Why MPC is the Future of Non-Custodial Solutions

And why Smart Contract Wallets need MPC, despite what Vitalik says

This is the second of two articles on private key management.

Welcome back to Coinsights! In the first article of this mini-series, we discussed how regulations around storing private keys need to improve in order to protect crypto users:

To lower the barrier to entry to the crypto ecosystem, many companies are working on solutions that make managing private keys easy. Many of these solutions claim to be non-custodial, yet these solutions can access and lose their users’ private keys. They take advantage of legal gray areas and falsely position themselves as a happy medium between security and user experience…

Non-custodial guidelines need to improve for a safer crypto ecosystem. Specifically, there need to be more restrictive rules around what defines a non-custodial service. If someone chooses a non-custodial service, they should have total peace of mind that their private key is safe in perpetuity from third party risk.

This article concluded that there should be three requirements for non-custodial services:

1. A user can access their private key

2. The service cannot access the private key

3. The service cannot lose the private key

Multiparty Computation (MPC) is a cryptographic technique that can be used to achieve these three requirements.

How does MPC Work?

In short, using #fancymath, a private key can be split into multiple “shares” and distributed amongst trusted parties without one party ever seeing the full private key. A common set up is a “2 of 3 MPC scheme” where:

• 1 share is stored on the user’s device

• 1 share is kept with a third party, typically a wallet

• 1 backup share is emailed to the user in case they ever lose their device

In this scheme, there are 3 shares total. Each share can create a partial signature on the transaction object (since a share is only a part of a private key). 2 out of the 3 shares must contribute a partial signature, after which the partial signatures can be combined to create a full signature that can be submitted to the blockchain. This entire process is considered the MPC algorithm.

Key shares 1 and 2 are used to create partial signatures, which when combined can form a fully signed transaction. MPC!

When a user wants to take an action, they’ll use their wallet to sign a transaction as they normally would. Under the hood, instead of accessing a full private key, the wallet will use an MPC protocol to sign the transaction without ever combining the shares (more on this below). As a result, the third party wallet will never “see” the second or third share on their servers, making it impossible for them to ever take over the user’s account.

Even if a user’s device is stolen or a third party is hacked, users are still in control because only 1 out of 3 shares has been lost. Of course, if both of those things happened at the same time, they’d be in trouble 😅

Importantly, this scheme also fits our criteria for a non-custodial solution:

• A user can access their private key by using the third party or the backup key to make 2/3 shares 

• The third party cannot access the private key because they only have 1 share 

• The third party cannot lose the private key because they only have 1 share

MPC 🤝 Smart Contract Wallets (SCWs)

As a reminder, we covered Smart Contract Wallets (SCWs) in this post. Take a look if you haven’t already!

We’ve talked about how Smart Contract Wallets provide an enhanced user experience through features such as multi-user transactions and spending limits. However, at the end of the day, they’re still smart contracts, and require an EOA to initiate transactions:

The EVM only supports transactions that have been signed with a private key. Since smart contracts don’t have private keys, they can’t create transactions! Therefore, only EOAs can create transactions that in turn call smart contracts.

As a reminder, here’s the visual of how a smart contract wallet works:

In this case, a single party controls the private key. If the private key is lost or hacked, the user can never access the Smart Contract Wallet again.

While MPC doesn’t solve the “you still need an EOA problem” entirely, it makes the process of initiating transactions more secure and simpler. Users no longer need to trust a third-party to hold private keys on their behalf and users don’t need to deal with the headache of securing a private key themselves. Now, we get:

MPC + SCWs provide a smoother user experience

Even though this image is more complicated than the former, the complexity is in the implementation and abstracted away from the end-user. The key result is a more optimal user experience.

In conclusion, MPC and SCWs should be used together to provide the optimal web3 experience. Some people are already working on this, such as the collaboration between Portal and ZeroDev. We highly recommend reading the linked article to understand where the respective technologies' strengths and weaknesses lie.

Bonus Reading

Some people (including Vitalik!) think that SCWs are clearly superior to MPC and the two should not be mixed. Check out these tweets to join the debate 😉

Technical Resources on MPC

A few readers have asked me to include more links for the technical concepts covered in these articles. Here are some on MPC, in ascending order of difficulty:

• An awesome animation by Facebook on how MPC works

• This series on MPC by Partisia Blockchain Foundation

• The MPC-CMP Paper, a new MPC protocol developed by Fireblocks

Next up, we’ll be covering the appchain-ificiation of Ethereum L2s. It’s gonna be a good one! 🚀