Everything you need to know about each including their pros and cons. And the key advantages of MPC over multi-sig. This is a complete comparison between MPC and multi-sig. In this post I’ll be explaining:
Let’s dive right into it!
A multi-sig is a multi-signature wallet. A cryptocurrency wallet that requires two or more private keys to sign and authorise transactions.
Usually, digital assets are stored in a single-key address. This means that whoever possesses the correct private key has access to the funds. This one key can sign transactions and transfer the assets without further authorization.
Although using a single-key is faster and easier than a multi-sig, it means the funds are only protected by a single point of failure. And so presents a major security concern.
Think of it like having just one key to your home. If someone steals that key they’d be able enter your home at will and take whatever they want.
MetaMask is probably the best known example of a single-key wallet. With MetaMask the keys are held on the user’s device and a seed phrase is used to recover the key if it’s ever lost. The danger here is that if the user’s device is ever compromised or the seed phrase is ever stolen, then the assets could be stolen.
Adding a layer of security with a multi-sig wallet, reduces the probability of your funds being stolen. Because with a multi-sig, multiple people are required to sign a transaction before it can be executed. Meaning more than one private key is required to sign and authorise transactions. And so hackers would have to steal all the keys to be able to steal your funds.
In some cases two, three or even more private keys from different sources are required to authorise a transaction. And multi-sig users may even choose to hold the private keys in different locations to enhance security.
Multi-sig wallets are usually set up in one of two ways:
The first being n-of-n: where all keys are required to authorise a transaction.
For example 2 of 2 or 3 of 3, etc.
And the second being n-of-m: where some keys are required to authorise a transaction, but not all of them.
For example 2 of 3, 3 of 5, etc.
The primary advantage of multi-sig is that it reduces the risk of a wallet being hacked as a hacker would need access to every key.
For organisations
Multi-sig provides an added layer of security by requiring multiple parties to approve every transaction.
This reduces the risk of a rogue employee transferring funds out of the wallet and claiming to have been hacked.
For example: a multi-sig could have a total of five authorised signatories and require three out of the five to sign off on every transaction. In this case, any hacker would need to compromise at least three of the parties in order to steal the user’s funds.
For individuals
Multi-sig lets the user store keys on separate devices. And possibly in separate locations making them less susceptible to being hacked.
For intermediaries
Multi-sigs are also useful for escrow of funds. For example a 2 of 3 multi-sig could be used to escrow funds whereby at least two of the parties would be required to authorise the transaction.
Whilst most blockchains do support multi-sig, there are still some that don’t. This dependence on third party support is a limiting factor when it comes to future innovations for multi-sig.
Each party in a multi-sig signs transactions on chain meaning anyone can see which wallets signed your transactions. This makes it possible to identify the persons with access to those wallets as all of the transactions from the individual wallets are visible on the blockchain. Malicious persons could search for the signers history from the metadata and track and trace the signers.
Typically each party must sign the transaction on-chain which makes it much slower to process transactions. Each party has their own key, usually connected to their own wallet. And each party must sign the transaction independently.
Having each key tied to a third party wallet makes key recovery more complex. You need to ensure the individual wallets can be recovered. And the downside to this is that whilst you’re spreading the risk, you’re still relying on the same tools which are vulnerable to exploit.
The access structure of a multi-sig is fundamentally tied to the address. This means that if you want to change the access policy, to account for a user leaving the group or a new user joining the group, you can’t. The funds have to be transferred to a new multi-sig to accommodate changes to the policy configuration.
As your team expands, you will need to adjust the process of accessing and transferring your digital assets. This can include:
1. changing the number of employees required to sign a transaction;
2. adding new key shares as you hire new employees;
3. revoking key shares as employees leave; or
4. modifying the required threshold to sign transactions (e.g. from ‘3 of 4’ to ‘4 of 8’).
In these scenarios, multi-sig is problematic, as it’s pre-set to the wallet address.
Multi-sig wallets like Gnosis Safe are smart contract wallets and because of this the complexity of approving a transaction can involve gas costs that are up to 300% to 400% higher than when signing a transaction from a hot wallet. In contrast MPC involves multi-party approval which is off-chain with only a single signature being sent to the chain. If you're making regular transactions you can end up saving thousands of dollars in network fees by switching to MPC-based wallets.
MPC or multi party computation is a cryptographic protocol. It distributes a computation across many parties where no individual party can see the other parties’ data.
This means that each party sees only their own inputs and the correct output.
Like multi-sig, MPC requires multiple parties to approve a transaction. But, with MPC there’s only one private key and that private key never exists in its entirety. Instead the private key is split into shards and spread across devices.
So how can you sign transactions without the whole key?
MPC does not need the key shards to be reassembled on a single device. Each of the key shards can be used mathematically on separate machines. And only after ’m’ of the parts have applied this mathematical function is the signature valid.
