Polygon zkEVM

zkEVM

by with No Comment Blockchain and cryptocurrency basics

Polygon zkEVM is an EVM-compatible zkl2 (Zero-Knowledge Layer2). With zkEVM, Ethereum projects will be able to easily port existing smart contracts to the network without any modifications to their code.

This ease of implementation helps set the grounds for wider adoption. Even Vitalik Buterin also noted that L2 ZK solutions will drive the future of Ethereum scaling.

With zkEVM there will no longer be any barriers with regard to scalability, security, decentralization and developer experience. This is why many have crowned it as the end game or Holy Grail of crypto.

What is so unique about zkEVM?

Many people in crypto believed that a zkEVM was years away, and might never be practical or competitive with other ZK L2s. This was framed as an unavoidable tradeoff: we could have either full EVM equivalence or high performance, but not both. However, with the proving system breakthroughs pioneered by Polygon Labs, we belieive we can achieve full EVM equivalence while offering better performance (higher throughput, lower latency, and lower cost) than alt-L1s (Like Solana, Avalanche, Aptos), optimistic rollups and other ZK rollups.

Low cost

  • Polygon zkEVM harnesses the power of ZK proofs to reduce transaction cost.
  • zkSNARK footprint size in L1 for user cost optimization
  • Lowers total cost of usage for end users for a better user experience

High performance

  • ast network finality with frequent validity proofs
    Use of Polygon Zero technology, the fastest ZK proof in the world
  • Recursive STARK for extreme scalability
  • Developers can create different types of dApps for a variety of user experiences

EVM equivalence

  • Deployment onto EVM without changes in code
  • The vast majority of existing smart contracts, developer tools and wallets work seamlessly.
  • Allows developers to focus on improving code rather than re-writing it

Security

  • Ethereum security inherited in L2 with the additional benefit of L2 batching for scaling
  • ZK proofs ensure transaction validity and safeguards user funds
  • Assurance that information stored cannot be changed or corrupted
Web 3.0

Web 3.0

by with No Comment Blockchain and cryptocurrency basics

Web3 (also known as Web 3.0) is an idea for a new iteration of the World Wide Web which incorporates concepts such as decentralization, blockchain technologies, and token-based economics. Some technologists and journalists have contrasted it with Web 2.0, wherein they say data and content are centralized in a small group of companies sometimes referred to as “Big Tech”. The term “Web3” was coined in 2014 by Ethereum co-founder Gavin Wood, and the idea gained interest in 2021 from cryptocurrency enthusiasts, large technology companies, and venture capital firms.

Some commentators argue that Web3 will provide increased data security, scalability, and privacy for users and combat the influence of large technology companies. They also raise concerns about the decentralized web component of Web3, citing the potential for low moderation and the proliferation of harmful content. Some have expressed concerns over the centralization of wealth to a small group of investors and individuals, or a loss of privacy due to more expansive data collection. Others, such as Elon Musk and Jack Dorsey, have argued that Web3 only serves as a buzzword or marketing term.

Metaverse

Metaverse

by with No Comment Blockchain and cryptocurrency basics

‍A metaverse is simply an alternate version of reality that exists digitally. A metaverse is a digital universe that contains all the aspects of the real world, such as real-time interactions and economies. It offers a unique experience to end-users. Much like the physical reality, people interact in this metaverse to work, play, do business, and socialize with other people and elements.

In science fiction, the “metaverse” is a hypothetical iteration of the Internet as a single, universal, and immersive virtual world that is facilitated by the use of virtual reality (VR) and augmented reality (AR) headsets. In colloquial usage, a “metaverse” is a network of 3D virtual worlds focused on social connection.

The term “metaverse” originated in the 1992 science fiction novel Snow Crash as a portmanteau of “meta” and “universe”. Metaverse development is often linked to advancing virtual reality technology due to the increasing demands for immersion. Recent interest in metaverse development is influenced by Web3, a concept for a decentralized iteration of the internet.

In practice, there are multiple existing metaverses today, and they can be referred to with different names and terms. The concept derives from “meta” which means “beyond” and “universe” which refers to all existing matter and space. So the term, “metaverse”, so to speak, goes beyond all that is visible and known to exist.

In the blockchain and crypto industry, many projects working in other emerging technologies, like artificial intelligence, expanded reality (VR and AR) and internet of things (IoT) create versions of their own digital realities. This is where the term metaverse is often used to describe an ecosystem where users of the platform can find every single element, creation, experience, and interaction in a shared, and most importantly, persistent space.

