When Multisig or Even MPC Alone Is Not Sufficient - Repost

<< This blog is a reposted excerpt of an original blog available at https://www.blockdaemon.com/blog/when-multisig-or-even-mpc-alone-is-not-sufficient >>

Periodic hacks of crypto exchange, token issuers and other institutions show that (multisig) wallets may not protect against advanced threats. Multi-party computation (MPC) wallets face similar issues, as decentralized key protection alone is insufficient. This article reviews a multi-layered defense to maximize digital asset security while maintaining accessibility and operational efficiency.

Decentralized Keys 

Single key, single signature wallets are simple and highly vulnerable to key theft or misuse. Compromising a single system or a malicious user with access can transfer all of an organization’s assets without recourse.

Replacing a single centralized key with MPC or multisig eliminates a single point of failure when implemented correctly. However, as we’ve seen in hacks over recent years, having multiple keys or even key shares is not sufficient to assure security. Care must be taken to assure the key shares, or multiple keys, are stored in secure environments, with different administrative access to avoid a single point of failure.

‍Decentralized Administrative Access

Generating and storing MPC key shares or multisig keys in different locations under varied administrative access greatly improves security. A common admin with access to all key materials introduces a single point of failure. Hacking a single admin’s credentials or malicious actions should never grant access to all key materials.

In practice, it’s important to separate the administration of hosting environments from access to the key materials. This can be useful in smaller organizations with more limited IT team resources.

‍Secure Enclaves 

Storing distributed key materials in secure enclaves like AWS Nitro further prevents administrators from having direct access to the hosting infrastructure, further improving security. This also reduces the risk of access by external malicious parties, adding another security layer.‍

Institutional Wallet supports automated deployment in secure clouds such as AWS and Azure, enabling secure hosting without requiring cloud security expertise.

Cryptographically Enforced Policies

Traditional secure enclaves like Hardware Security Modules (HSMs) offer secure physical storage for digital materials. However, once accessed by an authorized user or hacker, most HSMs cannot enforce policies requiring predefined approvers. Therefore, secure enclaves alone are insufficient.‍

MPC-based wallets can be designed so that key materials and policies co-reside on common machines and are cryptographically enforced. In such configurations key shares can only be used after satisfying all policies. Storing key shares and policies in secure enclaves with cryptographic enforcement eliminates blind signing and improves security.

Biometrically Authenticated Users

While multi-factor authentication is recommended, adding biometric authentication for critical users adds another layer of security.

‍Biometric authentications like face ID or fingerprints have advanced with mobile devices and can integrate into systems to verify credentials and user authenticity.‍

Summary

Institutions should evaluate highly secure wallet systems with multiple layers of advanced security to protect their digital assets.