MPC Wallet (Multi-Party Computation)

MPC fundamentally removes the single point of failure inherent in seed phrases and hardware wallets. Since the full private key never exists in one location, an attacker must compromise multiple, geographically distributed parties to steal funds. This contrasts with traditional custody where a single compromised device or leaked mnemonic leads to total loss. The attack surface is distributed across the signing parties and their secure enclaves.

Increased security introduces operational overhead. Key considerations include:

• Signing Orchestration: Requires a reliable communication network between parties to perform distributed signing, adding latency.
• Key Refresh Protocols: To maintain security against progressive attacks, shares must be periodically re-shared and updated via complex MPC protocols.
• Party Management: Adding/removing parties or changing the threshold (t) requires a fresh MPC ceremony, which is more complex than generating a new seed phrase.

MPC security relies on clearly defined trust assumptions. Most schemes operate under a honest majority or threshold honesty model, assuming no more than t-1 parties are malicious. The adversarial model (e.g., passive vs. active, static vs. adaptive) dictates protocol design. For example, some protocols can withstand active adversaries who deviate from the protocol, while others only protect against passive eavesdroppers.

While both enable multi-party control, MPC and on-chain Multisig differ fundamentally:

• On-Chain Footprint: Multisig transactions are visible and more expensive on-chain (multiple signatures). MPC produces a single, standard signature, preserving privacy and reducing gas costs.
• Custodial Layer: Multisig logic is enforced by the blockchain smart contract. MPC logic is enforced cryptographically off-chain, requiring trust in the protocol implementation.
• Flexibility: Changing signers in a multisig is an on-chain transaction. In MPC, it's an off-chain re-sharing operation.

MPC wallets split a private key into multiple secret shares distributed among participants (e.g., user devices, cloud servers, or trusted parties). To sign a transaction, a threshold number of shares (e.g., 2-of-3) collaborate using a secure protocol to generate a signature without ever reconstructing the full private key. This eliminates the single point of failure inherent in traditional seed phrases.

The ecosystem relies on standardized cryptographic protocols to ensure security and interoperability.

• GG18/GG20: Foundational threshold ECDSA protocols for Bitcoin/EVM chains.
• MPC-TSS (Threshold Signature Scheme): The core architecture, enabling distributed key generation and signing.
• ECDSA & EdDSA: The underlying elliptic curve algorithms used for signature schemes across different blockchains.

MPC is the dominant solution for institutional custody and decentralized finance (DeFi) operations because it enables policy-based governance. It allows for:

• Multi-signature-like policies (M-of-N approval) with superior privacy and on-chain efficiency.
• Role-based access control for treasury management.
• Secure delegation to trading desks or smart contracts without exposing keys.

For end-users, MPC powers non-custodial wallet services that enhance security and recoverability. Examples include:

• Social Recovery: Using trusted contacts as share holders.
• Cross-Device Security: Shares stored on mobile and hardware devices.
• Cloud-Backed Wallets: Services that manage one share in secure, encrypted cloud storage to simplify recovery while maintaining user control.

MPC is often compared to other custody models:

• vs. Multisig Wallets: MPC signatures are a single on-chain transaction, cheaper and more private than multi-signature smart contracts, but the trust model is cryptographic vs. on-chain verification.
• vs. Seed Phrases: MPC eliminates the single point of failure of a mnemonic phrase, trading it for the operational complexity of managing multiple shares.

A cryptographic protocol that enables a group of parties to collaboratively generate and use a digital signature without any single party ever knowing the full private key. It is the most common cryptographic foundation for MPC wallets.

• Key Generation: Private key shards are created in a distributed manner.
• Signing: A predefined threshold (e.g., 2-of-3) of parties can produce a valid signature.
• Advantage: Eliminates the single point of failure of a traditional private key.

An older, simpler cryptographic method for splitting a secret (like a private key) into multiple shares. Unlike TSS, it typically requires reconstructing the full key on a single device to sign.

• Process: A secret is divided into n shares, where any k of them can reconstruct it.
• MPC Context: Often used for key backup (social recovery) rather than active signing, as it exposes the reconstituted key.
• Contrast with TSS: SSS is a secret-sharing scheme, while TSS is a signature scheme that never reconstitutes the key.

A dedicated physical computing device that safeguards cryptographic keys and performs crypto operations. It represents a different security paradigm from MPC.

• Comparison: An HSM is a hardware-based, centralized secure enclave. MPC is a software-based, decentralized protocol.
• Use Case: HSMs are foundational for institutional custody, while MPC is used for both institutional and programmable (smart contract) wallets.
• Hybrid Models: Some systems combine MPC protocols with HSM-secured nodes for enhanced security.

A wallet design that uses a user's trusted social circle (or other devices) to recover access if a signer is lost. MPC is often the enabling technology.

• Mechanism: The wallet's private key is split via MPC or SSS among guardians (e.g., friends, other devices).
• Recovery: To regain access, a threshold of guardians must approve a recovery request, generating a new key.
• Benefit: Shifts security from individual key management to trust in a social graph or device set.

A human-readable backup of a private key, typically 12 or 24 words, defined by BIP-39. This is the standard for non-MPC wallets and represents a key contrast.

• MPD Difference: A pure MPC wallet does not have a seed phrase. The key material is distributed as shards from inception.
• Hybrid Approach: Some wallets use an MPC scheme to protect a seed phrase, splitting the phrase itself among parties.
• Risk: A traditional seed phrase is a single point of failure if compromised or lost.

A wallet that requires multiple independent signatures from distinct private keys to authorize a transaction. It is a smart contract-based alternative to MPC.

• Key Difference: Multisig uses multiple complete keys and on-chain verification. MPC uses partial key shards and produces a single signature off-chain.
• Trade-offs: Multisig is transparent and battle-tested on-chain but can have higher fees and latency. MPC is more private and gas-efficient but relies on complex off-chain cryptography.