Commonly used plug-in wallets, such as metamask, work by generating a seed-mnemonic-public-private key through the BIP 39 protocol, and each transaction also requires the participation of the private key in plain text.
The MPC wallet only has private key fragments, which are stored on different devices; therefore, the MPC wallet will not expose the plaintext private key during the signing of the transaction. Even if the user’s device is compromised, the hacker cannot obtain the complete private key. But there is still a back risk in front of users…
Recently, the security of the private key of the wallet has once again become the focus of public opinion. At the beginning of March this year, a large number of addresses with ARB airdrops were leaked private keys, triggering a “windfall feast” for scientists; earlier, an industry OG Twitter issued a warning: “Discovered a new method of stealing coins, in In foreign KTVs, scam gangs have quietly modified the KTV’s shared power bank and implanted malicious programs. Guests spend most of the day singing, drinking, and spending in KTVs. Their mobile phones are prone to run out of power, and then they borrow them to charge them. Treasure, you thought that the charging treasure was charging your mobile phone, but it turned out to be reading the data in the mobile phone and stealing the private key in the wallet.”
How can ordinary web3.0 players protect their wallet assets in the dark forest on the chain and avoid tragedies?
A solution that is gaining ground is the MPC wallet, but how does it work? Is it really completely safe after use? This article will give you accurate science.
First of all, MPC (Multi-party Computation) is a zero-knowledge proof technology path proposed by Professor Yao Qizhi of Tsinghua University in 1982. In practical application scenarios, it covers a large number of modern cryptography technologies, such as RSA, ElGamal, and ECDSA. Cryptography algorithm, and Shamir secret sharing protocol, etc. The combination of these technologies makes MPC highly secure and scalable, and ensures the following security requirements:
- Distributed encryption allows data to be divided into multiple parts and stored in different parties, thereby avoiding the risk of data leakage;
- Zero-knowledge proof can prove the authenticity of a fact without revealing other information related to the fact;
- Secret sharing can distribute information to multiple parties, thereby ensuring that the information as a whole is not independently controlled by any one party.
To apply the MPC concept to wallet products, the current general method in the industry is:
- Each wallet manager (participant) will hold a key slice;
- And when a transaction is required, a certain number of participants cooperate, and only in the TEE (a trusted encryption execution environment) can the complete private key be reconstructed and the signing process completed.
This business process keeps the plaintext private key from being exposed during the transaction. Even if the device where the user stores the key fragment is hacked, the hacker cannot obtain the complete private key, thereby improving security.
It is not difficult to find that the core difference between the multi-signature wallet realized by MPC technology and the multi-signature wallet realized by smart contract such as Safe (Gnosis) is: the smart contract multi-signature wallet participates in the transaction through the private key (blockchain address) To achieve multi-signature, there is still the risk of the participant’s private key being stolen; however, the participants of the MPC wallet do not have the complete private key, but realize the threshold signature (Threshold Signature Scheme) through key sharding, thereby eliminating single-point risks .
But is the asset completely safe from now on? Obviously not!
Although the MPC wallet realizes the security of the signature process, it puts a post-risk [sharding security management strategy] in front of users.
The private key fragmentation management strategy of the MPC wallet currently has three mainstreams in the market: [self-custodial mode] [hybrid custodial mode] [centralized custodial mode]. Among them, [self-custodial mode] is the most suitable for the hardcore crypto native concept: users need to manage the mnemonic and all key fragments by themselves. Once the mnemonic and all storage fragmentation devices are lost, the assets will be on the chain fell into a deep sleep; while the [hybrid hosting model] [centralized hosting model] strategy can achieve functions such as unfamiliar device recovery and social recovery, but because the shard hosting party cannot 100% eliminate the risk of human nature doing evil, the security is the same as CEX , relying heavily on the credibility of the founders.
Therefore, users will face a difficult problem when choosing an MPC wallet: 1. Choose the [self-hosting model] product, and then use more energy and cost to protect the mnemonic; 2. Choose [hybrid hosting model] and [center Hosting model] products, enjoy a user experience close to web2.0, but you must trust the product operator will not do evil.
To sum up, the security of the MPC wallet is not only related to the signature process, but also related to the management strategy of key sharding.
[Self-hosting mode] is more suitable for enterprise-level users: they pursue complete security, and have enough manpower and resources to ensure that their mnemonic words and devices for storing shards will not be lost at the same time; while [hybrid hosting mode] [centralized hosting] Mode] is more suitable for ordinary web3.0 players: the amount of funds is small, and the positions are scattered, and there is a rigid demand for centralized scenarios, so they are used to trusting in human nature (even if they encounter a disaster like FTX, the loss is relatively small).
However, the author believes that when users withdraw funds from centralized institutions, both individuals and teams must hope to obtain a higher level of security. The [hybrid hosting model] [centralized hosting model] is obviously contradictory to the wishes of users. The release of Ethereum’s EIP-4337 means that in the future DAPP can provide users with services that support social login, social recovery, etc. games, social networking, etc.), users are relatively less sensitive to security; this business model will definitely have a great impact on the product market of [hybrid hosting model] and [centralized hosting model], and may even make such The product was completely eliminated after EIP-4337 was officially launched.