1. Introduction
Distributed Ledger Technology (DLT) is revolutionizing industries like supply chain management, banking, and healthcare by offering decentralized, tamper-resistant data integrity. This is achieved through cryptographic techniques using private and public keys, ensuring authentication and security.
The rapid growth of DLT has spurred increased investment in digital assets, which require specialized custodial services due to their incompatibility with traditional banking. Multi-Party Computation (MPC) wallets enhance security by dispersing private keys among stakeholders, requiring a quorum to reconstruct the key for signing transactions. This mitigates single points of failure, making digital asset management more reliable.
Our MPC-based wallet is tailored for wealth managers overseeing high-net-worth clients' crypto assets. It integrates decentralized key recovery, ensuring secure key generation, transaction management, and recovery. This solution addresses the critical need for secure, efficient, and scalable crypto-asset management.
2. Background
2.1. Multi-Party Computation (MPC)
MPC, developed by Andrew Yao in the 1980s, enables multiple parties to compute functions without revealing individual inputs. Applied to crypto wallets, MPC replaces single private keys with distributed "shards," enhancing security by requiring collaborative signatures.
2.2. Threshold Cryptography
Introduced by Blakely and Shamir, threshold cryptography distributes secrets among parties, ensuring no single entity holds complete control. Our solution uses threshold signature schemes (TSS) for secure, decentralized signing.
3. System Architecture
3.1. Roles
- Client User: Owns assets and controls a private key share.
- Wealth Manager User: Assists in asset management and holds a key share.
- Custody System: Facilitates operations but cannot initiate transactions.
- Blockchain System: Interfaces with blockchain networks.
- Centralized Exchange (CeX): Provides price data and on/off-ramp services.
3.2. Key Features
- 2-of-3 MPC-TSS: Requires two of three parties to sign transactions.
- Decentralized Recovery: Uses the DeRec protocol for secure key recovery.
4. System Operations
4.1. Key Generation
Distributed Key Generation (DKG) ensures no single party holds the complete private key. Key shards are generated locally and combined to derive a public key.
4.2. Transaction Management
Transactions require collaborative signing:
- Initiation by the wealth manager.
- Client or system approval.
- Broadcasting via blockchain gateway.
4.3. Key Recovery
- User-Helper Pairing: Secure communication channels for recovery.
- Share Distribution: Encrypted key shards distributed to recovery agents.
- Periodic Verification: Ensures helper integrity.
5. Threat Model
5.1. Attack Scenarios
- Individual Compromise: Loss of one key shard doesn’t compromise funds.
- Joint Compromise: Two shards can authorize transactions but are restricted by predefined policies (e.g., withdrawal limits).
5.2. Mitigations
- Multi-Factor Authentication (MFA)
- Cryptographically Enforced Policies
- Periodic Key Updates
6. Business Model
6.1. Value Proposition
- Shared-Custodial Model: Balances security and convenience.
- Unified Platform: Supports multiple blockchains and services.
6.2. Revenue Streams
- Listing Fees: For on/off-ramp services.
- Transaction Fees: Charged per transaction.
- Management Fees: Based on assets under management (AUM).
👉 Explore secure crypto management solutions
FAQ
Q: How does MPC enhance wallet security?
A: MPC disperses private keys among parties, eliminating single points of failure.
Q: What happens if I lose my key shard?
A: The DeRec protocol enables secure recovery via decentralized helpers.
Q: Can the custody system initiate transactions?
A: No, the custody system only facilitates approvals and cannot unilaterally transact.
👉 Learn more about decentralized recovery
Conclusion
Our MPC-TSS wallet combines threshold cryptography with decentralized recovery, offering a secure, scalable solution for wealth managers. By integrating compliance features and user-friendly interfaces, it bridges the gap between institutional security and client accessibility.