What are MPC-based wallets?

What are MPC-based wallets, and why doesn't Levain use them?

What is MPC?

Multi-Party Computation (MPC) is a subfield of cryptography that allows multiple parties to compute a function over their inputs without revealing those inputs to each other. Although MPC is a part of cryptography, it is not a cryptographic primitive that is foundational to the field.

Various methods exist to achieve MPC, and many vendors offer distinct MPC solutions. Each solution comes with its unique set of security assumptions and limitations. These are often not clearly understood by the general public, making the topic somewhat controversial.

Why is MPC controversial?

While cryptography is a well-established field, MPC is a newer subfield without the same level of maturity. The diversity among MPC solutions makes them hard to compare, and their security assumptions and limitations can be difficult to grasp.

For example, although Elliptic Curve Cryptography (ECC), utilized in blockchain, was first proposed in 1985, its first practical implementation didn't emerge until 2004, 19 years later. In contrast, most MPC implementations have been developed in the last 5 years, often without extensive peer-reviewed research.

True security is challenging to attain and even harder to verify. Even established cryptographic primitives, like ECC, aren't immune to security vulnerabilities. Furthermore, many MPC implementations are proprietary and closed-source, making their security parameters opaque to the public.

On-chain MPC vs. off-chain MPC

MPC, by its definition, allows for computations without revealing inputs to participants. This means MPC can be implemented either on-chain (L1) or off-chain (L2). However, some incorrectly assume MPC is only achievable off-chain with a single ECC key. This is a misconception; on-chain and off-chain MPC are not mutually exclusive.

In essence, on-chain MPC adheres to the security guidelines of the underlying blockchain protocol (L1). Off-chain MPC, on the other hand, follows its distinct set of security guidelines separate from the blockchain protocol, potentially making it less secure due to counterparty risk.

A parallel can be drawn between on-chain and off-chain MPC with trusted bridges and trustless bridges. Trusted bridges, similar to off-chain MPC, have a potential single point of failure. In contrast, trustless bridges, resembling on-chain MPC, are decentralized, minimizing trust assumptions.

Off-chain MPC

Off-chain MPC can manifest as Shamir's Secret Sharing (SSS) or Threshold Signature Scheme (TSS). In this setup, all parties need to be online to jointly sign a transaction. Only after all have participated can the transaction be broadcasted.

flowchart LR A[Party A] --> M[Off-chain MPC] B[Party B] --> M[Off-chain MPC] C[Party C] --> M[Off-chain MPC] M --> E[Signature] E --> F[Blockchain]

On-chain MPC

Levain adopts this approach, which is the only one that is truly decentralized and trust-minimized.

On-chain MPC can be realized through account abstraction using Smart Contracts on Ethereum, or Multi-Sig Script on Bitcoin and other UTXO-based blockchains. With on-chain MPC, parties can sign and broadcast transactions independently, eliminating the need for simultaneous online presence.

flowchart LR A[Party A] --> EA[Signature] --> F[Blockchain] B[Party B] --> EB[Signature] --> F[Blockchain] C[Party C] --> EC[Signature] --> F[Blockchain]