MPC Promises to Unleash Blockchain Innovation Through Decentralized Trust
July 25, 2019
Securing transactions from smart contracts on a permissioned blockchain, to Bitcoin on a public blockchain, to applications not yet imagined is heavily dependent on trust. We have to trust that transaction signatures cannot be forged, and that parties with access to permissioned blockchains have visibility to data they should see and not more.
In the world of online services trust correlates directly with our trust in the security and integrity of cryptographic services used to generate non-forgeable digital signatures to authorize transactions, and to decrypt fields of confidential data. Private keys are used to provide these services. If the keys are stolen or otherwise accessed by malicious parties the data can be decrypted and digital signatures can be forged. Consequently, securing keys has become the most critical function of today’s cryptographic solutions.
In situations where security is critical, conventional mantra has been to use highly specialized appliances known as hardware security modules (HSMs) to secure private keys and facilitate cryptographic services. HSMs have proven to be very secure when properly designed, implemented, and maintained. Unfortunately, HSMs require trust in a single, centralized party to maintain the HSM and thereby the security of the private keys.
Centralized trust has a number of undesirable attributes. It requires all parties to place their trust with a single party. If that single party has any failure of processes, equipment or an internal bad actor trust can be lost. It also requires highly redundant appliances configurations, and highly constrained administrative and network access controls to maintain security.
Collectively, the centralized model of trust is inconsistent with today’s distributed applications and services in general and blockchain-based services in particular. Hence the need for decentralized trust.
MPC-based Key Management Services Decentralize Trust
Multiparty Computation is a mathematical technique that allows multiple parties to participate in a computation which includes their private data, without ever sharing the data between the parties or with any centralized trusted third party. It does so in a manner that never allows anyone to deduce the secret data of each party.
Threshold Cryptography is an advanced form of cryptography that uses MPC to maintain the privacy and integrity of cryptographic keys without having to trust in any centralized single party. It does so by decentralizing trust in the form of distributed key shares which collectively represent an entire private key but individually provide no useful information about the key.
MPC generates each share of a key on the computational device used by each party. MPC then computes across those shares to execute a cryptographic service such as a digital signature or decrypting an encrypted object, without requiring transport back to a centralized location for processing.
To illustrate this concept lets over simplify things and assume the private key is the number 3. MPC can represent that private key value in the form of discrete shares which when collectively added up equals 3.
Party 1’s Share: 401
Party 2’s Share: 99
Party 3’s Share: -497
Collective Value: 3
When we add all of those shares together, the value is 3, just like the private key. The difference is, if a hacker breaks into Party 1’s device they will find a value of 401. They cannot deduce the value of the secret code from that data alone. If they hack into two systems they have discrete values of 401 and 99, and a combined value of 500. This is interesting, but the hacker still has no idea of the value of the private key. If they break into all three party’s devices they will have three values (401, 99, -497). However, they don’t know if the MPC algorithm requires all three values to be added together, or if any other random combination of potential computations is required to determine the value.
Collectively, these attributes of MPC make the odds of a hacker breaking into all three party’s systems, and correctly guessing the MPC algorithm low. In fact, when the values are sufficiently large and sufficiently random, and the devices are deployed in different networks, under different administrative domains the probability of a hack is comparable or less than with HSMs. It also eliminates the requirement to put all of your trust into a single party as each of the multiple parties may be with different organizational entities.
This shifts the key protection concept from relying on a single or centralized trusted third party to keep your key secure and it eliminates the need to depend on physical device security to maintain the key security.
Much More Than Just Decentralized Trust
While decentralized trust is an extremely important benefit of MPC, threshold cryptography has many other features and attributes which make it a compelling alternative to conventional centralized trust models. For starters, it can provide sustained secure cryptographic operations even if some of the parties are corrupted or unavailable. This makes it remarkably resilient even under conditions where HSMs and nearly all other forms of security stop working.
MPC is also very different from sharding which is a technique used to break a key into fragments which can be stored in multiple locations. Sharding has some of the elements of decentralized trust, but requires the original key materials to be generated centrally and the fragments to be brought back together in a single centralized entity such as an HSM to form a whole key and execute cryptographic operations. In contrast, properly designed MPC systems generate all key materials in a distributed manner and never need to combine the shares.
Further insight into MPC’s compelling features and attributes are covered in the white paper “An Introduction to MPC” which is available from download from this site.
NIST Threshold Cryptography Initiative
The National Institute of Standards and Technology (NIST) recently launched initiatives to develop formal standards which will enable verification that a particular implementation of a threshold cryptographic system complies with recommended guidelines.
MPC enables decentralized trust, which aligns favorably with distributed applications and services using blockchain, clouds and other distributed frameworks. It also introduces the flexibility to allow actual users of services to participate as one of the parties in the decentralized trust model giving them control and reducing dependency on third parties.
MPC can also be implemented with elastic scale, allowing cryptographic services to dynamically scale as primary services scale, making it ideal for Blockchain and myriad of other distributed services and applications.
By Frank Wiener, Vice President, Sepior sPs of Denmark