MPC:– The Trojan horse of crypto regulation
Every once in a while, the crypto community crowns a new king for secure transactions, and the latest king seems to be MPC – short for multi-party computation.
MPC adoption by custodial and noncustodial players has progressed and gained market traction at a rapid pace.
Nevertheless, this may come at a price. MPC providers offer regulators a backdoor into cryptocurrency transactions. As the industry becomes more and more reliant on MPC for security, it could end up compromising the long-held principles of decentralization and censorship resistance.
What is MPC anyway?
The benefits of MPC
At the most basic level, MPC technology solves the problem of private keys by splitting partial keys between a few parties (usually two parties – the client and the MPC provider). This is supposed to create a situation where none of the parties have full control over the transaction, and only if both parties agree to a transaction can it actually be executed.
Here is a simplified visualization of MPC versus keeping it in a classic wallet:
From this point of view, MPC can be seen as a good solution for key loss, theft, mistaken address, and other problems related to cryptocurrency management.
Furthermore, you can see MPC as an enabling technology behind a wide range of financial tools and services. Among others, it offers:
- the ability to create top and bottom limits to transactions,
- wallet/account backup,
- the ability to change the key manager, and
- the ability to block transactions.
However, if you think about it, third-party MPC service providers actually start to function as crypto banks – definitely not the decentralized evolution we all hoped for, but fully centralized “banks” that are totally exposed to the looming regulation.
The hidden identity
MPC service providers usually present their technology as something that merely helps to secure transactions: “We keep half a key, you keep the other half, but you are the boss — only you decide when and where to transfer your funds. You can also pull all your funds from our account whenever you want.”
In reality, however, this is not exactly so: MPC service providers act as middlemen whose approval is needed in order for a transaction to be executed.
It is easy to see the similarity to a classic bank if you understand that blockchain actually provides MPC with the same capabilities as a SWIFT system, a network that enables financial institutions worldwide to send and receive information about financial transactions in a secure, standardized environment.
[The following is a conceptual demonstration of a transaction and not a technological explanation:
And this is what it looks like in terms of regulation:
Now, let’s replace the above sample bank with third-party MPC service providers and replace the SWIFT system with the blockchain system, and we will obtain the following diagram since each transaction also depends on the third-party MPC service providers (joint signature)
Both parties submit a partial key that is then transmitted to the blockchain by the MPC service provider.
Indeed, we have adopted a more sophisticated banking method, in which the blockchain functions as a replacement for the SWIFT system while the MPC service provider serves as a replacement for the banking system.
At this point, you can say that there is another important difference: banks can actually freeze funds and even confiscate them. Well, allow me to speculate that all MPC service providers keep such a backdoor.
No, it is not because they are bad guys who want to rob their clients of their funds (though any backdoor actually permits such a possibility). It is because they are professionals who want to provide their clients with a basic ability, that is, to recover their funds if a key is lost. Can you imagine a bank that does not give you the ability to recover a forgotten password, one that would simply tell you, “Sorry, if you cannot find your password, your funds are gone forever”?
Here comes the regulator
MPC technology basically enables the regulator to interfere and demand that an MPC service provider stop any transaction. Moreover, if the alleged backdoor actually exists (and I am sure it does — just ask your MPC service provider what happens if you lose your wallet or your seed), the regulator can also demand to confiscate funds from managed accounts.
If you feel that this scenario is still too hypothetical, think twice because the regulator is already here. In June 2019, the Financial Action Task Force (FATF) approved an initiative to regulate virtual assets and virtual asset service managers.
MPCs perfectly match the FATF profile of companies managing and transferring funds in a way similar to a bank wire transfer. The same demand applies to all companies that directly or indirectly hold, manage, or control virtual assets.
In reality, this regulation creates the same expectations of MPCs as those that are currently applied to the banking system: reporting all upcoming transactions that fit the regulator’s criteria in advance and demanding KYC (know your customer) and AML (anti-money laundering) documentation for them.
Classic banks to run MPCs?
Unsurprisingly, some banks have already understood this “benefit” of MPC technology and started investing in MPC service providers. Citibank and Goldman Sachs are already there, and I expect many more to be announced very soon. And what better way is there for them to dig into the crypto pile?
Banks will particularly like the fact that MPC service providers limit the mobility of their customers by creating dependency on their own wallets (mandatory when using MPC), also known as forced loyalty
The extremely nightmarish scenario, however, is the creation of a closed, internal, and regulated network of MPC providers. It is easy to assume that such a network will only manage “authorized” currencies and coins. “Unchecked” assets, just like your personal bitcoins, will become less valuable and might even be banned overtime.
This is what the regulated and fees-centered nightmare will look like:
To sum it all up
Obviously, such a short article cannot explain the full complexity behind MPC technology and its adoption. MPC is impressive at a technological level and might be a perfect fit for players that have no regulatory concerns. Yet, this does not change the fact that MPC provides a backdoor into the regulated and centralized cryptosphere, and this is good enough reason to think twice before advocating for or using it.
It is important to add that there is a vision for the creation of a decentralized MPC. The route to that end remains long and winding, but it does seem to be a technologically feasible solution, and I will be happy to see its execution.
The bottom line is that currently, there is only one true technological king in the field of cryptocurrency, and that is the blockchain itself. Blockchain has no backdoors or major flaws; therefore, I suggest we wait until one of the truly decentralized solutions comes to life before crowning any new king.