Stop Relying On Sole Private Keys: The SMPC Approach to Crypto-Wallets [Deep Dive]
Researcher of decentralized systems. Head of Research, Cellframe
There are no doubts that crypto is a unique ecosystem from different points of view. A lot of enthusiasts could talk here about decentralization, transparency, alternative for fiat money and other things, that are well-known by anyone, who is in crypto.
The big problem of cryptocurrency stems from its nature
As for me, crypto is an example of a technology that already affects the world economic landscape but completely relies on a single thing - a private key. Just think about it - dozens of millions store a lot of money, using the only way to access them, and it is completely unrecoverable.
A certain risk for the end-user, arising from the necessity to keep private keys safe from anyone and not lose it at the same time lead to a huge market of crypto-storage services, starting from retail-oriented Coinbase and finishing with institutional-grade custodians like Vault.
They state to an average user - you cannot store your private key safely, so use a service, which will be responsible for the storage of your assets. However, such an approach is contrary to the basic principles of cryptocurrencies, which initially were designed to eliminate intermediaries and third-party services from the process of storing and using them.
It looks like an endless circle of hell, isn’t it? So, despite all known advantages, the private key is a barrier for adoption, a single point of failure and even leads to centralization.
Well-known solutions aren’t working?
The problem of a “private key” exists from the first day of Bitcoin operation. Community and developers worked a lot to solve it during the last years, but it is evident that they’re far from complete.
The common solutions for this problem include 3rd party custodians, multisig wallets, smart-contract wallets and even storage of private keys by parts. But, note please the following:
- The third-party custodian looks like a good solution from the view of the user experience. But it is completely inappropriate from the side of counterparty risk, let alone that it contradicts the basic principles of cryptocurrency concept;
In the case of a third-party custodian, you have to completely trust him
- A multisig wallet is also a good option, but you have to rely on other people with your money;
But, practical usage of this approach is not simple, which is proved by the fact that classic multisig wallets are rarely used by ordinary users. Also, there can arise a situation, when safety of access to your funds can depend on other persons.
Besides, only few blockchains support multisig.
- Smart-contract wallets as an approach to store crypto safely looked great from the first view. However, if the multi-sig wallet contract is vulnerable to attacks, all entities who use it can lose their assets. For example, Parity’s multi-sig wallet was hacked two times(1,2) in a row with a difference of six months. A lot of people and organizations lose their money, including Parity itself;
In the case of smart-contract wallets, you have to pray that the source code is not full of bugs and your portfolio of assets is limited by the Ethereum-based assets
- If you choose the storage of private keys by parts you would rely on multiple physical (or digital) centralized storage. The well-known example of the practical application of this approach occurs in 2017 when the Winklevoss brothers divided the private keys for their Bitcoin addresses into parts and recorded them on papers stored in safe deposit boxes around the country;
In the case of storing private keys by parts you need to trust each box and if you will lose even one of them your money is gone forever.
Also, it is difficult, inconvenient and few people can use it
So, all presented solutions have common flaws - they have a clear specific point of failure or are complex in everyday usage. Looks like we need something completely different and based on another principle.
The main goal of this article is to explain the novel way to solve the private key problem, known as SMPC (secure multi-party computation wallets) and make an overview of its implementation in practice.
Can SMPC - multi-party computation based wallets become a holy grail for solving the private key problem?
The SMPC abbreviation stands for Secure Multi-Party Computation wallet.
The general concept is the following: basically the private key is not even generated. It is an approach for creation a truly keyless wallet. Instead of this, private key is replaced by N secrets. Secrets are generated and processed independently and never stored on a single device. The secret nature in theory can be different - from a human's biometry check to an ordinary app on your Apple Watch.
How does it work? General concept is follows: to sign a transaction, the user needs to assemble M secrets from N (the M and N numbers are defined initially when the wallet is created). If these conditions are met, a transaction will be successfully signed and sent to the network.