The concept of metaverse is gaining popularity in big tech companies as well. It is difficult to know its shape in general; however, it can be identified by some or all of these characteristics:

  • Persistence: In the metaverse, a persistent space is continuously shaped with environments that continue to grow and evolve regardless of whether or not users are connected to and interacting with them.
  • Real time: Experiences there happen in real time. This doesn’t necessarily mean live; however, pre-recorded performances can be triggered, for example, but users experience them in real time.
  • Economy: The metaverse has a fully functional economy. It uses a native, blockchain-based currency to buy, sell, or trade products and services in the metaverse.
  • Physical bridge: In augmented reality, the metaverse can exist alongside or even be linked to the physical universe. Think of an additional digital layer on top of or linked to actual geographical coordinates, for example. This is as opposed to virtual reality metaverses that only exist in a virtual realm.
  • Open content: One major pull for metaverses is that the content and experiences within, unlike previous versions of digital universes, can be created by corporations and users together. Users are, in fact, expected to eventually provide the majority of content in a metaverse as UGC.
Digital Settlement Assets (DSA)

Digital Settlement Assets (DSA)

by with No Comment Blockchain and cryptocurrency basicsFinancial markets and economics basicsReviews

UK proposes measures to protect against the collapse of systemic “digital settlement assets”

In the aftermath of the recent collapse of TerraUSD, a prominent USD-pegged “stablecoin”, the UK government is consulting on new measures to bring systemic “digital settlement asset” firms within the special administration regime applicable to traditional systemic payment systems. The proposals raise a number of questions, particularly in relation to scope and objectives. Stakeholders have until 2 August 2022 to respond.

Regulatory response to collapse of TerraUSD

Last month, a highly prominent algorithmically maintained USD-pegged “stablecoin”, TerraUSD, went into freefall, along with its sister cryptocurrency Luna. The incident sent shockwaves across the crypto markets and reinforced the concerns of many regulators around potential contagion risks. In the UK, the Financial Conduct Authority promptly put out a reminder to consumers of the risks of investing in cryptoassets. There followed much speculation as to if and how the government might respond, in light of its recent efforts to present the UK as open for crypto business. The government has now published a consultation paper outlining proposals intended to mitigate financial stability risks by bringing systemic “digital settlement asset” firms within the Financial Market Infrastructure Special Administration Regime (FMI SAR).

What is the FMI SAR?

The UK has certain “special administration regimes” to deal with the insolvencies of entities like banks and financial market infrastructures, where the usual administration process does not best serve the public interest. Traditional payment systems which are recognised as systemic fall within the FMI SAR. If such a payment system fails, the FMI SAR requires the administrator to pursue an objective of service continuity (i.e. continuing to deliver the failed firm’s services), even if that is not in the best interests of the creditors. This is designed to mitigate the risk of severe disruption to the wider financial sector. The Bank of England has oversight and powers of direction over administrators of entities that fall within the FMI SAR.

Proposals to extend and amend the FMI SAR

The government is proposing to pass legislation (i) to establish that systemic (non-bank) digital settlement asset firms will generally fall within the scope of the FMI SAR and (ii) to make amendments to the FMI SAR regime in order to introduce an additional objective for administrators in these cases (as discussed further below). The proposal contemplates that the Bank of England will be the lead regulator but will have an obligation to consult with the FCA, given the potential for regulatory overlap.

What constitutes a “digital settlement asset” and a “systemic DSA firm”?
The consultation paper defines “digital settlement asset” in rather vague terms. What is clear is that this concept is intended to be broader than the category of “payment cryptoassets” which are to be regulated under the e-money and payment services regimes. The government has previously said that that category will not include algorithmic stablecoins. In contrast, the term “digital settlement assets” is said to include “wider forms of digital assets used for payments/settlement” alongside payment cryptoassets.

The term “systemic DSA firms” is stated to refer to “systemic DSA payment systems and/or an operator of such a system or a DSA service provider of systemic importance”. The paper notes that “[a] payment system may be designated as systemic where deficiencies in its design or disruption to its operation may threaten the stability of the UK financial system or have significant consequences for businesses or other interests.”

The additional objective for administrators of systemic DSA firms
While continuity of service is intended to remain an important objective in the administration of a systemic DSA firm, the government wants to introduce an additional objective “covering the return or transfer of funds and custody assets”. This is intended to reflect the fact that, unlike traditional payment firms, DSAs may allow users “to store value which is then used for the movement of funds between cryptoassets without transitioning into fiat money”. This raises a lot of questions. In particular, in the case of an algorithmic stablecoin which has no (or subpar) market value and which is backed by no legal rights or interests in respect of fiat money, what “funds” are intended to be “returned or transferred”, and by whom? The consultation paper provides little insight into these types of issues.

What’s next?

The consultation remains open for comment until 2 August 2022.

 

DAO - Decentralized Autonomous Organization

DAO – Decentralized Autonomous Organization

by with No Comment Blockchain and cryptocurrency basics

decentralized autonomous organization (DAO), sometimes called a decentralized autonomous corporation (DAC), is an organization constructed by rules encoded as a computer program that is often transparent, controlled by the organization’s members and not influenced by a central government. In general terms, DAOs are member-owned communities without centralized leadership. A DAO’s financial transaction records and program rules are maintained on a blockchain. The precise legal status of this type of business organization is unclear.

A well-known example, intended for venture capital funding, was The DAO, which amassed 3.6 million ether (ETH) – Ethereum’s mining reward – then worth more than US$70 million in May 2016, and was hacked and drained of US$50 million in cryptocurrency weeks later. The hack was reversed in the following weeks, and the money restored, via a hard fork of the Ethereum blockchain. Most Ethereum miners and clients switched to the new fork while the original chain became Ethereum Classic.

