Overview
Multi-Party Computation (MPC) has become the dominant approach for institutional digital asset key management, enabling secure custody without single points of failure.
How MPC Works
Core Concept
MPC distributes key material across multiple parties:
- Key generation creates shares without any party seeing the full key
- Signing requires threshold cooperation (e.g., 2-of-3, 3-of-5)
- No reconstruction - the full key is never assembled
Threshold Signatures (TSS)
The specific MPC application for digital assets:
- t-of-n schemes where t parties must cooperate to sign
- Share refresh to rotate key material without changing the public key
- Party replacement to change participants over time
Comparison with Alternatives
| Attribute | MPC | Multi-sig | HSM | Hot Wallet |
|---|---|---|---|---|
| Key exposure | Never | Never | Single device | Always |
| Flexibility | High | Protocol-dependent | Low | High |
| Chain support | Universal | Varies | Universal | Universal |
| Cost | Medium | Low | High | Low |
| Latency | Low-Medium | Low | Low | Very Low |
Implementation Architectures
Common Configurations
2-of-3 Institutional Setup:
- Institution holds 1 share
- Custody provider holds 1 share
- Cold backup holds 1 share
3-of-5 Enterprise Setup:
- Operations team holds 2 shares
- Security team holds 2 shares
- Executive backup holds 1 share
Vendor Landscape
Major MPC custody providers:
| Provider | Type | Chains Supported |
|---|---|---|
| Fireblocks | SaaS | 50+ |
| Copper | SaaS | 40+ |
| Curv (PayPal) | SaaS | 30+ |
| ZenGo | Self-custody | Major chains |
| Lit Protocol | Decentralized | EVM chains |
Operational Considerations
Policy Engine Integration
MPC solutions typically include:
- Approval workflows for transaction authorization
- Spending limits by time period or amount
- Address whitelisting for destination control
- Multi-level approvals based on transaction size
Disaster Recovery
Planning requirements:
- Share backup procedures with geographic distribution
- Recovery testing on regular schedules
- Succession planning for key personnel
- Insurance considerations for custody arrangements
Compliance Requirements
Regulatory expectations:
- Segregation of duties between share holders
- Access logging for audit trails
- Change management for policy updates
- Penetration testing of MPC infrastructure
Security Considerations
Attack Vectors
Known considerations:
- Collusion attacks if threshold parties coordinate
- Side-channel attacks during signing ceremonies
- Social engineering targeting share holders
- Implementation bugs in MPC protocols
Mitigation Strategies
Best practices:
- Independent custody of shares across organizations
- Hardware security for share storage
- Regular security audits of implementations
- Incident response procedures
Performance Characteristics
Latency Profiles
Typical signing times:
| Configuration | Signing Time |
|---|---|
| 2-of-2 | 100-300ms |
| 2-of-3 | 200-500ms |
| 3-of-5 | 500-1000ms |
Throughput Considerations
For high-volume operations:
- Batch signing for efficiency
- Pre-computed shares for latency reduction
- Dedicated infrastructure for trading operations
Related Reading
- Architecture Pillar - Infrastructure context
- Firedancer - Related infrastructure