Avocado DAO’s February 2024 Insights: A Gamer’s View on Multi-Party Computation Wallets
Introduction to Cryptocurrency Wallets
Cryptocurrency wallets are essential tools for managing digital currencies like Bitcoin and storing public and private keys needed for blockchain transactions. They don’t hold the cryptocurrency itself but enable interaction with the blockchain. In the past, you might have heard that wallets come in two types: ‘hot’ wallets (e.g., MetaMask, Trust Wallet, or Phantom Wallet), which are internet-connected and convenient but more vulnerable to online threats, and ‘cold’ wallets, like hardware (e.g., Ledger or Trezor) and paper wallets, that offer increased security by storing keys offline. In reality, both of these wallets have the same vulnerability: A single seed phrase that represents a single point of failure. After all, if your recovery seed phrase is lost or stolen, it’s game over for all of your assets!
Therefore, it’s better to look at wallets with an updated paradigm: Single-factor wallets and multi-factor wallets. A single-factor wallet is a wallet with a seed phrase, whether hardware or software. A multi-factor wallet, on the other hand, has no single point of failure and is, therefore, more secure by default. Multi-factor wallets can range from simple and secure MPC (multi-party computation) wallets to complicated setups with multi-sigs. Let’s focus on MPC wallets and review the market leader, Zengo Wallet, to better understand how they work.
The introduction of Multi-Party Computation (MPC) technology represents a significant advancement in wallet security. By distributing key management, MPC addresses common vulnerabilities, improving both security and user experience and removing the single point of failure inherent to seed phrase hardware and software wallets. MPC wallets represent ongoing innovation in digital asset management, aiming to make cryptocurrencies more accessible and secure for users. Through these innovations, the industry seeks to balance the convenience of hot wallets with the security benefits of cold storage solutions, ensuring the safe and efficient management of digital assets.
Private Keys and Public Keys: The Basics
Public keys, generated using asymmetric algorithms, are large numerical values for data encryption and receiving funds. They’re paired with a corresponding private key, often issued by a certificate authority to verify the owner’s identity. Public keys encrypt data and verify digital signatures, while private keys decrypt messages and create signatures. From your private key, a public key is derived — think of your public key as the address of your mailbox. You can share this address with anyone in the world. When someone wants to send you a secret message (or, in cryptocurrency terms, some digital currency), they use this address.
Just like a mailbox, anyone who knows your address can drop a message in, but they can’t take anything out. Similarly, anyone with your public key can send you cryptocurrency, but they can’t withdraw any from your wallet.
Your private key, on the other hand, is like the key to this mailbox. It’s something you keep safe and never share with anyone. This key allows you to open your mailbox and access all the secret messages (or cryptocurrency) you’ve received.
A private key is a unique, long alphanumeric string linked to a specific wallet. It grants access to the wallet and is essential for proving ownership and/or spending funds. Since private keys are complex and hard to remember, storing the keys effectively can be challenging, and losing one means losing access to the wallet, and if a hacker is able to steal your private key then they can steal your assets. Single-factor hardware and software wallets have a unique, singular private key, which is used with a public key to execute secure transactions. Multi-factor wallets like Zengo’s MPC wallet have no single private key, which makes them much more difficult to steal.
If someone else gets your private key, they can open your mailbox and take everything inside — just like if someone gets your cryptocurrency private key, they can access your wallet and transfer your funds.
Understanding Seed Phrases
In the world of cryptocurrency, understanding how seed phrases, private keys, and public addresses work together is crucial for the security and effective management of digital assets.
Single-factor wallets use “Seed Phrases” to allow recovery of a lost private key wallet. Imagine your seed phrase as the master blueprint for creating keys to a series of mailboxes, each representing a cryptocurrency wallet. Just like a set of words carefully chosen, this blueprint ensures that each wallet has its unique combination.
Now, picture adding a personalized security code to this blueprint — a special password is acting like an extra combination lock on your mailboxes. It’s an additional layer of security, making unauthorized access nearly impossible even if someone gets hold of your blueprint.
With this seed phrase, combined with a specific password, you can generate a myriad of private keys. However, without a systematic way to organize these keys, managing them could become overwhelmingly complex. This is where the Hierarchical Deterministic (HD) path comes into play. An HD path is essentially a structured framework that allows for the organized generation of private keys from the single root seed phrase.
