Cregis Research: Why are MPC wallets more secure than regular wallets?
The MPC wallet solves the problem of private key leakage. However, there is actually another underlying risk that determines the security level of the MPC wallet...Author: Cregis Research
Common wallet plugins, such as Metamask, work by generating seeds - mnemonic phrases - public and private keys through the BIP 39 protocol, and each transaction also requires the plaintext private key to participate.
In contrast, MPC wallets only have key shares, which are stored on different devices; therefore, during the signing process of a transaction, MPC wallets do not expose the plaintext private key. Even if the user's device is compromised, hackers cannot obtain the complete private key. However, there is still a latent risk facing users…
Recently, the security of wallet private keys has once again become a focal point of public opinion. In early March this year, a large number of addresses with ARB airdrops had their private keys leaked, triggering a "windfall feast" for scientists; earlier, an industry OG warned on Twitter: "I discovered a new type of coin theft method. In KTVs abroad, scam groups quietly modified shared power banks and implanted malicious programs. Customers sing and drink in KTV for a long time, and their phones easily run out of battery. They then borrow a power bank, thinking it is charging their phone, but in reality, it is reading data from their phone and stealing the private keys from their wallets."
How can ordinary web3.0 players protect their wallet assets in the dark forest of the blockchain and avoid tragedy?
The gradually popular solution is the MPC wallet, but how does it work? Is it really completely safe after use? This article will provide precise popular science.
First, MPC (Multi-party Computation) is a zero-knowledge proof technology path proposed by Professor Yao Qizhi of Tsinghua University in 1982. In practical applications, it encompasses a large number of modern cryptographic technologies, such as RSA, ElGamal, and ECDSA public key cryptographic algorithms, as well as Shamir's secret sharing protocol. The combination of these technologies gives MPC a high level of security and scalability, ensuring the following security demands:
Distributed encryption allows data to be split into multiple parts, stored separately by different participants, thus avoiding the risk of data leakage;
Zero-knowledge proofs can prove the authenticity of a fact without revealing other information related to that fact;
Secret sharing can distribute information to multiple participants, ensuring that no single party can independently control the entire information.
The common method in the industry for applying the MPC concept in wallet products is:
Each wallet manager (participant) holds a key share;
When a transaction is needed, a certain number of participants must cooperate, and only in a TEE (Trusted Execution Environment) can the complete private key be reconstructed and the signing process completed.
This business process ensures that the plaintext private key is not exposed during the transaction. Even if the device storing the key shares is compromised, hackers cannot obtain the complete private key, thus enhancing security.
It is not difficult to see that multi-signature wallets implemented through MPC technology differ fundamentally from multi-signature wallets like Safe (i.e., Gnosis) that use smart contracts: smart contract multi-signature wallets achieve multi-signature through private keys (blockchain addresses), still carrying the risk of participant private keys being stolen; whereas MPC wallet participants do not hold the complete private key but achieve threshold signatures through key shares, thus eliminating single-point risks.
But does this mean that assets are completely safe from then on? Obviously not!
Although MPC wallets achieve security in the signing process, they present a latent risk [share security management strategy] to users.
Currently, there are three mainstream key share management strategies for MPC wallets in the market: [self-custody mode], [hybrid custody mode], and [centralized custody mode]. Among them, [self-custody mode] aligns most closely with the hardcore crypto-native philosophy: users must manage their mnemonic phrases and all key shares themselves. If the mnemonic phrase and all devices storing the shares are lost, the assets will fall into a dormant state on the blockchain; while [hybrid custody mode] and [centralized custody mode] strategies can enable functions like recovery from unfamiliar devices and social recovery, the share custodians cannot eliminate the risk of human malice 100%, so their security is as reliant on the founder's reputation as that of CEX.
(If a product claims: it can achieve recovery and is self-custody mode, it is contradictory and should be avoided immediately! There is a high chance it is a "pig butchering scam"!)
Thus, users face a dilemma when choosing an MPC wallet: 1. Choose a [self-custody mode] product and then invest more effort and cost to protect the mnemonic phrase; 2. Choose [hybrid custody mode] and [centralized custody mode] products to enjoy a web2.0-like user experience, but must trust that the product operators will not act maliciously.
In summary, the security of MPC wallets is related not only to the signing process but also to the management strategy of key shares.
The [self-custody mode] is more suitable for enterprise-level users: pursuing complete security and having sufficient manpower and resources to ensure that their mnemonic phrases and devices storing shares do not all get lost at the same time; while [hybrid custody mode] and [centralized custody mode] are more suitable for ordinary web3.0 players: smaller amounts of funds and dispersed holdings, with a strong need for centralized scenarios, thus accustomed to trusting human nature (even if they encounter disasters similar to FTX, the losses are relatively small).
However, the author believes that when users withdraw funds from centralized institutions, whether individuals or teams, they will inevitably hope to achieve a higher level of security. The [hybrid custody mode] and [centralized custody mode] clearly contradict users' intentions. The release of Ethereum's EIP-4337 means that in the future, DAPPs can provide services that support social login, social recovery, and other experiences close to web2.0 through account abstraction technology. Given its unique use cases (such as blockchain games, social interactions, etc.), users' sensitivity to security is relatively low; this business model will undoubtedly have a significant impact on the product market for [hybrid custody mode] and [centralized custody mode], potentially leading to the complete elimination of such products after EIP-4337 is officially implemented.
About Cregis Research
Cregis is an asset management collaboration platform in the web3.0 era, providing users with MPC wallets and enterprise-level financial SaaS tools, and has been operating securely for 6 years.
Cregis Research is its knowledge-sharing platform, aiming to provide web3.0 enthusiasts with 0 fluff, 0 misleading information, and 0 commercial bias regarding blockchain and cryptographic underlying technologies.
