Organizations hope that multiparty computation will help Web3 move forward

As Web3 develops, security of user information and private keys is essential. However, the sheer volume of attacks that have happened in the Web3 space in 2022 alone shows that more security precautions and decentralized computing still need to be taken.

As this becomes clear, several companies have begun utilizing multiparty computation, or MPC, to guarantee privacy and confidentiality for Web3 platforms. A number of parties use an algorithm in the MPC cryptographic protocol. Nillion, a Web3 startup that specializes in decentralized computation, co-founder Andrew Masanto told Cointelegraph that MPC is unique because it enables multiple parties to run computations without sharing any data. "It basically allows multiple parties to run computations without sharing any data," he said.

Masanto stated that the history of MPC and blockchain are intertwined. Multiparty computation, a sibling technology created specifically for processing and calculation in a trustless environment, was being developed at the same time as blockchain, according to him. Additionally, it has been stated that the MPC idea originated in the early 1980s. However, due to this cryptographic technique's complexity, MPC's practical applications were put off.

What is Web3? The Decentralized Internet of the Future Explained

Understanding how MPC will transform Web3

Blockchain-based platforms have just lately started to use MPC to maintain data confidentiality without disclosing sensitive information. The Web3 infrastructure platform Partisia Blockchain, which focuses on security, and its chief ecosystem officer, Vinson Lee Leow, told Cointelegraph that MPC is the ideal ideological fit for the blockchain industry.

He pointed out that, in contrast to open blockchain networks, MPC achieves confidentiality through a network of nodes that computes directly on encrypted data with no prior knowledge of the data. Due to this, businesses concerned with the security of digital assets started utilizing MPC in 2020 to guarantee the privacy of customers' private keys. However, as Web3 matures, more businesses are beginning to adopt MPC to produce a higher level of decentralized privacy for a variety of use cases. Masanto continued:

“The evolution of Web2 to Web3 focuses on creating methods where people and organizations can collaboratively work on different data sets in a manner that respects privacy and confidentiality while maintaining compliance. Blockchains are not purpose-designed for this because they are typically inherently public, and smart contracts are often run by one node and then confirmed by others. MPC breaks down the computation across the network of nodes, making it a truly decentralized form of computation.”

Since then, Coinbase has become intrigued by the potential of MPC and recently revealed the capabilities of its Web3 application. The new wallet and DApp features from Coinbase are run with MPC to protect senders' and receivers' privacy while guaranteeing the accuracy of a transaction.

MPC enables users to have a separate, secure on-chain wallet, according to a blog post by Coinbase's head of product management, Rishi Dean. The reason for this, he added, "is the configuration of this wallet, which permits the 'key' to be split between you and Coinbase." Dean continued by saying that this gives users a higher level of security and that even if their smartphone is lost, a DApp wallet is still secure since Coinbase can help with the recovery.

While ZenGo, a provider of cryptocurrency wallets, had MPC since the company's founding in 2018, Coinbase just made this functionality available in early May 2022. In an interview with Cointelegraph, co-founder and chief technology officer of ZenGo Tal Be'ery stated that the wallet uses MPC, commonly known as the threshold signature scheme, for disrupted key generation and signing (TSS). He described how the key is divided into two "secret shares," one for the user and one for the enterprise server.

Be'ery asserts that this particular MPC architectural type enables a user to sign an on-chain transaction in a fully dispersed fashion. Be'ery stressed that both hidden shares are never combined, which is more significant. He said, "They are never in the same spot; they are formed in different areas and used in different places. As a result, he stated that this model upholds the original MPC promise: "It jointly computes a function over their inputs (key shares), while keeping those inputs private (the user's key share is not exposed to the server and vice versa)."