Background

Decentralized autonomous organizations are typified by the use of blockchain technology to provide a secure digital ledger to track digital interactions across the internet, hardened against forgery by trusted timestamping and dissemination of a distributed database. This approach eliminates the need to involve a mutually acceptable trusted third party in any decentralized digital interaction or cryptocurrency transaction. The costs of a blockchain-enabled transaction and of the associated data reporting may be substantially offset by the elimination of both the trusted third party and of the need for repetitive recording of contract exchanges in different records. For example, the blockchain data could, in principle and if regulatory structures permit it, replace public documents such as deeds and titles. In theory, a blockchain approach allows multiple cloud computing users to enter a loosely coupled peer-to-peer smart contract collaboration.

Vitalik Buterin proposed that after a DAO is launched, it might be organized to run without human managerial interactivity, provided the smart contracts are supported by a Turing-complete platform. Ethereum, built on a blockchain and launched in 2015, has been described as meeting that Turing threshold, thus enabling such DAOs. Decentralized autonomous organizations aim to be open platforms through which individuals control their identities and their personal data.

Governance

DAO governance is coordinated using tokens or NFTs that grant voting powers. Admission to a DAO is limited to people who have a confirmed ownership of these governance tokens in a cryptocurrency wallet, and membership may be exchanged. Governance is conducted through a series of proposals that members vote on through the blockchain, and the possession of more governance tokens often translates to greater voting power. Contributions from members towards the organizational goals of a DAO can sometimes be tracked and internally compensated. Inactive holders of governance tokens can be a major obstacle for DAO governance, which has led to implementations of allowing voting power to be delegated to other parties.

Issues

Social

Inactive or non-voting shareholders in DAOs often disrupt the organization’s possible functionality.

Legal status, liability, and regulation

The precise legal status of this type of business organization is generally unclear, and may vary by jurisdiction. On July 1, 2021, Wyoming became the first US state to recognize DAOs as a legal entity. American CryptoFed DAO became the first business entity so recognized. Some previous approaches to blockchain based companies have been regarded by the U.S. Securities and Exchange Commission as illegal offers of unregistered securities. Although often of uncertain legal standing, a DAO may functionally be a corporation without legal status as a corporation: a general partnership. Known participants, or those at the interface between a DAO and regulated financial systems, may be targets of regulatory enforcement or civil actions if they are out of compliance with the law.

In June 2022, the venture capital firm Andreessen Horowitz published an “Entity selection framework” describing organizational alternatives for DAOs with substantial presence in the United States.

Security

A DAO’s code is difficult to alter once the system is up and running, including bug fixes that would be otherwise trivial in centralized code. Corrections to a DAO require writing new code and agreement to migrate all the funds. Although the code is visible to all, it is hard to repair, thus leaving known security holes open to exploitation unless a moratorium is called to enable bug fixing.

In 2016, a specific DAO, “The DAO”, set a record for the largest crowdfunding campaign to date. Researchers pointed out multiple problems with The DAO’s code. The DAO’s operational procedure allowed investors to withdraw at will any money that had not yet been committed to a project; the funds could thus deplete quickly. Although safeguards aimed to prevent gaming shareholders’ votes to win investments, there were a “number of security vulnerabilities”. These enabled an attempted large withdrawal of funds from The DAO to be initiated in mid-June 2016. On July 20, 2016, the Ethereum blockchain was forked to bail out the original contract.

DAOs can be subject to coups or hostile takeovers that upend its voting structures especially if the voting power is based upon the number of tokens one owns. An example of this occurred in 2022, when one individual collected enough tokens to give themselves voting control over Build Finance DAO, which they then used to drain the DAO of all its money.

List of notable DAOs

This is a dynamic list and may never be able to satisfy particular standards for completeness.

 
Name Token Use cases Network Launch Status
The DAO DAO Venture capital Ethereum April 2016 Defunct late 2016 due to hack
ConstitutionDAO PEOPLE Purchasing an original copy of the Constitution of the United States Ethereum November 2021 Defunct
PleasrDAO PEEPS A group of art collectors who own the sole copy of a Wu Tang Clan album Ethereum April 2021 Operational
FreeRossDAO FREE Clemency for Ross Ulbricht, criminal justice reform advocacy organization Ethereum December 2021 Operational
AssangeDAO JUSTICE Purchased Clock, an NFT artwork by Pak, to fund legal defense of WikiLeaks‘ founder Julian Assange Ethereum February 2022 Operational
MakerDAO MKR Lender, stablecoin creator Ethereum December 2017 Operational
MoonDAO MOONEY Purchased tickets to send members to space on flights NS-22 and NS-24 Ethereum November 2021 Operational
Uniswap UNI Exchange, Automated Market Making Ethereum & Celo November 2018 Operational

 

get-started-whats-a-non-custodial-lg@2x

Custodial vs. Self-custodial Wallets

by with No Comment Blockchain and cryptocurrency basics

In modern finance, it’s standard practice for service providers like banks to retain custody of your assets. This means, for example, that when you want to make a withdrawal from your bank account, while you may have a legal claim to the money, the reality is that you’re asking for permission from your bank. Banks can and regularly do deny such permission, and their reasons for doing so do not always align with the best interests of individual customers. Further, even when service providers uphold the custody rights of their customers in good faith, factors outside of their control may force them to deny you access to your money. For example, a government may force banks to restrict withdrawals in an attempt to stop runaway inflation, as happened in Greece in 2015. Another, perhaps more insidious example, is Operation Choke Point, where the US government pressured banks to deny service to people involved in a variety of (legal) industries it had identified as morally corrupt.

