Secure Signing
Signing the transaction securely using MPC-TSS
Last updated
Signing the transaction securely using MPC-TSS
Last updated
With MPC, private keys (as well as other sensitive information, such as authentication credentials) no longer need to be stored in one single place. The risk involved with storing private keys in one single location is referred to as a “single point of compromise.” With MPC, the private key is broken up into shares, encrypted, and divided among multiple parties.
It is decentralized and held across multiple parties (i.e. devices), each blind to the other. Whenever the key is required, MPC is set in motion to confirm that all parties, or a predetermined number of parties out of the full set, approve of the request.
These parties will independently compute their part of the private key share they hold to produce a signature without revealing the encryption to the other parties. This means there is never a time when the private key is formed in one place; instead, it exists in a fully “liquid” form.
All cryptographic operations performed throughout the key lifecycle are performed without ever combining these two shares.
In MPC-TSS, the private key (which represents the security of the system) is never at a single location throughout its entire lifetime.
Compared with SSS, the parties must reconstruct the full private key to sign, which results in a single point of failure each time a signature is needed. In TSS, the signing is done in a distributed way without ever reconstructing the secret shares.
