Secure Multi-Party Computation: applications within blockchain technology
Disclaimer: this blog post was put together for informational purposes only based on my review and analysis. This should not be construed as a solicitation, offer, or recommendation to acquire or dispose of any investment, engage in any transaction.
By Mattia Mrvosevic — Partner at Eterna Capital
In today’s world, human beings are creating data at a pace like never before.
In one of our previous posts we mentioned that in a recent whitepaper by global technology conglomerate Cisco [1] it was estimated that, by the end of 2021, people, machines, and things will generate more than 850 Zettabytes (ZB; 1 ZB = 109 Terabytes) in data: 630 ZB greater than the 220 ZB generated in 2016. This data will need to be processed, potentially leveraging technologies such as artificial intelligence and machine learning algorithms. The majority of this data will come from a range of different sources: individuals, companies, governments, etc.
If data needs to be processed, it will need to be shared across different organisations.
When multiple organisations share data, there is always the risk of being hacked, resulting in the loss of information and potential spread over the web, as well as illegal sales. In addition, trust and privacy represent a major consideration when multiple organisations need to share information. Counterparties would like to keep their data private, while at the same time being able to access and process information from another counterparty to gain useful insights.
So how can counterparties share and process data, while at the same time keeping it private?
Multi-party computation-based cryptography can provide an answer.
In this article, we will outline how multi-party computation works, its potential, and several use cases that can be applied to blockchain technology.
What is multi-party computation?
The concept of multi-party computation goes back to the ’80s when Andrew Yao formulated the “Millionaire’s Problem” [2].
The problem presents two wealthy individuals, Alice and Bob, who want to know which one is richer, without revealing their actual wealth to each other.
The Millionaires’ Problem is an important problem in cryptography, the solution of which is used in e-commerce, data mining, and several other industries.
This problem can be easily solved with a trusted third party, for example a bank, that provides the answer to both, by not revealing the unwanted information. But what if participants don’t want to use a third party as they may not trust any third party?
Andrew Yao came up with a solution to the problem in 1982 by formally introducing a “secure two-party computation”. It was only later on in 1987 that Oded Goldreich, Silvio Micali and Avi Wigderson generalised the two-party case to the multi-party [3].
In multi-party computation (MPC), data used as input for computation (in the previous case, Alice and Bob’s salaries) is split into pieces and “masked” by adding random numbers using a cryptographic function. Pieces are then sent to multiple servers that never receive the organisation’s original data, but only the encoded amounts are compared. These servers are able to perform computations on the encoded amount such that, even without knowing the underlying data, the required results can be achieved with certainty. For example, MPC allows Alice and Bob to share their encoded net worth information such that both Alice and Bob will learn who is wealthier, without revealing the actual data.
To understand this concept better, let’s show a practical example.
Assume that Karen is employed at Company X and doesn’t know whether she’s paid enough for her position. She would like to know the industry average salary for her role, but she doesn’t want to share her salary information publicly. Let’s now assume that Melanie and Richard work in a similar position to Karen but at different companies, and they would also like to know the industry average salary for their roles without sharing their salary information publicly.
Let’s assume that their salaries are as follows:
This gives an average salary of $70,000.
The first step of MPC is to split available information into parts and add numbers to mask the data. This is done via a cryptographic function. For example, everyone’s salary could be rewritten as the sum of three pieces:
There are potentially infinite possibilities to create three numbers that sum to their salary. Before splitting pieces, participants can also agree on a specific string length to express their salary pieces such as by splitting the salaries into the sum of numbers up to billions of billions.
Each participant shares just two of the three salary pieces with the other two participants: Karen shares a piece with Melanie and a piece with Richard, and Melanie and Richard will respectively do the same. Numbers in the list below are coloured to show what piece every person is sharing, compared to the list above that contained the original three pieces:
If each participant sums the pieces received together, he/she receives numbers that, on their own, mean apparently nothing:
However, if Karen, Melanie and Richard share the sum of these numbers among each other, each of them can easily add up the numbers ($210,000) and, by dividing it by 3, they obtain the average salary of $70,000.
They got to the required result without the need to share personal details.
This is a simplified example of an application of MPC, but it serves to show how MPC allows organisations to work together without knowing one another’s confidential information.
MPC provides correctness, enhanced privacy, independence of inputs, fairness, and guaranteed output delivery [4] [5].