With the advent of blockchain-supported decentralized systems – of which Bitcoin is the primary example – it became possible, for the first time, to provide self-custodial financial services at a large scale. In the self-custodial model, the customer retains full custody (possession) of their assets at all times, using the service provider merely as an interface for conveniently managing their assets.

When you use a self-custodial wallet (like the Bitcoin.com Wallet), first of all, you don’t need to ask for permission to use the service. There’s no account approval process, meaning anyone in the world can download the app and start using it immediately. Secondly, only you have access to your funds. This makes it nearly impossible for the service provider (in our case Bitcoin.com), a government, or anyone else to prevent you from using your funds exactly as you wish.

Of course, with great power comes great responsibility! Since you’re the only one with access to your funds, you need to manage your wallet carefully. This includes backing up your wallet and adhering to password management best practices.

What’s the difference between self-custodial and non-custodial?

Nothing. Self-custodial == non-custodial.

Are all cryptocurrency wallets self-custodial?

Absolutely not. Centralized cryptocurrency exchanges (Coinbase, Binance, etc.) provide custodial cryptocurrency wallets (sometimes known as ‘web wallets’). While such exchanges are useful for buying, selling, and trading cryptoassets, when you use these exchanges, your crypto is held in trust by the exchange. Note that with self-custodial wallets like the Bitcoin.com Wallet, you can also buy, sell, and trade cryptocurrencies.

What are the risks associated with custodial cryptocurrency wallets?

The risks are similar to (and in many cases greater than) those associated with holding your money at a bank or using a payment app like PayPal. The risks stem from the fact that, fundamentally, you’re not in full control of your funds.

Firstly, you are exposed to the risk that the exchange will go bankrupt. If that happens, it is highly unlikely that you will recover the crypto you held on the exchange.

Second, since taking custody of financial assets is a regulated activity, centralized cryptocurrency exchanges are subject to the whims of regulators in the jurisdiction they are domiciled. And since cryptocurrency regulations are in a state of flux in most regions, this means there’s always the possibility that you’ll wake up to find you are unable to access your cryptoassets.

Next, the exchange may charge extra fees for withdrawals (which is common), slow down your withdrawal process (also common), or prevent you from withdrawing altogether (rare but not impossible).

Finally, there’s the risk that the get hacked. And since cryptocurrency exchanges generally aren’t insured and are often registered offshore, it’s likely you’ll lose your cryptoassets and have no recourse to action.

Are there any other reasons to use a self-custodial wallet?

Self-custodial crypto wallets provide you with direct access to public blockchains. The best wallets, like the Bitcoin.com Wallet, allow you customize the fees you pay to public blockchain miners and validators. This means, for example, that you can choose to pay less for transactions when you’re not in a hurry (or more if you’re in a rush!). Finally, because self-custodial wallets provide direct access to blockchains, they also enable you to interact with smart contracts. That means, for example, you can access decentralized finance products that enable you to earn passive income.

How do I know if I’m using a self-custodial wallet?

All self-custodial crypto wallets enable you (and only you) to possess the private key associated with your public address. This typically takes the form of either a file or a ‘mnemonic phrase’ that consists of 12-24 randomly generated words. If your wallet doesn’t have this option, it’s custodial (meaning you’re not in full control of your cryptoassets).

The Bitcoin.com Wallet, which is fully self-custodial, also offers a cloud backup service (in addition to giving you the option to store the private key for each of your wallets as a mnemonic phrase). With the cloud backup service, you create a single custom password that decrypts a file stored in your Google Drive or Apple iCloud account. If you lose access to your device, simply reinstall the Wallet app on a new device, enter your password, and you’ll again have access to all of your cryptoassets. Further, whenever you add more wallets within your Bitcoin.com Wallet, your backup file will automatically sync. This means you never have to worry about creating or managing a new backup for each new wallet you create!

Custodial vs. Self-custodial Wallets
Custodial vs. Self-custodial Wallets

Self-custody wallets tips

Only download a wallet application from the official app store or website in order to avoid fake or modified phishing versions.

Ensure your wallet devices are always updated to the latest official firmware or software available.

Always keep your recovery seed phrase or private key safe from third parties and environmental hazards such as fire and water.

Never generate or store a digital copy of your recovery seed or private key. Even your printer could keep a digital copy. Write it down instead.

Use 2 factor-authentication (2FA) and biometric verification (fingerprints, patterns etc) on your phone or laptop if you have a software wallet or use a hardware wallet application.

Be careful which smart contracts or Dapps you interact with, and avoid blind signing where possible.

MPC Multi-Party Computation

What is MPC (Multi-Party Computation)?

by with No Comment Blockchain and cryptocurrency basicsCybersecurity basics

“Not your keys, not your coins” has resulted in over $100 billion lost or stolen since the early 2010s, specifically because of private key mismanagement. Clinging to this ‘golden rule’ will fail to onboard the next 1 billion into a bankless, self-empowered Web3. Secure crypto technologies like MPC are the hybrid solution for an overwhelming majority of new and current users, offering optimal tradeoffs between security, self-custody, recoverability, and interoperability.