Since a private key is also needed to communicate with blockchain networks, Be'ery sees MPC as a useful addition to blockchain technology. However, the TSS technique used by ZenGo enables users to share their private key, hence enhancing security. Be'ery explained that there is often a conflict between secrecy and recoverability when it comes to private keys for non-custodial wallet solutions:

“Because a private key is the only way to access the blockchain in traditional wallets, it also represents a singular point of failure. From a security perspective, the goal is to keep this private key in as few places as possible to prevent it from getting in others’ hands. But from a recoverability perspective, the goal is to keep the private key as accessible as needed, in case there is a need to recover access.”

However, Be'ery pointed out that this is one of the main problems MPC solves for crypto wallet providers, therefore for the majority of MPC-powered systems, this tradeoff is not a problem. In addition, new multiparty computation use cases are developing as Web3 matures. For instance, Oasis Labs, a cloud computing platform with a privacy focus built on the Oasis network, recently announced a collaboration with Meta to use secure multiparty computation to protect user information when Instagram surveys requesting personal information are launched. According to Vishwanath Raman, head of enterprise solutions at Oasis Labs, MPC opens up an infinite number of opportunities for parties to share information in confidence. "Both parties gain mutually beneficial insights from that data, providing a solution to the growing debate around privacy and information collection," he told Cointelegraph.

Raman specifically mentioned how Oasis Labs created an MPC protocol in collaboration with Meta and academic partners to make sure that private shares of sensitive data are created. He pointed out that these are subsequently given out to university students who compute fairness measurements, preventing the use of hidden shares to "learn" personal information about people's demographics. In order to allow Meta to communicate its prediction data with other participants while preventing them from discovering these predictions and connecting them to specific persons, Raman said that homomorphic encryption is used:

“We can say with confidence that our design and implementation of the secure multiparty computation protocol for fairness measurement is 100% privacy-preserving for all parties.”

MPC will reign supreme as Web3 advances

Unsurprisingly, industry participants predict that MPC will be leveraged more as Web3 advances. Raman believes that this will be the case, yet he pointed out that it will be critical for companies to identify logical combinations of technologies to to solve real-world problems that guarantee data privacy:

“These protocols and the underlying cryptographic building blocks require expertise that is not widely available. This makes it difficult to have large development teams designing and implementing secure multiparty computation-based solutions.”

It's also crucial to emphasize that MPC solutions are not completely faultless. Everything can be hacked, Be'ery acknowledged. However, he made sure to underline that by dividing a private key into numerous shares, a traditional private key wallet provider is no longer exposed to a single attack vector. "In an MPC-based system, the hacker would need to compromise numerous parties, each of which has different types of security procedures applied, instead of gaining access to a seed phrase or private key."

Despite the possibility that this is the case, Lior Lamesh, CEO and co-founder of GK8, a provider of digital asset custody solutions for institutions, told Cointelegraph that MPC is insufficient on its own to shield institutions from skilled hackers. Lamesh claims that in order to defeat MPC systems, hackers only need to infiltrate three internet-connected PCs. "This is comparable to hacking three common hot wallets. When it comes to taking billions, hackers will invest millions, he claimed. Lamesh thinks that while an MPC solution can handle small sums, an MPC enterprise-grade strategy needs a true offline cold wallet to manage the majority of digital assets.

Masanto further asserted that information-theoretic security particles, which are used to hold sensitive data across numerous network nodes, may be preferable to conventional MPC solutions. As a result, in order to join any of the nodes, hackers would need to locate each particle individually. Masanto noted that in order to reveal the particle's identity once more, the hacker would require a significant amount of "blinding factors," which are employed to conceal each particle's data using information theory.

These are just a few examples of the future development of MPC-based solutions. Masanto claims that this will open up access to more MPC use cases, such as using the network itself for authentication:

“We consider this a form of ‘super authentication’ – a user will authenticate based on multiple factors (e.g., biometrics, identity, password, etc.) to a network without any of the nodes in the network knowing what they are actually authenticating because the computation of authentication is part of MPC.”

According to Masanto, such a form of authentication will lead to use cases within identity management, healthcare, financial services, government services, defense and law enforcement. “MPC enables systems to be made interoperable while also respecting peoples’ rights and giving them control and visibility over their data and how it is used. This is the future.”

----------