Multi-party computation and blockchain
Blockchain makes extensive use of public-key cryptography, or the use of pairs of public and private keys in a cryptographic system.
In public-key cryptography, public keys can be disseminated publicly, while private keys are known only to the owner of the key. By using a private key, its owner can sign a transaction by creating a digital signature. Every person who owns the public key can verify that the message was created by the private key owner. In blockchain, this is used to sign transactions to transfer assets, provide proof of identity and asset holdings.
Private key management is an extremely important task within public-key cryptography and blockchain. Accessing and managing private keys, if not done properly, can result in the loss/theft of digital assets or information and in the manipulation of data. Moreover, one of the characteristics of the majority of blockchains is immutability – this means operations are irreversible and assets cannot be redeemed if lost.
One of the most common ways to safely store private keys is through the use of Hardware Secure Modules (HSMs or hardware wallets or cold wallets), such as the likes of Ledger or Trezor. These devices are considered a safe method to store private keys. To access the assets, there is normally the need to input a pin on the HSM device, and the HSM itself accesses the private keys to sign transactions. Even if the HSM is lost or stolen, it can’t be accessed by anyone who doesn’t know the HSM pin or the recovery password. Normally in fact, HSMs have a recovery password (usually a series of words) which should be safely stored by the HSM owner and used in case of emergency. The recovery password allows the HSM owner to retrieve the assets if the hardware is lost or if he/she forgets the HSM pin.
HSMs provide great protection of private keys. However, they have some limitations [6]:
- Any physical upgrade to HSMs is expensive and long to implement and release to the market. This is mostly due to their hardware nature
- If major vulnerabilities are discovered, the consequences can be detrimental
- Software updates and new wallets installation need to be done manually, which can be complicated and can increase exposure to attacks
- Access and transfer of assets is slow
- Storing the recovery password to access the assets if the HSM is lost or stolen represents another security risk
- The pin to access the HSM can be manually stolen / subject to attacks
- Multi-signatures wallets are wallets with multiple private keys requiring a quorum of multiple parties to sign transactions. They provide better security as attackers need to break into multiple places simultaneously. However, this often requires custom coding for specific HSMs which results in additional risks. In addition, it’s operationally complex to manage the transition from a person owning one of the signatories to another person
More recently, new companies have decided to use secure multi-party computation to provide safe custody and management of assets, thus surpassing the limitations imposed by HSMs.
Forbes reported that the services of Fidelity backed, blockchain start-up Fireblocks has been used to secure $30 billion in digital asset transfers, cumulatively since their launch just a couple of months ago [7]. Fireblocks, an enterprise-grade, end-to-end security platform for transferring, storing and issuing digital assets, is attracting interest from different potential customers and is one of many new companies that are creating solutions that use multi-party computation-based cryptography, alongside Unbound Tech, Curv, Sepior, Algorand and Qredo.
MPC within blockchain is extremely useful when managing private keys.
More specifically, by using a Threshold Signature Scheme (TSS), a subfield of MPC to compute digital signatures in a distributed way, private keys can be split into pieces and distributed in different n number of servers that never reveal their individual piece with anyone [8]. The advantage is that the private key is never a single point of failure because the private key doesn’t need to be rebuilt, it can be used in a distributed way.
When a transaction signature is required, the n servers will coordinate running a distributed signature generation between the multiple parties. This represents an MPC protocol to sign the transaction.
This process doesn’t require HSMs, it’s purely software, and the private keys are never stored together, so even if a potential attacker successfully hacks one of the parties, they don’t have access to the entire information.
Companies such as VMware are enabling interoperability with TSS for smart contract signing, digital asset transfer signing, and key management services [9].
Different examples of multi-party computation applications within blockchain
Using MPC for digitally signing transactions within blockchain is just one of multiple use cases of this technology. Many of the aforementioned companies are experimenting with new ways to combine MPC and blockchain.
Another interesting way to leverage MPC is by creating a cryptographically secure quorum. In normal HSMs, a person can implement a quorum mechanism with multi-signature requirements to sign transactions. However, every governance guided decision process in a company can potentially be implemented in a distributed way: by leveraging MPC it is possible to verify that a specific choice has been approved by each member of the governance process. MPC can be used with only one single private key, and one single signature for the transaction. In addition, it is possible to customise the number of participants involved and quorum rules.
Large digital assets custodians such as Fidelity, Coinbase, Bakkt, can also use MPC to provide evidence for the existence of private funds without revealing details and amounts [5]. For example regulators, a group of customers, and compliance managers of a custodian could provide evidence of the existence of private funds by all signing a specific transaction.