Not Your Keys Not Your Crypto? Outdated.

The mantra of “not your keys not your crypto” is as powerful today as it was in 2017. But the result? Lost and stolen seed phrases, misplaced private keys, stress for new users, and a flight to CeFi exchanges and ‘crypto banks.’

An estimated $100 billion dollars of Bitcoin (just Bitcoin) has been lost forever, because of private key mismanagement.

As a community, crypto has been dogmatically clinging to a purported “private key gold standard,” more obsessed about the technology than providing what people actually need. MPC is a solution that already exists, recently championed by companies like Coinbase and ZenGo.

Simple and secure MPC technology is already being used at the institutional level – companies like Fireblocks are helping custody billions of dollars of cryptoassets with MPC cryptography. It’s time average users get the same bulletproof security as the big players, and developers understand the security benefits of MPC to onboard more crypto users.

The false dichotomy: Centralized Exchanges v. Non-Custodial Wallets

For years the status-quo perpetuated a dangerous misconception: There are only 2 ways to store crypto. This false dichotomy is why so many potential crypto-enthusiasts haven’t started to get involved in the ecosystem.

Option 1: Exchanges

Custody cryptoassets in a centralized exchange, giving up your freedom, control, and on-chain access in return for relative security, simplicity, and comfort knowing someone else will worry about secure crypto storage.

Option 2: Self-custody with Private Keys

Use an on-chain crypto wallet with private keys, rendering assets vulnerable to scammers, hacks, lost or misplaced keys – but knowing you have ultimate control over your crypto: to store, HODL, or lose…

There’s actually a better way: A hybrid solution in the form of a type of cryptography called MPC, or multi-party computation.

What is MPC and how does it work?

MPC stands for Multi-Party Computation. This is a type of cryptographic technology.

Leveraging MPC, wallets (and institutions) can securely design an on-chain asset management system that makes recovery easier, while simultaneously increasing secure self-custody by removing the single point of failure of a private key.

At a basic level, MPC (within the cryptographic world of threshold signatures) allows 2 (or more) parties to securely input information into a system and activate (or unlock) an outcome > without any party being able to see the inputs of the others.

This makes it possible to design a crypto wallet that uses multiple parties to backup or restore a user’s funds > while keeping the funds in the user’s custody at all times.

This design offers a number of advantages:

  • Easy to recover
  • No single point of failure for phishing
  • Entirely user controlled

Why MPC is a better user experience than a “seed phrase” wallet

This type of recovery is immediately more familiar and far less scary for the majority of people. Almost everyone who has created an account of any kind online knows how to recover their login using an email, trusted contact, cloud backup, or their biometric scan.

This is why these types of recoverability are crucial for bringing new people into crypto systems. Implementing familiar solutions for recovery will allow more people to feel comfortable using crypto.

Once in the ecosystem, some will want different types of security or options with a low centralization risk. There is nothing preventing anyone from using multiple wallets once they have started using crypto. In fact, it is encouraged to use more than 1 wallet when storing cryptoassets.

There is, however, a HUGE barrier to entry with the majority of wallets for the majority of people: Seed phrases.

Having a single phrase that can move the entire contents of an account in an instant can be scary. Some people are willing to rely fully on themselves to keep something this important safe. Most people are not.

Having a path to enter crypto for the first time, try applications, and hold assets where users DON’T have to worry about a seed phrase is CRITICAL for the next 1 Billion people to join the world of #Web3.

MPC Wallets do not use seed phrases

MPC wallets like ZenGo replace the traditional private key with two independently created mathematical “secret shares.” One share is stored on your mobile device and the other on the ZenGo server.

With no single point of failure, even if something happens to one of the shares, no one can access your crypto but you.

Learn more about MPC: Threshold Signature Scheme (TSS):

To understand the type of cryptography behind MPC it’s helpful to learn about TSS (Threshold Cryptography) which is a subfield of MPC.

In TSS cryptography, cryptographic operations are defined with a threshold assumption in mind – it is assumed that at least a threshold of the parties involved in the computation are acting honestly and not controlled by an attacker at the same time. It could be two parties, or more. Learn more about TSS here.

MPC Cryptography is gaining adoption

While ZenGo was the 1st crypto wallet to support MPC for consumers, companies like Fireblocks have been managing billions of dollars of assets for some of the world’s leading crypto institutions for years. Coinbase recently announced support for an MPC-powered Dapp browser inside of their custodial crypto wallet.

As MPC offers the optimal balance between on-chain self-custody, wallet security and crypto recoverability, it is only a matter of time until MPC becomes widely adopted.

FAQ: MPC Crypto Wallet

Q: How does MPC (Multi-Party Computation) work?
A: MPC works by splitting the traditional private keys into multiple pieces, distributing them in multiple places to ensure no one person has full access to the traditional private key. The major advantage here is that the private key is always used in a distributed manner.