Consider the HD path as specific keys for different purposes. If your wallets are like various mailboxes (one for bills, one for personal letters), the HD path determines which particular key is created. Follow one path and get the key to your bills mailbox; follow another and get the key to your personal letters mailbox. Each HD path generates a unique private key, akin to an individual mailbox key. This key is what you use to unlock a specific mailbox or, in cryptocurrency terms, to access and manage funds in a particular wallet.
Remember, keep your seed phrase confidential and securely stored; it’s the key to accessing and recovering your digital assets.
Challenges with Traditional Seed Phrase Wallet Security
Traditional wallets that utilize seed phrases, while designed to protect assets, often encounter several common issues:
1. Single Points of Failure
Wallets dependent on a single key or password are vulnerable. If this key is compromised, lost, or forgotten, access to funds can be lost.
2. User Error in Seed Phrase Storage
Mistakes in storing seed phrases, such as insecure storage, incorrect writing, loss, or forgetting where it’s stored, can lead to irreversible loss of wallet access.
3. Phishing Attacks
Users risk fund theft by entering private keys or seed phrases into fraudulent websites or apps, with phishing techniques becoming increasingly sophisticated.
4. Malware and Viruses
Wallets on computers or smartphones can be compromised by malware or viruses, leading to the theft of keys or seed phrases or manipulation of wallet addresses.
6. Physical Theft or Damage
Physical storage like paper or hardware wallets carries risks of theft, loss, or damage, necessitating secure and redundant storage solutions.
This is where MPC technology becomes useful and oftentimes more secure and a better solution for most people.
Introduction to MPC (Multi-Party Computation) Wallets by Zengo
MPC technology, or Multi-Party Computation, is a cryptographic technique that enables various participants to collaboratively compute a function over their inputs while ensuring that each participant’s inputs remain confidential. In the context of crypto wallets, MPC is applied to enhance security and privacy in key management processes.
In crypto, an MPC wallet allows the computation of a private key in multiple parts, securing these parts among different parties or devices. This setup ensures that no single entity has complete control over the private key, thereby reducing the risk of theft or loss. Each transaction or operation requires a consensus among the parties, making it significantly more challenging for unauthorized users to access the wallet’s funds.
Imagine it like a puzzle; each party holds a piece, and only by coming together can they complete the picture and make transactions possible. This collaborative approach ensures that the risk of theft or loss is greatly reduced since an attacker would need to compromise multiple parties to gain access, a much harder feat.
Moreover, every action, whether sending or receiving cryptocurrency, requires agreement from all parties involved. This consensus requirement adds an extra layer of security, making it tough for unauthorized users to access the funds in the wallet.
MPC technology is designed to be both secure and user-friendly, ensuring that even beginners can navigate the complex world of cryptocurrency with confidence. Spreading the responsibility of key management across several entities makes the digital wallet much harder to crack, offering peace of mind in the digital age.
This application of MPC in crypto wallets eliminates the single point of failure associated with traditional private key management, offering a more secure and resilient approach to safeguarding digital assets.
Source: https://zengo.com/mpc-wallet/
In Zengo wallet’s 2-of-2 MPC setup, two “Secret Shares” are calculated together in order to sign a transaction the way a traditional private key in a single-factor wallet would. The controlling share (The Personal Share) is secured on the user’s mobile device, leveraging the device’s secure hardware and locking itself to the device. The supporting secret share (Remote Share) is secured on a remote Zengo server to effectively co-sign any transaction initiated by the user. The two shares are linked and encrypted in order to prevent any potential man-in-the-middle attacks. To date, this system has secured over 1 million customers, with 0 wallets phished or taken over since the company launched in 2018.
Key Recovery in an MPC System
Unlike the centralized approach of seed phrase wallets, MPC wallets abstract the private key recovery into multiple, separate components. For instance, Zengo’s secure recovery consists of 3 distinct parts. While no password is involved (which can get lost or stolen), it is considered more secure because of its reliance on separate factors only the wallet owner should be able to fully authenticate:
1. Email Login
One recovery factor is associated with the user’s email account, adding a layer of security that leverages existing email authentication mechanisms.
