A Deep Dive Into Secure Multi-Party Computation (MPC)
Secure multi-party computation (MPC/SMPC), sometimes referred to as Secure multiparty computation, is a well-known cryptographic technique designed to secure digital assets or protect information cryptographically. Today, several MPC theories and algorithms are leveraged in various sectors to safeguard information. Similarly, with the rise in popularity of blockchain-based financial solutions (DeFi), the interest in MPC technology has spiked, mainly due to the applications of MPC in safeguarding funds in crypto wallets.
In a nutshell, MPC technology enables programmatic solutions to secure “secrets” by splitting them into multiple parts, such that no single participant knows the underlying “truth”. Thanks to this, no single participant can reconstruct or leak secret information.
In this article, we will understand the concept of secure multi-party computation in detail, how it works, and its numerous applications.
What is multi-party computation (MPC)?
Multi-party computation is a cryptographic technique that allows multiple parties, each in possession of fragments of private data, to participate in computing a specific result using MPC-based algorithms. This specific result is computed by combining their data without disclosing the nature or content of their inputs or any other secret information related to the process.
In simpler terms, MPC brings together separate entities holding pieces of information that, when combined, can reveal a secret, sign a message, or approve a transaction. It’s also worth noting that MPC achieves this without revealing any details on the information in each individual's possession.
It’s worth noting that in MPC, the data split across multiple participants does not represent the secret if simply combined together. Instead, these pieces of information will serve as inputs to participate in the desired computation. Every valid MPC protocol must fulfill two specific requirements:
- Suppose participants reveal their secret information or discard the rules during the computation. In that case, the MPC protocol will not allow dishonest participants to force the honest parties to disclose their confidential information or influence the outcome of the result.
- No one can deduce each party's secret information from the protocol's execution. This means that the result of the computation does not give its holders any hint of what the private information in the participants' possession is.
MPC as a concept is said to be born in 1980s when Chinese computer scientist Andrew Yao first adopted two-party computation and introduced secure multi-party computation. Here's what the timeline of the evolution of MPC looks like:
- 1982 – 1986: To solve the famous Millionaire's Problem, Andrew Yao introduced two-party computation and adapted it to any calculation involving two parties.
- 1987: Oded Goldreich, Silvio Micali, and Avi Wigderson release the Goldreich-Micali-Wigderson protocol, adapting two-party computation to a multi-party format.
- The 1990s: More studies on MPC technology resulted in several breakthroughs, including universal composability and enabling the computation to run on mobile (i.e. less powerful) devices.
- 2008: The first practical application of MPC at scale occurred in a sealed-bid sugar beet auction in Denmark.
- 2015: Following an increase in hacks and thefts from crypto wallets, crypto wallet providers and digital asset custodians begin utilizing MPC for private key and digital asset security.
- 2019: The MPC-CMP debuted as the first automatic, one-round key-refreshing MPC algorithm. As the MPC algorithm is open-source and peer-reviewed, all digital asset custodians and MPC vendors are free to use it.
How does multi-party computation work?
To understand how MPC works, let’s consider one famous real world example: a random number-based approach within the context of MPC.
Greg and Smith, two employees holding similar roles at a company, are having lunch. They want to know whether they earn the average salary or if either of them is being paid less than what they deserve. Yet, they do not want to reveal their wages. How do they solve this dilemma without revealing their secrets to one another?
A simple way to solve their problem would be to disclose their income to a trusted third party, such as a mutual friend, who can tell them if they earn the same wage based on the information she has received. However, the goal of a MPC protocol is to help them figure out who's worth the most among them without third-party involvement.
Using oblivious transfers, Greg and Smith can solve their dilemma quickly. The oblivious transfer method is a non-technical way to explain secure multi-party computation. In this scenario, Greg gets four locked suggestion boxes and marks each box with a particular amount that may represent the hourly pay for their roles. Box-1 is marked $40, Box-2 is marked $50, Box-3 is marked $60, and Box-4 is marked $70.