When a transaction signature is required, the parties involved (in ZenGo there are two: the ZenGo server and the user’s phone) in order to separately run a computation to make whatever you wanted to happen on the blockchain, well, happen! The best part of this process is no single entity can ever get access to any private key: There is no single point of vulnerability. Even if an attacker tried to get access to one of the two shares, they can’t access all of the ‘secret shares’ simultaneously, making your digital assets much safer than in the traditional private key architecture.

Q: Who uses MPC?
A: A number of billion-dollar institutions are using by MPC technology, including Fireblocks, Coinbase, and ZenGo.

Q: Is MPC new technology?
A: MPC technology is actually dozens of years old – initial development began in the 1980s – but applied MPC technology to crypto wallets is a relatively recent technological innovation in the last decade.

Q: Does MPC support many blockchains?
A: A major advantage of MPC, in addition to its security and recoverability benefits, includes the fact that it is chain-agnostic. Unlike multi-signature (MultiSigs) approaches which do not support every blockchain, MPC can be applied to many. ZenGo actively contributes to open-source MPC material on GitHub, learn more here.

More info for professionals:

If you’re in the institutional digital asset space, you’ve probably heard about MPC (multi-party computation). While MPC theory has been around since the early ’80s, it first entered the digital asset space just a few years ago; since then, MPC has become one of the primary technologies wallet providers and custodians are utilizing to secure crypto assets.

But what exactly is MPC? How does it work, and what benefits does it have? We’ll walk you through everything you need to know about the technology and its role in digital asset security today.

Let’s start with an introduction to cryptography in general to get a better understanding of MPC’s origins.

A (Very) Brief Introduction to Cryptography

The field of cryptography provides its users with a method for:

  • sending messages that only the intended receiver of the message will understand
  • preventing unauthorized third parties from reading them in case of interception
  • verifying the authenticity and integrity of digital messages from a known sender

Though cryptography stretches as far back as the ancient Egyptians, one of the most famous modern examples is the Enigma machine – a device used by the Germans to send encrypted messages during WWII which was finally cracked by the British mathematician, Alan Turing.

Whereas cryptography was once primarily the concern of government and military agencies, in the internet era cryptography plays an increasingly central role in the way we all transfer information.

While the idea behind cryptography can appear simple, the field does include some extremely complex math. In essence, messages are scrambled, or “encrypted,” by a secret recipe (or algorithm) that hides the information contained within it. This way, should the encrypted message be stolen or intercepted by a malicious or non-trusted third party, they will be unable to understand, see or alter the information the message holds. Instead, the only one who can read that message correctly is the one who knows how the message was encrypted and thus holds the key to unscramble, or “decrypt,” it.

Encrypted Message: HZZO HZ VO OCZ KJNO JAADXZ

Secret Algorithm: *use the letter which is five letters preceding the ‘real message’ letter*

ABCDEFGHIJKLMNOPQRSTUVWXYZ

Decrypted Message: MEET ME AT THE POST OFFICE

This ‘Caesar cipher’ utilizes very simple math to demonstrate the concept of encryption. However, it is known to be broken. To securely encrypt information, more advanced math is required.

In the world of blockchain, the “message” being transferred is a digital asset, and the “key” to that digital asset is essentially the decryption tool used to receive that digital asset.

That key itself – known as the “private key,” as access to a digital asset requires both a publicly known cryptographic key and a related private one – must be kept safe, as anyone who knows the private key can move the asset to their own wallet. This is where MPC comes in: it’s one of the most powerful tools for protecting private keys.

How does MPC (multi-party computation) work?

In a general sense, MPC enables multiple parties – each holding their own private data – to evaluate a computation without ever revealing any of the private data held by each party (or any otherwise related secret information).

The two basic properties that a multi-party computation protocol must ensure are:

  • Privacy: The private information held by the parties cannot be inferred from the execution of the protocol.
  • Accuracy: If a number of parties within the group decide to share information or deviate from the instructions during the protocol execution, the MPC will not allow them to force the honest parties to output an incorrect result or leak an honest party’s secret information.

In an MPC, a given number of participants each possess a piece of private data (d1, d2, …, dN). Together, the participants can compute the value of a public function on that private data: F(d1, d2, …, dN) while keeping their own piece of data secret.

For example, let’s imagine three people, John, Rob, and Sam, want to find out who has the highest salary without revealing to each other how much each of them makes – this is actually a classic example of MPC, known as The Millionaire’s Problem. Using simply their own salaries (d1, d2, and d3), they want to find out which salary is the highest and not share any actual numbers with each other. Mathematically, this translates to them computing:

F(d1,d2,d3) = max(d1,d2,d3)

If there were some trusted third party (i.e. a mutual friend who they knew could keep a secret), they could each tell their salary to that friend and find out which of them makes the most, AKA F(d1,d2,d3), without ever learning the private info. The goal of MPC is to design a protocol, where, by exchanging messages only with each other, John, Rob, and Sam can still learn F(d1,d2,d3) without revealing who makes what and without having to rely on an external third party. They should learn no more by engaging in the MPC than they would have by interacting with their trustworthy mutual friend.

History and Applications of MPC

MPC’s (multi-party computation) initial development began in the ’80s – a fairly recent breakthrough within the world of cryptography.