This allows each of the parts to remain completely separate, avoiding a single-point-of-failure. And even if some (up to a threshold m out of n) of these parties are corrupted, the key remains uncompromised.
The most interesting benefit of MPC is that it can be used without the blockchain knowing that it was used at all. This is important because not all blockchains support multi-sig. And as MPC signatures can be applied externally it works for any chain.
To summarise:
With MPC the private key is split into shards and distributed among trusted parties. This means that no one party ever has the entire key. And the entire key is never present on any device. But the parties can still come together to sign a transaction.
With MPC, the entire private key is never available on a single device during its life cycle, even when it's used. Threshold cryptography guarantees security even if some parties are compromised. And cryptographic quorum policy enforcement means there’s no single point of failure.
Even if a hacker gains access to and corrupts the key shares stored by up to a threshold of m parties, key integrity is maintained and operations can continue.
MPC offers a secure backup for private keys as well as disaster recovery. The keys can be refreshed without changing the public address.
A significant advancement of MPC over multi-sig is its inherent flexibility. Unlike multi-sig, MPC allows for ongoing modification and maintenance of the signature scheme.
For example:
If your organisation has four parties. And you set a policy whereby two out of three must approve each transaction.
Changing from a '2 of 3' to a '3 of 4' set-up would only require existing parties to agree on the new policy and the addition of a new user.
Changes to the policies don't affect the wallet. The blockchain wallet address doesn’t change. And unlike multi-sig, you don’t need to create a new wallet, move any funds, or provide counterparties with a new address.
MPC signatures can be applied externally. In other words the key management and approval policy is entirely off-chain. This means that MPC can be used without the blockchain knowing that it was ever used. This is significant as some blockchains do not offer native multi-sig capabilities.
MPC offers privacy when it comes to transactions and key management because it eliminates the need for multiple signatures on-chain.
This is a crucial aspect when comparing MPC and multi-sig. If a multi-sig user shares their address with someone (or even on the internet), then it's possible to trace any transactions with that address and track them back to the user.
On the contrary, multiparty computation leverages secrets in transaction signing. The secrets are visible to the participants, albeit without any identification of the owner of the secret.
In some cases, the type of quorum structure being used may itself be a secret. For example, you don’t want potential hackers to know how many shards need to be compromised. Or the business may want to keep the process confidential. Since MPC generates a standard single signature, the structure is kept secret. In contrast, in multi-sig, the structure is publicly known.
Now I have seen counter arguments to this being a benefit. The primary one being that it removes signature accountability. I’ll explain what I mean by that below:
With MPC based signatures, it is impossible to distinguish which of the key parts were used to sign the transaction. In other words, once the MPC is complete - all signatures look identical. Whereas with multi-sig wallets, it's always explicit which private keys are used to sign a transaction. Some argue that this is important because individual private keys are often assigned to specific individuals and understanding who participated in signing a transaction is critical.
However, with MPC solutions it’s still possible to identify which parties participate in signing a transaction. But it’s only visible to the organisation. Which means it can be done without compromising the security of the organisation because the approvals are done off chain.
Comparing MPC and Multi-sig
So how do MPC and multi-sig compare?
From a functional point of view, multi-signature wallets are similar to MPC based wallets:
A multi-sig uses M-of-N keys per wallet.
Whereas MPC uses M-of-N parts of a key for a single signature wallet.
The key difference is that a multi-signature wallet uses distinct signatures generated by distinct private keys to secure the wallet. Whereas MPC only creates a single signature regardless of the number of private key shards that participated.
In both cases multiple authorizers are required to approve a transaction. And the team can sign transactions without being in the same location.
But there are some clear advantages to MPC solutions when compared to multi-sig. I’ve already mentioned these in detail as advantages of MPC, but I’m summarising them below for convenience.
With MPC no complete key ever exists on any single server or virtual machine. As a result, no single party can be compromised to yield the keys or allow the keys to be misused.
The combination of private key shards can be changed at any time, without changing the actual private key. By refreshing the key values you reduce the probability that a malicious party could compromise enough parties’ machines to derive the key.
With a multi-sig if you lose access to the individual wallets that make up the quorum there’s no way to regain control of the multi-sig wallet. MPC offers you a secure backup for private keys.
With MPC you can adjust the quorum without changing the public address. This makes it much more convenient for your organisation as you scale.
Quorum policies shouldn’t be public knowledge and neither should the parties with authority to approve transactions. MPC maintains your organisation’s security by ensuring your privacy when it comes to signing transactions.
MPC is far more agile and adaptable than multi-sig. Nodes can be hosted on your local device, in the cloud, or a hybrid of both. Hosting can be tailored to meet compliance or data sovereignty requirements without compromising security.
I hope you found this article helpful!
At Krayon we offer secure treasury management for your digital assets.
If you're looking for a treasury management solution that offers institutional-grade custody for your digital assets, then make sure to get in touch with us. Our treasury management platform uses secure multi-party computation to ensure that your assets are protected.