MPC is a regulated, fee-centric model that is almost an exact replica of today’s banking system.
Every once in a while, the crypto community crowns a new king for secure transactions, and the latest king seems to be multiparty computation, or MPC. This year, MPC adoption by custodial and noncustodial players has progressed and gained market traction at a rapid pace.
However, it could come at a price. MPC providers offer regulators a backdoor into cryptocurrency transactions. As the industry becomes more reliant on MPC for security, it could end up compromising on the long-held principles of decentralization and censorship-resistance.
The hidden features of MPC
In order to identify where the risks exist, let’s briefly recap on MPC and how it’s used. At the most basic level, MPC technology involves splitting private keys into segments and distributing them between different parties. Most commonly, the client holds one key segment, and the MPC provider holds another. The aim is to improve security by ensuring that no party has full control over any given transaction, which can only be executed if both parties provide their key segments.
MPC service providers usually present their technology as something that merely helps to secure transactions. It’s sold under the premise of: “We keep half a key, you keep the other half, but you are the boss — only you decide when and where to transfer your funds. You can also pull all your funds from our account whenever you want.”
But in reality, that isn’t exactly the case. MPC service providers act as middlemen whose approval is needed for a transaction to be executed.
In this sense, MPC providers are playing a near-identical role to banks, with blockchain serving the role played by the SWIFT system. You could replace the sender’s bank with an MPC third-party service provider and replace the SWIFT system with the blockchain. The sole difference here lies in how the sender sends the payment. With a bank, the sender instructs the bank to release the funds; with an MPC provider, the sender and provider jointly sign the transaction. Both parties submit a partial key that is then transmitted to the blockchain by the MPC service provider.
One could make the argument that there’s a significant difference between banks and MPC providers not accounted for in this comparison: Banks can freeze funds and even confiscate them. However, the issue is that such backdoors also exist in MPC providers.
There is no argument here that MPC providers are just bad guys who want to rob their clients of their funds. As reputable, professional companies working with institutions, they need to meet a primary demand from their clients — that crypto funds are recoverable if someone loses their key.
Private key security has long been a sticking point for institutions and crypto firms. So the ability to recover funds in the event of a key loss is absolutely critical for any firm that is claiming to offer secure crypto storage. Imagine a bank that didn’t allow you to recover a forgotten password, simply telling you that if you’ve lost your password, your money has gone forever.
Here comes the regulator
In light of the responsibility they hold for customer’s funds as a third party, it’s evident that MPC providers offer a backdoor for regulatory intervention. Ultimately, this means that MPC companies could play the same role as banks.
If a legal authority demands an MPC service provider to stop a transaction, it will be compelled to do so. Furthermore, if MPC providers allow users to recover lost keys, it means that a regulator could also issue a demand to confiscate funds. Again, assuming this is a legally binding request, the provider would be forced to comply if they want to stay in business.
This isn’t mere hyperbole. The regulators are already here. In June 2019, the Financial Action Task Force, or FATF, approved an initiative to regulate virtual assets and virtual asset service managers. While overall compliance is still low, we can rest assured that the FATF will continue to widen the net until all Virtual Asset Service Providers are included.
While the crypto community’s focus has been on how exchanges will manage the FATF regulation, MPC providers also perfectly match the profile of a Virtual Asset Service Provider, which manages and transfers client funds in a similar way to a banking wire transfer. The same regulatory conditions apply to all companies who directly or indirectly hold, manage or control virtual assets.
So it follows that this regulation creates the same expectations from MPCs as those that are currently applied to the banking system. In the end, this could mean large transactions become reportable to the regulator, and clients are subject to the same Know Your Customer and Anti-Money Laundering requirements as they are for a bank account.
Traditional banks to run MPCs?
If more evidence were needed, we only need to look at the big banks who have already recognized that MPC technology offers benefits that fit with their existing compliance frameworks. Citibank and Goldman Sachs have already invested in MPC providers, and we can expect many more to be announced very soon. With the United States Treasury Office of the Comptroller of the Currency having already green-lit crypto custody services for federally chartered banks, MPC offers a regulator-friendly way for banks to start digging into the crypto pile.
The fact that MPC service providers limit the mobility of their customers by creating dependency on their own wallets could also prove to be attractive to banks, creating a kind of forced loyalty far removed from the vision of open finance that is held dear by many in the crypto space.
It’s easy to assume that such a network will manage only “authorized” currencies and coins. “Unchecked” assets, like your personal Bitcoin (BTC), won’t generate the kind of fees they could levy on authorized transactions, and might even be banned over time.
To sum it all up
On a technical level, MPC is impressive and might fit perfectly for players who have no concerns about regulators getting involved in crypto. However, for those who do, it’s worth being aware that it also provides a backdoor to the regulated and centralized cryptosphere in just the same way as regulated and centralized exchanges are already experiencing. This is a good enough reason to think twice before advocating or using it.
As a final point, it’s worth adding that the technology is still very much in its infancy. There is a vision for the creation of a decentralized MPC, but it’s far from a developed solution. The route there is still long and winding, but it would be a step in the right direction for those who advocate the original vision of decentralized, open networks underpinning an internet of value. I urge you to ask your MPC service provider what happens if you lose your wallet or your seed.