Up until that point, the majority of cryptography had been about concealing content; this new type of computation focused instead on concealing partial information while computing with data from multiple sources.

  • 1982 – Secure two-party computation is formally introduced as a method of solving The Millionaire’s Problem
  • 1986 – Andrew Yao adapts two-party computation to any feasible computation
  • 1987 – Goldreich, Micali, and Wigderson adapt the two-party case to multi-party
  • 1990s – Study of MPC leads to breakthroughs in areas including universal composability (pioneered by Fireblocks cryptography advisor Ran Canetti) and mobile security
  • 2008 – The first large-scale, practical application of multi-party computation – demonstrated in an auction – takes place in Denmark
  • Late 2010s – MPC is first utilized by digital asset custodians and wallets for digital asset security
  • 2019 – Debut of MPC-CMP, the first 1-round, automatic key-refreshing MPC algorithm

Today, MPC is utilized for a number of practical applications, such as electronic voting, digital auctions, and privacy-centric data mining. One of the top applications for MPC is for securing digital assets – and recently, MPC has become the standard for institutions looking to secure their assets while retaining fast and easy access to them.

Why is MPC becoming the standard for digital asset security?

To utilize your digital assets, you need a public key and a private key; your ability to safely hold and transfer the asset itself is only guaranteed as long as the private key is safe. Once that key is in someone else’s hands, they can transfer the assets to their own wallet. Therefore, preventing the theft of private keys is crucial to maintaining digital asset security.

Historically, there have been a few primary options for securely storing private keys. These options tend to fall into either hot, cold, or hardware based storage.

  • Hot Storage – Private key is held online
  • Cold Storage – Private key is held offline
  • Hardware Wallet – Private key is held offline on a physical device

While these tools were at one point the only options for digital asset storage, certain operational and security inefficiencies in each have led to the rise of new solutions, such as MPC. Importantly, MPC is strong for not only digital asset storage, but digital asset transfers, as well – and as the digital asset market has developed and grown, so has the need for a security tool that enables fast transfers and advanced business strategies.

Cold Storage

One way to reduce the exposure to digital asset loss is by storing funds in cold storage.

Cold storage enables a user to sign a transaction with their private keys in an offline environment. Any transaction initiated online is temporarily transferred to an offline wallet kept on a device such as an offline computer, where it is then digitally signed before it is transmitted to the online network. Because the private key does not come into contact with a server connected online during the signing process, even if an online hacker comes across the transaction, they would not be able to access the private key used for it.

However, there are several issues with cold storage:

  • For a contemporary digital asset business that’s actually trading assets with any frequency, it is too slow to trade from – often taking between 24 to 48 hours to make a transfer
  • It does not protect against deposit address spoofing or credential theft

Hardware Wallet

Another method of securely storing private keys is the hardware wallet. Hardware wallets are external devices where you store your private keys, such as a USB stick. Hardware wallets are resilient to malware, and if you happen to lose the wallet you’ll be able to recover the funds using a seed phrase. On the other hand, if you lose the seed phrase, there is no other way of recovering your bitcoin.

Like cold storage solutions, hardware wallet solutions lack the speed that today’s digital asset businesses require.

Hot Wallets

Alternatively, storing funds in a hot wallet is cumbersome due to error-prone copy-pasting of addresses, ever-changing whitelists, and constant 2FA rituals.

Some hot wallets utilize multisignature, or multisig, technology to divide private keys into multiple shares. Unfortunately, multi-sig is not protocol-agnostic (meaning it’s not compatible with all blockchains), and lacks the operational flexibility to support growing teams.

As a result, the best solution is one that offers both operational and institutional security requirements to store the private key safely while at the same time not hindering operational efficiency.

MPC for Private Key Security

With MPC, private keys (as well as other sensitive information, such as authentication credentials) no longer need to be stored in one single place. The risk involved with storing private keys in one single location is referred to as a “single point of compromise.” With MPC, the private key is broken up into shares, encrypted, and divided among multiple parties.

These parties will independently compute their part of the private key share they hold to produce a signature without revealing the encryption to the other parties. This means there is never a time when the private key is formed in one place; instead, it exists in a fully “liquid” form.

Ordinarily, when a single private key is stored in one place, a wallet’s owner would need to trust that the device or party that holds that private key is completely secure. Such a device could be an HSM or, less securely, a crypto exchange that essentially holds the customer’s private keys on their behalf.

However, these parties have proven themselves to be vulnerable. When an attacker only needs to succeed in hacking one point of compromise to steal a private key, it leaves the digital assets that key unlocks wide open to theft.

MPC does away with this problem, as the private key is now no longer held by any one party at any point in time. Instead, it is decentralized and held across multiple parties (i.e. devices), each blind to the other. Whenever the key is required, MPC is set in motion to confirm that all parties, or a predetermined number of parties out of the full set, approve of the request.

With MPC technology in play, a potential hacker now has a much harder task ahead of them. To gain control over a user’s wallet, they now need to attack multiple parties across different operating platforms at different locations simultaneously.

The MPC solution then solves the problem of secure key storage. As the key no longer resides in one single place, it also allows more personnel to access a wallet without the risk of any of them turning rogue and running off with the digital assets it contains.

