Home » Blog » Multi-party computation (MPC) and its role in secure transactions

Multi-party computation (MPC) and its role in secure transactions

Multi-party computation (MPC) is a cryptographic tool which allows multiple parties making calculations by means of using their combined data, without revealing their individual input or any sensitive information. It was invented by Andrew Yao from China. It may be used to replace individual private keys for transaction signatures. The method uses a complex encryption to distribute the computations process and contributes to the signing process between computers.

The Multi-party computation protocol ensures two basic properties, which are privacy (the private information is held by the parties themselves and cannot be revealed) and accuracy (MPC does not allow making the honest parties give an incorrect result or leak their secret information in case another party involved in the process decides to share information or back out from the instructions).

MPC is useful not only for digital asset storage, but also for digital asset transfers.

It became possible to distribute a private key in the form of shares, between nodes involved in the multi-party computation protocol, with distributed shares under control of different individuals spread across multiple nodes. When the process of signing a transaction starts, the MPC process is triggered and every node cooperates to sign it in a distributed way. However, if the MPC nodes are centralized, the assets remain vulnerable, that’s why simple distribution of the key shares is not enough.

MPC and private key security

MPC allows to avoid storing any private key or other sensitive information (for example, authentication credentials) in one place. Instead, it is broken into bits, encrypted and separated among multiple parties (thus negating the risk of a ‘single point of compromise’). Each party’s part of a private key is computed independently without revealing the encryption of other parties. As a result the key is not formed in one place but stays in a kind of ‘liquid’ form. It is decentralized and spread among different parties and each of them is blind to another. When the key is required, Multi-party computation confirms that the parties approve of the request. It turns out much harder for a potential hacker to crack this nutshell. To get access to a wallet, for example, the hacker needs to attack a number of parties across different platforms at different locations at the same time. As the key is no longer kept in one place, it allows more access points to a wallet or asset without the risk of any of the points turning out being dishonest and running away with the treasure. Moreover, it makes private keys so secure that users should not worry about keeping their assets online.

MPC advantages and disadvantages

Due to the circumstances and rules mentioned above MPC has a number of advantages over other types of key storage (such as hot or cold wallets, etc.):

Data invulnerability. MPC decreases the dependency on third-party services because it keeps the data and computations safe within the internal network (of an organization or collaboration of individuals).
Usability and data privacy maintenance. Joint computations are easier to make with the help of Multi-party computation and confidential data stays completely preserved and the accuracy is not compromised. The data is broken into parts in MPC, which helps to meet regulatory and privacy requirements. It strengthens the security and no parts of the data need to be moved anywhere else.
Encryption. The result and the outcome in MPC is encrypted. The real data is never presented and it helps to get rid of the chances of accidental or malevolent leakage or misuse.

However, there are some challenges, which should be taken into account when using MPC to gain more protection. These are connected with costs and the possibility of malicious participants. To prevent the latter it is usually enough (although, it is not always easy) to ‘pre-assume’ possible malicious participants' involvement. Correct predictions are required to decrease the number of possible malefactors participating in the joint computation to implement the MPC process more securely. As for the costs, the MPC technique requires substantial computational resources. The performance of protocols may be decreased when different hardware is used at each point. Certain communication devices are also needed to group the participants up,which may increase the development costs significantly.

Multi-party computation use cases

The field of the application of multi-party computation for security is considerably wide. The protocols have become faster and more efficient, making them useful in many areas such as finance, medicine, etc. Typical use cases include::

Ad optimization. Organizations use MPC to compute conversion rates from advertising to purchase without security risks. This allows companies to monetize advertisements and provide multiple online services without sharing data with third parties or revealing algorithms.
Machine learning. MPC can be used in conjunction with machine learning models to analyze data. MPC-based machine learning algorithms process the data for further use between organizations (in the marketing sector). MPC can be also used in money laundering and risk detection systems, where shared data is kept in secret during the detection process of the malicious activity.
Analysis and storage of data. MPC can help in two cases: secured sharing and data storage. Data analysis is performed without sharing sensitive information. The required information is available to research institutions while any sensitive data is kept private (very useful in the medical field).
Crypto. MPC models are used for signature generation protection for cryptocurrencies and digital assets. Transactions may be considered valid only when all the transaction holders from the group are available.
Genetic analysis. MPC is used to check personal genetic profiles without revealing private information to governments and insurers.
Auctions. MPC is used to ensure every simultaneously submitted bid is private.
Sensitive research. MPC may be used to collect and analyze personal data (financial, medical, etc.) without making users reveal sensitive data.

previous post

February 20, 2023

hTMM threat modeling method

The Hybrid Threat Modeling Method (hTMM) was developed by the Software Engineering Institute (SEI). As the name suggests, it is a combination of several methods: SQUARE (Security Quality Requirements Engineering), designed to elicit, categorize and prioritize security requirements, Security Cards, STRIDE and PnG (Persona non Grata), which focuses on uncovering ways a system can be attacked. This combination helps to cover a wider range of ...

Read more
next post

February 24, 2023

Blockchain consensus algorithms

A consensus algorithm is a mechanism which allows the participants (users or machines) to cooperate in a distributed setting. It is necessary to ensure that all agents within the system agree on the same single source of truth even if some of them fail. A consensus protocol makes it possible to verify and validate any transaction and reach a common agreement. Consensus algorithms help to establish trust between peers and make sure any new ...

Read more