The principal scheme of SMPC approach, taken from a public Spatium talk at Noncon
But, how does the “private key is not even generated” idea works?
Seems that is better to clarify it here by quoting the medium article
(this part is a little bit boring, but it is how the idea works). Imagine there are two secrets:
13 and Secret 2:
A private key created from these two secrets is 11*13=143.
Let’s say we need to sign the number 2 (where “2” stands in for the transaction). We need to get 143*2=286
for a successful signing. The first party generates a random number 3
, performs the following calculation: 13*2*3=78
, and sends the result to the second party.
This party generates a random number 5
, calculates 78*11*5=4290
, and sends it back to the first secret. Then, the first party performs the calculation 4290/3=1430
and passes the result to the second party that performs the calculation 1430/5=286
and sends it back to the first party. As a result, we get a transaction (the “2”) signed with the private key (“143”) without passing the actual secrets anywhere.
It is important to note that SMPC is a different approach from Shamir Secret Sharing (SSS)
and on-chain multi-signature. The signing doesn’t involve the association of secrets (SSS) and is conducted off-chain, not relying on any on-chain mechanisms.
The closest “analogy” to SMPC wallets is multi-sig wallet. So, it is important to compare classical multisig wallets and SMPC ones and clarify significant difference between them.
Traditional multisig exposes signature schemes publicly, cost more (each signature is a fee) and is not universal (few blockchains support multi sig). Talking about SMPC, this approach is universal (can be used for any blockchain), private and cost only one fee, no matter how many singers are involved.
So, what about practical implementations? And how they exactly work?
There are not many companies in the market that have already launched a publicly-available product based on SMPC approach. Moreover, the majority of companies that were found during this research are focused on the B2B segment, and it is not surprising. Big exchanges, custodians and banks in crypto-friendly jurisdictions need a safe and reliable approach to store huge amounts of cryptocurrency. And they are willing to pay for it.
Talking about B2C solutions for ordinary users only two wallets were found: ZenGo
. Both of them use biometric information as a key part for verifying access to the funds. I decided to dig into each of them and prepared a comparison table:
* both have M from N in roadmap
**ZenGo uses third-party provider for biometric authorization, Spatium use in-house service
***Transaction policy: address whitelist, limits on size of transactions
Both companies use biometric authentication. It means that only the owner’s face can unlock the funds. If the face is correct (it worth noting, that system carefully checks that face is live, and it is not a photo, video, or any other type of fake), the app contacts another secret and combine their results in a valid signature.
Considering ZenGo, users trust a professional market participant (centralized security provider) with one of the secrets - biometric data. ZenGo wallet is focused on providing storage popular (such as BTC, ETH, etc) and regulated cryptocurrencies such as Libra
for their customers. The company claims that the wallet is easily recoverable in any case (even if the company itself shuts down). It is convenient for unprepared users and looks like a winning bid to easy adoption of this product.
Spatium vision of the product is based on the idea that users must have the possibility to choose where store the second secret - at Spatium servers or any other device. So, theoretically, the user doesn’t need to trust anyone. Also, Spatium is primarily focused on storing traditional “pseudo-anonymous” crypto assets and therefore can be ranked as a slightly “geeky wallet”. Obviously, if it will be implemented, it seems that the average user cannot handle the operation of several secrets on his own devices. But, maybe more prepared geeks will get completely self-sovereignty they are searching for.
We asked the project’s executives following questions to collect expert opinions on such non-trivial topic as future crypto storage solutions, including their own ones:
- When you developed your product, what was your vision?
- What do you think, how the first billion crypto-users will store their assets (for example, if we will have such a user base in crypto in 5 years)?
- Your vision of crypto wallets ecosystem
So, let’s explore the answers.
Building ZenGo, a new generation of crypto wallet for storing, buying, earning and investing any kind of crypto assets and financial products we obsess about simplicity and delightful user experience. Behind the scenes we are building an important cryptographic stack based on MPC (multi party computation) backed by heavy security research and academic work to power this “simple” service.
