Overview
Multi-Party Computation (MPC) has become a standard approach for digital asset key management where teams need secure custody without single points of failure.
How MPC Works
Core Concept
MPC distributes key material across multiple parties:
- Key generation creates shares without any party seeing the full key
- Signing requires threshold cooperation (e.g., 2-of-3, 3-of-5)
- No reconstruction - the full key is never assembled
Threshold Signatures (TSS)
The specific MPC application for digital assets:
- t-of-n schemes where t parties must cooperate to sign
- Share refresh to rotate key material without changing the public key
- Party replacement to change participants over time
Comparison with Alternatives
| Attribute | MPC | Multi-sig | HSM | Hot Wallet |
|---|---|---|---|---|
| Key exposure | Never | Never | Single device | Always |
| Flexibility | High | Protocol-dependent | Low | High |
| Chain support | Universal | Varies | Universal | Universal |
| Cost | Medium | Low | High | Low |
| Latency | Low-Medium | Low | Low | Very Low |
Implementation Architectures
Common Configurations
2-of-3 Institutional Setup:
- Institution holds 1 share
- Custody provider holds 1 share
- Cold backup holds 1 share
3-of-5 Enterprise Setup:
- Operations team holds 2 shares
- Security team holds 2 shares
- Executive backup holds 1 share
Vendor Landscape
Major MPC custody providers:
| Provider | Type | Chains Supported |
|---|---|---|
| Fireblocks | SaaS | 50+ |
| Copper | SaaS | 40+ |
| Curv (PayPal) | SaaS | 30+ |
| ZenGo | Self-custody | Major chains |
| Lit Protocol | Decentralized | EVM chains |
Operational Considerations
Policy Engine Integration
MPC solutions typically include:
- Approval workflows for transaction authorization
- Spending limits by time period or amount
- Address whitelisting for destination control
- Multi-level approvals based on transaction size
Disaster Recovery
Planning requirements:
- Share backup procedures with geographic distribution
- Recovery testing on regular schedules
- Succession planning for key personnel
- Insurance considerations for custody arrangements
Compliance Requirements
Regulatory expectations:
- Segregation of duties between share holders
- Access logging for audit trails
- Change management for policy updates
- Penetration testing of MPC infrastructure
Security Considerations
Attack Vectors
Known considerations:
- Collusion attacks if threshold parties coordinate
- Side-channel attacks during signing ceremonies
- Social engineering targeting share holders
- Implementation bugs in MPC protocols
Mitigation Strategies
Best practices:
- Independent custody of shares across organizations
- Hardware security for share storage
- Regular security audits of implementations
- Incident response procedures
Performance Characteristics
Latency Profiles
Typical signing times:
| Configuration | Signing Time |
|---|---|
| 2-of-2 | 100-300ms |
| 2-of-3 | 200-500ms |
| 3-of-5 | 500-1000ms |
Throughput Considerations
For high-volume operations:
- Batch signing for efficiency
- Pre-computed shares for latency reduction
- Dedicated infrastructure for trading operations
Related Reading
- Architecture Pillar - Infrastructure context
- Firedancer - Related infrastructure