2. Recovery File stored in the cloud
Zengo’s Recovery File is an encryption/decryption key stored in their user’s cloud. While it’s an important part of the recovery process, it is useless on its own — even to a hacker.
3. 3D FaceLock — A private biometric verification
The final component associated with Zengo’s wallet recovery is a type of “liveness” software called 3D FaceLock. It is a private biometric verification of your facial features that cannot be spoofed (and is protected by a $600,000 bug bounty that has yet to be hacked).
Threshold Scheme for Key Reconstruction
To access funds in an MPC wallet, a predefined number of these components must be brought together (e.g., 2 out of 2), a method known as a threshold scheme. This approach significantly bolsters security by necessitating the compromise of multiple independent components to gain unauthorized access, a feat much harder to achieve than obtaining a single seed phrase.
Enhanced Security with Reduced Risk
By dispersing the key components across different mediums, MPC wallets dilute the risk, ensuring it is not concentrated in a single point of failure. This not only enhances security but also addresses the issue of key mismanagement. Users are relieved from the burden of safeguarding a singular, critical piece of information, making the recovery process more forgiving and less prone to user error.
But What If One Party’s Private Key Share Is Compromised?
If one part of someone’s private key is exposed, MPC (Multi-Party Computation) wallets use a system called threshold cryptography to keep the key safe. This system requires attackers to obtain more parts than a set limit to access the key, making it hard for them to succeed. Even if some parts are lost or compromised, the system can still work if enough parts are intact to meet the minimum required.
MPC wallets also focus on making things easier for users. They blend security with simplicity, allowing access through various methods like online logins, SMS codes, or biometric options like face recognition for recovery, showing how MPC wallets are becoming more user-friendly while staying secure.
Advantages of MPC Wallets for Retail Users & Gamers
MPC (Multi-Party Computation) wallets bring a revolution in security and management, offering significant advantages to retail users and gamers. These wallets enhance security and simplify transactions, providing a user-friendly experience that addresses a major hurdle in blockchain adoption: the complexity of securing seed phrases. By leveraging MPC technology, these wallets reduce the friction and vulnerabilities traditionally associated with blockchain technology, making it more accessible for non-crypto users, including gamers. Furthermore, MPC wallets are key to simplifying Web3 onboarding, potentially attracting the next billion users to the blockchain ecosystem. Here’s how MPC wallets cater to the diverse range of needs:
Attracting Non-Crypto-Savvy Gamers
The simplicity and enhanced security provided by MPC wallets can attract a wider audience, including those previously deterred by the perceived complexities and security concerns of crypto transactions. This opens up GameFi to a broader community, bridging the gap between traditional gaming and blockchain-based games.
Easier Recovery Processes
Unlike traditional crypto wallets that rely on seed phrases for recovery, MPC wallets offer a more intuitive recovery process. This can involve multiple authentication methods, including email, biometrics, or trusted devices, eliminating the need for manual seed phrase management and significantly enhancing user convenience.
Simplified Transactions
MPC technology enables smoother and more secure transactions. This simplification is crucial for gamers in GameFi environments, where the ability to easily buy, sell, or trade in-game assets without navigating complex blockchain transactions enhances the overall gaming experience.
Accessibility
MPC wallets make managing digital assets more accessible, especially for gamers new to the crypto space. By lowering the technical barriers associated with blockchain technology, MPC wallets allow players to engage with Web3 gaming worlds more easily, focusing on gameplay rather than asset management complexities.
In Game Development
The security and flexibility offered by MPC wallets foster innovation in game development. Developers can integrate blockchain technology into their games more securely, leading to new gaming experiences and business models that leverage digital assets and in-game currencies.
In conclusion, MPC (Multi-Party Computation) wallets represent a significant advancement in the security and management of digital assets, addressing the needs of both retail users and gamers. By offering decentralized key management, protection against unauthorized access, easier recovery processes, simplified transactions, and greater accessibility, MPC wallets enhance the user experience while maintaining high-security standards. This technology makes digital asset management more approachable for those new to cryptocurrency and improves the integration of blockchain technology into gaming, encouraging broader adoption and innovation in digital asset use and game development.
