MPC-TSS
Secure, easy-to-use, and trusted Web3 product solutions
Key Management Philosophy
Private keys grant access to individual blockchain accounts. If the user loses their private key or they are compromised, they will not be able to access their crypto assets. The purpose of designing and implementing Self Chain is the infrastructure for secure management of private keys.
There are three fundamental points that need to be insisted on:
No one, except the user, should have full control over their wallet or crypto assets, only the user can initiate the signing process. Other parties, including Self Chain, and the developers, can never access the user’s funds.
Accounts need to be restored safely and conveniently
Users may delete their apps or lose their phones. We need to ensure that they will able to restore their account themself without depending on any centralized parties.
No single point of failure
We replace the traditional private keys with three independently created mathematical “secret shares”. Ensure those shares never meet or combine to eliminate the single point of failure.
MPC-TSS: reinventing key management
Self Chain employs MPC-TSS to securely manage cryptographic keys and secrets, building a robust, industry-grade solution for key management.
Sensitive keys and secrets are divided into two random shares, stored separately by two distinct parties, ensuring that compromising one party does not reveal the key material. Thus there is no single point of compromise.
Similar to Multi-Sigs, MPC-TSS requires multiple parties to participate in cryptographic operations throughout the key lifecycle without ever combining the two shares, adding an additional layer of security.
Key shares are regularly updated without altering the actual key, forcing potential attackers to compromise both parties nearly simultaneously to access the key material.
All cryptographic operations performed throughout the key lifecycle are performed without ever combining these two shares together.
Threshold Signature Explained
The concept of TSS is fairly simple. Conceptually it is similar to how Multisig wallets work with a very important difference. In the case of a multi-sig setup, there are m distinct wallets. To perform a cryptographic operation i.e. signing a transaction n of that wallet is required to co-sign the same message. The verification process differs based on the blockchain. For example, on BTC this is a first-class citizen baked into the way transactions are created. On the other hand, Ethereum requires a custom smart contract to deal with it. Regardless of the approach though, the verification process literally performs Digital Signature verification to check if n signatures are present.
Threshold signatures are significantly different in this regard. In TSS we still have “m of n” setups, however, none of these entities processes any valid private key. The difference is that they each hold a private share (some piece of data) and when it comes to signing a transaction, they collectively work together, each using their private share, to create one holistic valid digital signature. This suggests, that it requires n private shares to create one single private key (as a consequence, one single wallet address).
A quick note about how TSS is different from another similar cryptographic protocol i.e. Shamir Secret Sharing (SSS). Both have m parties that each hold some private share, and in order to create a private key and perform a signing n of those parties would be required to provide their share. However, the important difference is that in the case of SSS, there is a trusted entity that collects the private shares and essentially recreates the private key. From that point on, that party is a holder of the private key and can sign transactions at will.
In TSS on the other hand, there is no party that can process the private key and there is no concept of private key re-creation. The signing process is part of the MPC protocol where parties collectively provide private input to a specific function (in the case of TSS the function is a digital signing process) and collectively compute the output of that function (in the case of TSS this is the digital signature).
The privacy and security preserving feature is that at no point any of the parties can individually sign a message using his private share. This is very important to highlight. This is the main reason why such technology is such a good candidate to build crypto wallets around it.
Comparing MPC-TSS with other solutions
Traditional single private key wallets, wallets rely on a single private key or recovery phrase, which poses a significant risk if compromised. MPC-TSS eliminates this single point of failure by distributing the signing material among multiple parties.
Smart Contract wallets: While offering extensibility and composability, smart contract wallets suffer from increased gas fees (2~4 times higher than ordinary transactions) and a potential lack of compatibility across blockchains. MPC-TSS is blockchain-agnostic and doesn’t introduce any additional gas consumption, making it more cost-effective.
Shamir Secret Sharing (SSS): Although SSS enhances security by dividing a secret into multiple parts, it lacks the advanced cryptographic properties of MPC-TSS. SSS requires the reconstruction of the secret before any operation, potentially exposing it to risks. In contrast, MPC-TSS enables secure computations without revealing the original secret, ensuring higher security and privacy.
MPC-TSS solution advantages
Seamless Onboarding: MPC wallets can facilitate user-friendly onboarding processes by integrating social logins, such as Email, Google, or Apple ID, simplifying the process for new users.
Robust Security: Distributing private keys into several parts enhances the security of MPC wallets by eliminating single points of failure.
Programmability: Since key shares can be hosted on servers, advanced features such as risk control and adaptable access management can be implemented.
Chain-Agnostic: MPC wallets can operate across different blockchain networks, offering increased compatibility and versatility.
Synergy Between MPC and AA
Some of the disadvantages of MPC-TSS solution such as the complex implementation and only primary focus on key management, therefore potentially lacking features compared with smart contract wallets. But those disadvantages can be resolved by adding account abstraction support.
Integrating the strengths of both MPC and Account Abstraction mitigates the disadvantages of each technology:
Streamlined Key Management: Incorporating MPC key management into smart contract wallets simplifies user experiences, enabling social account logins and seamless onboarding.
Expanded Features: Combining MPC and smart contract wallets provides access to a full range of features, including atomic transactions, gasless transactions, and enhanced security.
Reduced Vulnerabilities: Integrating MPC key management adds an extra layer of security against potential smart contract vulnerabilities and vice versa.
Optimized Gas Fees: Integrating MPC can help reduce transaction costs through more efficient key management and fewer transactions related to key updates or recovery.
Last updated