together to compute the value of the public function while still keeping their own data secret.
MPC Context/Background
The primary use of MPC is securing digital assets but more specifically it has become the standard for institutions looking to secure their assets while still being able to access them quickly.
Some background before we get into solutions
To use/interact with digital assets, wallets consist of a public key and a private key. The ability to transfer and keep your digital assets safe is all dependent on keeping your private key safe.
This led us to the development of things like Cold Storage and Hardware Wallets which at one point were the only solutions for digital asset storage which led to the development of MPC.
With MPC, private keys no longer need to be stored in one single place. MPC gives users the ability to break up their private keys to multiple parties. Therefore, having no single point of compromise.
MPC technology decentralizes the private key allowing for more personnel to access the wallet but also increasing the security of the wallet and making it harder to hack. Every subsequent transaction must be approved by all holders of the private key. Thus, for a hacker to be successful the hacker must attack multiple parties across separate operational locations simultaneously to be successful.
MPC Wallet Solution Landscape
One of the biggest points of friction for Web3 adoptions is the friction of wallets and the management of private keys, seed phrases, and other complexities of externally owned wallets. As such the next generation of Seedless Wallets attempts to reduce the many points of friction with current Web3 wallets.
Drawbacks of Current Seedless Applications
One drawback with current Seedless Wallet providers is the use of centralized hosting solutions which defeats the purpose of self-custody and meaningful ownership of the Web3 ethos. In addition, many of these providers are in themselves a single point of compromise given that many don't separate users' seeds in different places or have access to all user data that is not password protected. The biggest issue of course for Seedless applications is the balancing between maintaining the Web3 ethos and the convenience and interoperability that you get from Web2.
The Tradeoffs of Seedless Key Management
All current solutions can be scaled based on their relation to the pursuit and balance of seedless key management and self-custody.
The main purpose of seedless wallets is to abstract the account management and complexities of Web3 in order to resemble a Web2 framework. In order to achieve this abstraction wallet providers delegate authority over the client's account to third parties or their own centralized servers.
Ex: Magic Link requires users for authorization to access their encryption key and as such to be able to interact with user funds. On a technical level, The user makes a call to Magic Link’s centralized hosting AWS HSM server for access to the master key to do so.
“The latest generation of wallets rely on new technologies such as secured cloud storage, MPC, and smart contracts to enrich the design space and bring users a new set of functions to manage and use their Web3 account.” - Chen Li, Youbi Capital
Current Wallet Solution Landscape
Comparison Of Current Existing Seedless Wallets
I created this chart on the basis of the following 5 Factors:
Gas fee
Switch Device/Portability (ability to transfer private key to a new device)
Security
Custody (service availability and censorship resistance)
Functionality (ability to implement more account management features: multiple signatures, delegated signing, sponsored gas fee, and etc…)
Ongoing Development of MPC: Programmable Pair Keys
Lit is a decentralized protocol which stores key shares on Lit network nodes. Key pairs are represented by a PKP (Programmable Key Pair) NFT (ERC-721) (owner sole controller of keys). Each PKP is generated collectively by the Lit Nodes through a process called Distributed Key Generation (DKG). This enables key generation where nobody knows the whole private key. The NFT owner can grant the ability to use the PKP to sign and decrypt data to both other users (via their wallet address) and also to Lit Actions.
This allows for greater decentralized functionality such as the ability to access, control, asset management, and automated on-chain interactions. As aforementioned this can all be done by signing privileges to a Lit Action (immutable code deployed to IPFS), PKPs can be used as an MPC or decentralized cloud wallet that uses any authentication method. Lit Protocol uses cases are long and quite game changing.
This functionality is essentially securely trading a private key, which has been impossible until now. This also breaks soulbound NFTs, because now you can securely trade the underlying private key that owns the soulbound tokens.
Conclusion
MPC and smart contract wallets are not competitive but rather will work complementary to help where the other lacks. MPCs allow for greater security and institutional shared management to scale. On the contrary, SCW brings functionality and compatibility on an ecosystem-unique need basis. MPCs can augment current multi-sig functionality by dividing private keys into multiple parts. Thus, allowing each individual to safely store their piece on their local machine. DAOs and other similar communities are likely to see the greatest benefit by leveraging PKP, they can manage a decentralized cloud wallet bringing greater functionality to existing DAO governance and interoperability. The balance between security and UX of seedless wallet solutions will continue to have to be ironed out before reaching mass singularity. However, there is little doubt in my mind that seedless management solutions/MPC solutions will be the drivers for mass adoption and be an integral part of the next batch of Web3 consumer apps that will follow.