Key takeaways

  • MPC enables multiple parties to compute functions while keeping inputs private, ensuring data confidentiality in scenarios like transactions or voting.
  • SMPC enhances MPC by ensuring privacy and accuracy, even with malicious participants.
  • Key components of SMPC include secret sharing (SS), garbled circuits (GC), homomorphic encryption (HE), oblivious transfer (OT) and zero-knowledge proofs (ZKPs).
  • AMPC improves SMPC with better scalability, performance and fault tolerance, supporting dynamic participation and optimized protocols.

In the world of crypto, privacy and security are paramount, especially as digital assets and decentralized systems become more mainstream. Multi-party computation (MPC) offers a groundbreaking way to ensure that sensitive data stays protected while allowing multiple parties to collaborate. 

With its ability to keep inputs confidential and computations accurate, MPC is quickly becoming a cornerstone of modern cryptography. 

This article explains the fundamentals of MPC and its variants and their role in securing cryptocurrencies.

Multi-party computation (MPC) explained

MPC is a cryptographic protocol that enables multiple parties to jointly compute a function over their inputs while keeping those inputs private. 

MPC is essential in scenarios requiring collaborative computation without exposing sensitive data, such as financial transactions, health-care data analysis or voting systems. It ensures privacy (data remains secret) and accuracy (correct results, even with dishonest participants). 

Let’s take an example to understand how it works. Suppose Bob, Alice and Rob want to determine who has the highest crypto wallet balance without revealing their individual amounts. This is a variation of the “Millionaire’s Problem,” where participants compare private values securely. Here’s how it works:

  • Each person’s balance (dB, dA, dR​) is split into random “shares" sent to others, ensuring no single party learns the full amount. 
  • For example, Bob splits dB = 50 into two random shares, sBA = 30 (for Alice) and sBR = 20 for Rob, such that dB = sBA + sBR . Alice and Rob do the same for their balances.
  • Participants then compute securely over these shares using a distributed protocol to find F= (dB, dA, dR​) = Max (dB, dA, dR​) without exposing actual balances. 
  • Finally, the result (e.g., the highest balance of 70) is reconstructed, revealing only the outcome while keeping inputs private. This process ensures no one learns more than if a trusted intermediary were involved.

Why is multi-party computation important for digital assets

MPC is a powerful tool for enhancing the security and efficiency of digital asset management. Here's why it’s important:  

  • Enhanced security: MPC distributes private keys across multiple parties, making it significantly harder for malicious actors to compromise the entire system. Even if one party is compromised, the remaining parties can still maintain control over the digital assets.  
  • Improved operational efficiency: MPC allows for faster and more efficient transactions by enabling parallel processing and reducing the need for complex coordination between parties.  
  • Reduced risk of theft: Traditional methods of storing private keys, such as in a single location, are vulnerable to theft or loss. MPC mitigates this risk by eliminating the need for a single point of failure.  
  • Increased flexibility: MPC enables businesses to implement flexible access controls and multi-signature requirements, ensuring that transactions are authorized by the appropriate parties.

Did you know? In the late 2010s, MPC technology began to be adopted by digital asset custodians and wallet providers to enhance the security of their platforms. This marked a significant milestone in the application of advanced cryptographic techniques to safeguard digital assets.

What is secure multi-party computation (SMPC): Key components and applications

Secure multi-party computation (SMPC) takes MPC further by ensuring robust security guarantees.  

With SMPC input data remains private, with no leakage beyond the computed output. SMPC also makes sure computations are accurate even if some parties are malicious.

An example of the logic of SMPC

Components of SMPC

SMPC protocols consist of several foundational components, each contributing to its effectiveness. The components and their variants with real-world examples are explained below.

Secret sharing

Secret sharing is a method of dividing private data into multiple “shares,” each held by a different party. Individually, these shares reveal nothing about the original data. Only when a sufficient number of shares are combined can the original data be reconstructed.

There are two types of secret sharing,

  • Shamir's Secret Sharing: Uses polynomial interpolation to divide data into shares.
  • Additive Secret Sharing: Splits data into random numbers whose sum equals the original data.

Consider a voting system where the total votes for each candidate must be computed without revealing individual votes. Each voter encodes their vote into shares using Shamir’s Secret Sharing and distributes these shares among several servers. The servers perform calculations on the shares to tally the votes without seeing the actual votes. The final result is reconstructed by combining the shares.

Financial institutions use secret sharing to calculate joint investment returns without disclosing individual portfolios.

Garbled Circuits

Garbled circuits are cryptographic constructs where a function is represented as a circuit of encrypted gates. Only the inputs required for the computation are decrypted, and all other information remains hidden.

How it works:

  • A “garbler” party constructs the circuit by encrypting its operations.
  • A second party provides input keys without knowing the circuit’s details.
  • The result is decrypted and shared without revealing intermediate steps or inputs.

Imagine two companies wanting to find their overlapping customers without sharing their customer databases:

  • Company A garbles a circuit representing the comparison logic.
  • Company B inputs its customer data in encrypted form.
  • The computation reveals only the overlaps, without disclosing other details.

A real world application is privacy-preserving genomic studies, where researchers compare DNA sequences for matches without exposing personal genetic data.