ZenGo’s mission is important: we want to enable anyone to have financial (super)-power and independence. We cannot underestimate how intimidating current solutions on the market are. Most of the world cannot deal with this level of complexity. People will not download 30 wallets for each blockchain, they will want to own very few that can deal with most of what they need. Ideally a remote control for all their needs. We build that remote control with ZenGo.", said Ouriel Ohayon, ZenGo CEO.
The interface of ZenGo wallet is simple and don't create any additional complexity to user to use it in everyday life, despite biometric tech on a backend:
Talking about possible wallet technology for phase of crypto mass adoption, Ouriel point out, that it is important to develop good product, focused on convenience and simplicity right now:
We do not obsess about mass adoption per se: revolutions take decades. We care about making a good product that we believe will fit many users who care for convenience and simplicity. Maybe that will be tens of millions, hundreds of millions, or billions.
It is likely however there will be very different solutions for different taste. There will be solutions for professionals, for experts, for teams, for institutions and enterprises and individuals who are very tech savvy and for also certain specific use cases. Right now the main use case is mostly about investing.
The ecosystem of crypto wallets can be described using two approaches for classification. First one divides all solutions to centralized storage, hybrid multisig wallets and self-custody wallets, while second one is quite simple and sharp: key and keyless wallets. Talking about keyless wallets, the ZenGo is the main example of product, already delivered to the market:
The first approach to classify ecosystem of crypto wallets
Spatium CTO Valery Vashkinel
also shared his views on previously mentioned questions:
We develop Spatium to help crypto space to keep its fundamental principle alive: all works well if no one needs to be trusted. I strongly doubt that Satoshi saw Bitcoin as a digital currency, which the majority of people store somewhere like a bank or centralized custody.
The safe storage of private keys is a serious challenge for the end-user. We need to solve it without adding significant centralization. We provide a security provider service (when we store one of the secrets on our side), but in the future it wouldn't be an obligation for the customer to use it. Moreover, we prefer not to store secretes on our servers and focus on providing a well-designed tech tool for the ecosystem.", said Valery.
Talking about future of crypto storage solutions, Valery’s vision is focused on biometric authentication:
I strongly believe that the future lies in the biometric identification of users. Biometric tech quickly steps in everyday life. In my opinion, a significant share of the first billion users will use biometric-based wallets. Of course, there will be custody solutions of other types designed for different purposes (for example fund management) as well.
Talking about the ecosystem of crypto wallets, Valery thinks that “SMPC wallets represent the right balance between self-sovereignty, the convenience of user experience, and associated risks. In my opinion, the SMPC approach can become a kind of golden ratio in the industry of crypto wallets”. The Spatium's view on SMPC product design is presented below:
For comparison with the first one (three-column classification) here is the second possible approach to classify crypto wallets ecosystem:
So, trying to identify place of SMPC wallets two classification approaches were presented. There is no confusion - everyone looks at the world with his own eyes. The first one is clear and simple to understand. The second one looks like a complex 2-d chart, where positions of objects in some cases can be questionable (for example, for people with different views on the questions of independence and user experience). Nevertheless, both visions enrich the media environment and can act a “food for thought” for readers, which explore different ways to store cryptocurrencies.
One thing's for sure - SMPC wallets look like the best compromise nowadays between security, user experience and centralization talking about crypto storage solutions.
Of course, the topic of SMPC wallets and features of the technology behind is much broader than this article. This article is an attempt to push this information into the community, talk about it in easy language, and discuss a few examples of SMPC-based solutions that can be used right now.
The author is grateful for Ouriel Ohayon and Valery Vashkinel for significant contributions to this article. Thank you for time, useful advice, and answering questions.
As there are only two solutions on the market, I made an attempt to present each of them in media space equally without any preferences.
I do not have any vested interest in any of the mentioned projects and coins. This article is not investment advice. The views and descriptions are those of the author.
Subscribe to get your daily round-up of top tech stories!