In addition, with the private key completely secure, users can now hold their assets online and no longer need cumbersome cold-storage devices. This means that transferring digital assets is now more fluid and no compromise is required between security and operational efficiency.

Types of MPC Algorithms

Given its inherent properties MPC, in and of itself, is a powerful tool for securing digital assets. However, not all MPC algorithms are created equal. Today, many institutions that are using MPC employ algorithms such as Gennaro and Goldfeder’s algorithm (MPC-GG18); while protocols like this one are still considered the industry standard by many, it doesn’t reach as high of a level of efficiency, security, or operational flexibility as certain new MPC algorithms are able to achieve.

To effectively run a profitable digital asset business in today’s ever-changing market or execute high-volume withdrawal requests for a large retail customer base, financial institutions (such as exchanges, lending providers, and banks) require instant and secure access to funds.

However, due to a complex regulatory environment, many of these institutions are forced to operate with secure but slow cold storage solutions. So, the compatibility of an algorithm with cold storage is another important factor to consider when evaluating MPC algorithms.

The Gennaro and Goldfeder MPC Algorithm

Gennaro and Goldfeder’s algorithm is currently one of the top MPC algorithms available, and many institutions that protect their private data using MPC utilize this algorithm.

However, with Gennaro and Goldfeder’s algorithm, the communication latency between the MPC-shares (the devices that hold the key shares) doesn’t reach the highest level of efficiency – as it requires users to wait for transactions to undergo up to 9 signature rounds.

In addition, Gennaro and Goldfeder’s algorithm doesn’t offer any flexibility for institutions that need to use cold storage.

The Lindell et al. MPC Algorithm

Lindell et al. offers a slight decrease in the number of transactions that need to be signed from Gennaro and Goldfeder, at 8. However, this still doesn’t reach the level of operational efficiency necessary for today’s markets.

Like Gennaro and Goldfeder, Lindell et al. does not offer support for cold storage.

The Doerner et al. MPC Algorithm

Doerner et al.’s MPC algorithm accomplishes a threshold using just 6 signatures. Yet, again, the level of efficiency that’s possible with today’s technology is still higher than this.

And like the previous two algorithms, Doerner et al. can’t provide solutions for institutions that are looking to use cold storage in tandem with MPC.

MPC-CMP: The Newest Innovation in MPC

Building off of the groundwork laid by Gennaro and Goldfeder, the Fireblocks cryptography team (in collaboration with Professor Ran Canetti, the founder of the universal composability security model) recently developed and released a new algorithm, MPC-CMP. MPC-CMP enables digital asset transactions to be signed in just 1 round, meaning that it offers the fastest transaction signing speeds of any MPC algorithm by 800%. 

MPC-CMP also solves the challenges faced by businesses looking to use cold storage in tandem with MPC by allowing hot and cold key signing mechanisms – with at least one key share stored offline in an air-gapped device.

This introduces new configuration possibilities for institutions in regions with specific regulations around cold storage and strengthens the security of MPC-based wallets by adding a key refresh mechanism (minutes-long intervals). While traditional cold wallets require physical proximity and trust for certain employees to operate these wallets without making an error or acting maliciously, MPC-CMP operationalizes cold wallets – creating a solution for today’s high-paced crypto markets.

With the new algorithm, we’ve introduced a new security feature that ensures MPC key shares are automatically refreshed in minutes-long intervals. That means a malicious actor only has a few moments to steal all the key shards before the shares are refreshed and they have to start over – effectively adding a new layer of protection to our multi-layered security system.

MPC is open-source and peer-reviewed. We will not be applying for patents on MPC-CMP. That means all digital asset custodians and MPC vendors can access our new protocol and use it for free. In addition, the algorithm is universally composable, guaranteeing strong security properties for any implementation out-of-the-box. Universally composable cryptographic protocols are important to practical implications of new cryptography, as they remain secure even when arbitrarily composed with other protocols – and guarantee that even when multiple transactions are concurrently signed in parallel, security is not compromised.

Algorithm  Transaction Rounds Universally Composable Cold Storage Compatible Peer-Reviewed Open-Source
Gennaro and Goldfeder 9 No No Yes Yes
Lindell et al. 8 No No Yes No
Doerner et al. 6 No No Yes No
MPC-CMP 1 Yes Yes Yes Yes 

What’s next for MPC?

MPC has quickly become the standard for securing digital assets. Major financial institutions – including Celsius (biggest US crypto lending desk), and Revolut (Europe’s largest neobank) – have announced their transition to MPC. But in 2021, MPC is only one part of the equation for digital asset security.

As we’ve seen over the years, the best defense against cybercriminals is a multilayered one that can provide redundancy in the event that one of the security controls fails. That’s why today’s institutions require a security system that layers MPC alongside numerous other software and hardware defenses to make breaking in highly expensive and nearly impossible.

At Fireblocks, our “defense-in-depth” security system fulfills these requirements, utilizing Intel SGX chip-level hardware isolation, distribution of sensitive information across multiple tier-1 cloud providers, and a highly customizable policy engine in addition to MPC. Today, we’re using MPC-CMP – the fastest and most secure MPC algorithm currently available – adding a new degree of flexibility to the equation (including the ability to sign an MPC from a hardware storage device).