Did you know? The 1990s saw groundbreaking research in MPC, with significant contributions from pioneers like Fireblocks cryptography advisor Ran Canetti. This foundational work led to major advancements in fields such as universal composability and mobile security, shaping the landscape of modern cryptography and secure communication.

Homomorphic encryption

Homomorphic encryption allows computations to be performed on encrypted data without decryption. The result of the computation remains encrypted and can only be decrypted by the data owner.

In cloud computing, a user encrypts sensitive data before uploading it to the cloud. The cloud performs computations (e.g., summing encrypted salaries) without decrypting the data. The user decrypts the result after retrieval.

Encrypted search queries in databases, where users can search without revealing the query or data is an example of application of homomorphic encryption.

Oblivious transfer

Oblivious transfer is a cryptographic protocol that enables one party (the sender) to send one of many possible pieces of information to another party (the receiver). The sender does not learn which piece was chosen, and the receiver gains no additional information about the other pieces.

Imagine if a buyer wants to purchase an encrypted digital good from a seller without revealing what item they are buying. The seller encodes all items using oblivious transfer. The buyer then obtains the key for the selected item without the seller knowing which one was chosen.

This concept is similar to private database queries, where a user can fetch a record without revealing which record was accessed.

Zero-knowledge proofs (ZKPs)

Zero-knowledge proofs allow one party (the prover) to convince another party (the verifier) that a statement is true without revealing any additional information.

For example, a user could prove that they are over 18 to access age-restricted services without disclosing their exact age or any other personal information. How does this happen?

The user presents a cryptographic proof that verifies their age is above 18. The verifier validates the proof without accessing the user's actual birth date.

Blockchain have embraced ZKPs, and an example is zk-SNARKs in Zcash, where users prove ownership of funds without revealing transaction details.

Techniques like homomorphic encryption reduce overhead, allowing SMPC to handle larger datasets. Combining zero-knowledge proofs and oblivious transfer ensures robust protection against adversarial behavior. Optimized protocols minimize communication and computational delays.

MPC vs. SMPC vs. AMPC

What is advanced Multi-Party Computation (AMPC): Advantages and applications

Advanced multi-party computation (AMPC) is the next evolution in MPC technologies, addressing limitations in SMPC by introducing enhancements to improve scalability, performance and usability. Some advantages of AMPC over SMPC are as follows.

  • Dynamic participation: AMPC accommodates dynamic changes in the participant pool. This is ideal for applications like decentralized identity systems, where user engagement fluctuates.
  • Optimized protocols: AMPC reduces the computational and communication overhead of traditional SMPC. It incorporates threshold cryptographic approaches for better performance. Threshold cryptography allows computations to proceed as long as a minimum number of participants (threshold) is active, even if some drop out.
  • Fault tolerance: AMPC handles adversarial or unresponsive participants more effectively. It ensures computations continue securely even if some parties fail.

Apart from the above, AMPC also supports integrations across blockchain and non-blockchain systems. Despite being optimized, AMPC still requires significant computational resources. More critically, transitioning from SMPC to AMPC requires redesigning existing systems, which comes with engineering costs.

World Network, the decentralized identity verification protocol, introduces AMPC to protect user data while enabling identity validation. Through AMPC, users can prove their uniqueness without revealing personal details. This approach aligns with privacy-first goals and helps avoid centralized risks. For example, AMPC ensures that biometric data, which is crucial for identity verification, is not exposed to any single entity, thereby enhancing user trust.

MPC technologies, from SMPC to the more advanced AMPC, represent a cornerstone of modern cryptographic applications. By enhancing identity systems like World ID, SMPC and AMPC ensure privacy and trust in a digital-first world.

Did you know?  In 2008, Denmark witnessed a historic moment as the first large-scale, practical application of MPC was demonstrated in an auction.

Multi-party computation vs. Multi-signature wallets

If you're wondering whether MPC and Multi-sig wallets are the same? The answer is they’re both like security guards for your digital assets, but they work in different ways.

Consider a scenario where you want to secure a large amount of Ether (ETH). With MPC, your private key is split into multiple “shares, as explained above.” These shares are distributed across different devices or servers. To sign a transaction, these shares work together to create a signature without ever reassembling the original private key. This means that even if one device is hacked, the attacker won’t have the complete key.

Now, imagine you have a Bitcoin wallet. Instead of a single private key, you create multiple private keys. To authorize a transaction, you need a specific number of these keys to sign it. For instance, you might require two out of three keys to sign a transaction. This way, even if one key is compromised, your funds remain safe.

Here’s a summary of the differences between MPC and multi-signature wallets

Multi-party computation (MPC) vs. multi-signature wallets (Multi-sig)

So, which is better?

Well, it depends on your specific security needs and operational requirements.

  • MPC offers robust security by splitting a private key into shares, making it highly resistant to hacks. However, it’s complex to implement. 
  • Multi-sig wallets enhance security by requiring multiple signatures for transactions but are less flexible and can be vulnerable to key loss. 

Ultimately, the best approach often involves a combination of both techniques. For instance, you could use MPC to secure the generation and storage of private keys, while using multi-signature wallets to authorize transactions. This hybrid approach provides a robust and flexible security solution for digital assets.

Written by Arunkumar Krishnakumar