MPC Wallets Have a Trade Off. Is It Worth It?

Wallet security experts spoke to Blockworks about the convenience and security of MPC wallet solutions

article-image

boonchoke/Shutterstock modified by Blockworks

share

As blockchain technology continues to evolve, the security of digital assets remains a top concern. For years, private keys have been the backbone of wallet security, with the key holder being the only one able to access the contents of the wallet. However, the methods for storing and protecting these keys have undergone significant changes over time. 

Initially, users were responsible for securing their raw private keys. These were long and complicated strings of characters that were difficult to remember and easy to mistype or lose. 

Read more: What Is a Crypto Wallet? All You Need To Know

Next came the era of seed phrases — a series of 12 or 24 random words that allowed users to recover their assets if their chosen wallet front end was disabled, lost or stolen. These were not particularly ideal either, as they remained vulnerable to phishing, brute-forcing, dictionary attacks, and more.

MPC wallets are a more recent attempt to secure people’s crypto. Multi-party computation, or MPC, wallets do away with the traditional concept of user-facing private keys entirely, replacing them with a process that involves breaking up a holder’s key into different pieces, called shards. While this purportedly “seedless” approach is a significant departure from traditional key security, some implementations of MPC wallets may still utilize seed phrases as an additional backup or recovery option for added security.

MPC wallets also allow users to define the required number of shards needed to authorize a wallet’s transactions, whether it’s two, three or more. As a result, advocates of MPC wallets say they provide a more robust and flexible solution for securing digital assets, effectively mitigating risks associated with loss, theft or unauthorized access.

Past solutions have held similarities to MPC wallets, but with a few important distinctions. For instance, multi-signature wallets need several signatures to initiate transactions. Similar to MPC shards, users may distribute these signatures among multiple parties or locations, reducing centralized failure risks. However, they lack the recovery options of MPC wallets and rely mainly on seed phrases and private key possession to maintain their advantage.

Read more: What Are Seed Phrases and Are They Necessary?

Rohan Agarwal is the CEO and co-founder of Cypherock, a hardware MPC solution. He told Blockworks that certain MPC wallets, especially those relying on software or web apps, trade a high level of security for increased ease of use.

Instead, Cypherock allows users to keep all their shards offline using a hardware device, similar in form to cold storage solutions like Ledger and Trezor. Agarwal said, “With most of the software wallets…people are more inclined towards convenience, and that’s why you have hardware wallets and solutions like ours which is a privatized sort of security for keeping most of your assets.”

With Cypherock’s MPC solution, the user’s key is split into five shards. One is the hardware wallet and the other four are NFC-enabled cards. Users can optionally choose a PIN number to add across all shards as an extra layer of security. To send a transaction, a user requires only a single card and the hardware wallet.

Having multiple cards means that even if a user loses three of the five, they can still transact and access their funds with the one remaining card and the hardware wallet, Agarwal told Blockworks. He added that if your hardware wallet becomes inaccessible, any two private key shards can be used to restore the wallet account on a new device.

Agarwal also told Blockworks that Cypherock customers get to decide how to keep their private keys safe. He said that users most concerned with security often split the cards up between different locations — sometimes even in different countries. Others tend to keep one card and the hardware wallet in their home, while keeping the rest of the cards in bank lockers or with trusted individuals like friends and family.

There are also software-based MPC wallet alternatives. ZenGo is one example. Utilizing MPC and threshold signatures, ZenGo divides the user’s private key into two shards: one held by the user and the other by the company on its secure servers. To initiate a transaction, both parties collaborate to generate a valid signature, ensuring that neither can independently access or control the user’s funds.

For account recovery, ZenGo employs a unique biometric-based “face map” created during wallet setup, which serves as an encrypted backup recovery mechanism. Users can regain access to their funds using their face map, which remains inaccessible to ZenGo, helping users to maintain control over their assets.

Trust Wallet, powered by wallet-as-a-service infrastructure provider Web3Auth, is another recent entrant in the MPC wallet space. Its software MPC solution offers users five authentication factors, of which any two are required to access a user’s assets. These factors include a manual backup of the device key shard, login to an online account (Google, Apple, Telegram, Discord), device authentication, SMS one-time passcode, and a recovery email.

Zhen Yu Yong, co-founder and CEO of Web3Auth, stressed that users can pick and choose which authentication method works best for them.

Yong acknowledged that, although SMS is a popular and user-friendly option, it can be vulnerable to attacks like SIM swapping. Hackers have demonstrated this attack vector numerous times, including in the theft of $24 million worth of crypto from investor Michael Terpin in 2017. Despite this, he said that Web3Auth aims to emulate Web2 banking apps by offering SMS and email as common recovery methods.

“[Users] can choose to use SMS OTP or they can choose to use a manual backup or google authenticator, or other alternatives,” Yong said. “SMS OTP definitely still remains as the most friendly user experience.”

Yong explained that “users have always been stuck in the dichotomy of you either go with seed phrases and be self custodial…or you go and purchase a hardware wallet. I think with MPC, it’s kind of like a new account type.”

Agarwal agreed that SMS one-time passcodes are convenient, but added that with SIM-based recovery methods “you are not in control. It’s the telecom provider who is basically authenticating you.”

While MPC wallets offer a number of advantages in terms of flexibility and security, it is crucial to consider the potential drawbacks and challenges associated with their implementation and use. One concern is the possibility of collusion among shard holders, which could lead to unauthorized access of a given wallet’s funds.

Additionally, the complexity of the technology may result in user confusion and errors, especially for those unfamiliar with the concept of key sharding and recovery procedures. It is essential for users to carefully weigh the benefits and drawbacks of using MPC wallets, and to consider their specific needs and preferences when choosing the most appropriate solution for securing their digital assets.

Trust Wallet declined to speak to Blockworks about its new MPC offering until it’s made generally available.

Jeff Albus and John Gilbert contributed reporting.


Don’t miss the next big story – join our free daily newsletter.

Tags

Upcoming Events

Hilton Metropole | 225 Edgware Rd, London

Mon - Wed, March 18 - 20, 2024

Crypto’s premier institutional conference returns to London in March 2024. The DAS: London Experience: Attend expert-led panel discussions and fireside chats Hear the latest developments regarding the crypto and digital asset regulatory environment directly from policymakers and experts.

Salt Lake City, UT

WED - FRI, OCTOBER 9 - 11, 2024

Pack your bags, anon — we’re heading west! Join us in the beautiful Salt Lake City for the third installment of Permissionless. Come for the alpha, stay for the fresh air. Permissionless III promises unforgettable panels, killer networking opportunities, and mountains […]

recent research

Top Icon.png

Research

Osmosis thrived in H2 2023 on the back of increased DeFi activity deriving from recently launched Cosmos-related projects and better market conditions. With new value accrual mechanisms for the native token, Osmosis is well-positioned to continue its strong performance in 2024.

/

article-image

Though the opposing flow trend is likely to slow over time, industry watchers note, bitcoin fund assets could one day eclipse the $90 billion gold ETF space

article-image

Celestia had the first mover advantage. EigenDA has staked ether. What sets Avail apart?

article-image

Bitcoin moved 1% higher Monday morning in New York, Matrixport analysts say $62,000 could happen next month

article-image

It’s hard to believe right now that crypto — even with all of its flexibility and massive capabilities — could ever be like cash on the internet

article-image

Michael Saylor announced Monday morning that MicroStrategy bought 3k more bitcoin after the X account was compromised over the weekend

article-image

Plus, Pudgy Penguins grows its brand and a group of Autoglyphs sell for $14.5 million