In addition, large digital asset exchanges can use MPC to safely hold their users’ assets and provide immediate withdrawals, improved user experience and lower trading expenses.
Popular cloud service providers such as Amazon Web Services or Google Cloud could also leverage MPC to provide “Security as a Service” models, potentially offering plug-and-play MPCs to the market.
Banks could share KYC and AML data, without revealing private customer information, to identify suspicious transactions and have complete end-to-end visibility.
Medical data for diagnosis could also be computed without leaking data to third-party model providers by using MPC.
Conclusion
In this post, the concept of Multi-Party Computation has been described alongside its applications within blockchain technology.
Advisory firm Gartner recognised MPC’s notable traction [10] and included several firms offering MPC services to their latest “Cool Vendors in Blockchain Security and Privacy” report, published in September 2019 [11].
In the future, a successful implementation of MPC could allow organisations to share data with each other by keeping it private at the same time. In addition, MPC would allow the use of software, instead of hardware, to safely protect assets. As explained above, this would result in better security, efficiency, and overall user experience.
The real obstacle to overcome is streamlining this complex technology into something the vast majority of developers and companies can understand and implement. Many companies such as the aforementioned ones are already creating tailored solutions for different organisations, but in the future we could have plug and play solutions that could make the implementation of this technology easier to access and widespread.
As data is growing exponentially worldwide, MPC could indeed provide the solution we need to analyse information without compromising on privacy.
References
[1] Cisco, “Cisco Global Cloud Index: Forecast and Methodology, 2016–2021 White Paper,” 2018. [Online].
[2] P. M. J. Fischer, “The Millionaire’s Problem,” YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE, 09 April 2009. [Online]. Available: https://zoo.cs.yale.edu/classes/cs461/2009/lectures/ln21.pdf. [Accessed 2020].
[3] S. M. A. W. Oded Goldreich, “HOW TO PLAY ANY MENTAL GAME or A Completeness Theorem for Protocols with Honest Majority,” Proceedings of the Nineteenth Annual ACM Conference on Theory of Computing — STOC, 1987.
[4] B. University, “What is Secure Multiparty Computation (MPC)?,” 19 February 2019. [Online]. Available: https://www.youtube.com/watch?v=l25jcolQW6Q. [Accessed 2020].
[5] B. Dimitrov, “How JPMorgan And Fidelity Could Leverage Blockchain To Modernize Financial Services,” Forbes, 16 January 2020. [Online]. Available: https://www.forbes.com/sites/biserdimitrov/2020/01/16/how-jp-morgan-and-fidelity-could-leverage-blockchain-to-modernize-financial-services/#45d686c657f2. [Accessed 2020].
[6] G. Peer, “Securing the Blockchain with Multi-Party Computation,” Unbound Tech, 12 March 2019. [Online]. Available: https://www.unboundtech.com/securing-blockchain-multi-party-computation/. [Accessed 2020].
[7] R. Anzalone, “Blockchain Startup Fireblocks Surpasses $30 Billion In Transfers,” Forbes, 30 April 2020. [Online]. Available: https://www.forbes.com/sites/robertanzalone/2020/04/30/fireblocks-surpasses-30-billion-in-digital-asset-transfers-expands-to-meet-asian-demand/#3929654a439a. [Accessed 2020].
[8] M. Alliance, “Threshold Signing in Blockchains,” MPC Alliance, [Online]. Available: https://wiki.mpcalliance.org/key%20management%20for%20blockchain.html. [Accessed 2020].
[9] M. Wood, “VMware blockchain now operates with Sepior private key protection,” August 2019. [Online]. Available: https://www.ledgerinsights.com/vmware-blockchain-sepior-private-key-protection/. [Accessed 2020].
[10] A. Litan, “Can MPC Rescue us from Blockchain Private Keys?,” Gartner, 26 September 2019. [Online]. Available: https://blogs.gartner.com/avivah-litan/2019/09/26/can-mpc-rescue-us-blockchain-private-keys/. [Accessed 2020].
[11] A. L. A. L. Nadine LeBlanc, “Cool Vendors in Blockchain Security and Privacy,” Gartner, 24 September 2019. [Online]. Available: https://www.gartner.com/en/documents/3969633/cool-vendors-in-blockchain-security-and-privacy. [Accessed 2020].