Let’s say Greg earns $50 hourly, so he takes only the key for Box 2. Smith makes $60 hourly and has to select the box that matches his hourly earnings. On four pieces of paper, he writes a 'NO' on three sheets and a 'YES' on the fourth. These scribblings will go into each box, and the one with a 'YES' goes into Box-3 since Smith earns $60 per hour, while other boxes get a NO.
When Greg unlocks Box-2, he finds a NO, indicating that Smith does not earn $50 per hour. Greg now has to tell Smith that they do not make the same hourly wage, though neither of them knows who earns more or less. Their secrets are safe, and they have exchanged information without revealing anything. Note that this analogy depends on honesty from both parties.
Secure multi-party computation splits essential information that can be used to compute a specific result among multiple parties in total secrecy, without the need for the trusted third party. Each participant only knows the information in their possession, and throughout the computation, no part of the secrets are revealed.
Applications of multi-party computation
Over the years, multi-party computation has found several use cases and applications. The earliest large-scale application was recorded in 2008 at a sealed-bid sugar beet auction in Denmark. Farmers' bids were private, with the protocol responsible for determining the highest bid. The farmer with the winning bid went on to pay the second-highest request on the bidding log. Sealed-bid auctions remain popular still.
There are several variations and modifications of MPC schemes enabling further applications. Threshold signature schemes and Shamir's Secret Sharing are two famous examples of MPC cryptographic application methods.
Other significant applications of MPC include:
Data Analytics
Big firms that deal with confidential user data, like healthcare companies or financial institutions, can collect data securely from an anonymous pool of users, compute, analyze, and gain insights from the data using MPC. This way, users will not reveal their personal information, and these organizations can analyze the data for insights without uncovering it.
This same method can be applied to autonomous cars, shipping or truck fleets, and aircraft fleets, with recipients like car companies, city planners, and service providers benefitting from the insights without knowing any details on the information provided.
Genetic Testing
MPC can also be utilized in genetic testing. Patients can access their genetic profiles privately and securely without revealing any confidential information on their metabolism rates, family traits, hereditary disease information, and other data that they would rather not share.
Multi-party computation blockchain applications
Threshold multi-signature (or multisig) technology schemes are a subfield of multi-party computation and can perform similar functions as a private key on the blockchain, including public address generation and transaction signing.
With MPC blockchain applications, the private keys of a crypto wallet can be split (shards) among several parties in such a way that for any function to be performed, a minimum number of people holding key shares have to be involved.
If some participants within the group become dishonest, they will not be able to have their way unless they reach the threshold for signing transactions. Usually, these participants do not know each other.
MPC wallets
There have historically been a few solutions for safely keeping private keys, those being either hot storage, cold storage, or hardware based storage.
Multi-party computation protocols enhance private key security and, by extension, digital wallet security. Most cryptocurrency wallets use private keys, usually stored in a particular 'trusted' device. While this method primarily depends on the strength of the device's security measures, it also presents a single point of failure.
Using MPC, a single private key is split up between multiple entities, making it more difficult for attackers to compromise the digital wallet since they have to attack multiple points simultaneously.
Closing Thoughts
Multi-party computation has evolved over the years and remains a crucial breakthrough in the world of cryptography today. From sealed-bid auctions to crypto wallets, MPC protocols are being leveraged in various applications.
From a blockchain perspective, however, leveraging MPC for security of digital wallets is a critical, immediate application that multiple parties are invested on. As more and more wallet providers begin to adopt MPC protocols for wallet security, the era of seed phrases may be over. As of now, several wallet providers have already started opting MPC to offer better protection and an improved user experience.
In the coming year, hopefully, we'll have more real-life applications touching our daily lives similar to what happened with public key authentication.
About Panther
Panther is building a cross-protocol layer that uses zero-knowledge technology to build DeFi solutions that aim to meet ever-evolving regulatory standards while satisfying users' on-chain data privacy needs. Panther's goal is to enable seamless access to DeFi via a cross-chain-supported ZK compliance protocol. The Panther Protocol will offer confidentiality across transactions in shielded pools, zSwap for DeFi integrations — enabling private swaps on third-party DEXs, and zTrade for internal OTC book for trading assets privately.