Web3 Learning

How to Choose Your MPC Wallet Provider?

By Safeheron Team - 2024-06-04

In the rapidly advancing realm of digital assets and blockchain solutions, ensuring the security of one's holdings is paramount. Secure Multi-Party Computation (MPC) wallets have emerged as a formidable solution, offering enhanced security through advanced cryptographic techniques.

The robustness of an MPC wallet lies not just in its promises, but in the cryptographic proofs and infrastructure that underpin its design. Whether you're a novice venturing into the world of cryptocurrencies or a seasoned user with an established MPC wallet, understanding the key criteria for evaluating MPC wallet security is critical.

How does your MPC wallet protect the private key from being compromised?

It is crucial to understand how your MPC wallet provider generates, stores, and grants authorized access to key shards. To enhance security, MPC wallets typically employ a sophisticated decentralized key management system. Instead of storing a single, vulnerable private key, they generate multiple key shards using the MPC protocol (e.g., GG18, GG20). These key shards are then distributed across different devices or locations and stored in isolated environments. This method ensures that no single entity holds the entire private key, making it nearly impossible for hackers or malicious insiders to gain unauthorized access.

For instance, if a hacker attempts to compromise an MPC wallet, they would need to breach multiple locations simultaneously, a task that is exponentially more difficult than targeting a traditional wallet with a single private key. This distributed approach significantly enhances the wallet's security, ensuring that your digital assets remain protected.

One advanced solution is to employ the "MPC+TEE" multi-layer security model for key shards. For example, users store a key shard locally on their device, while Safeheron stores users' cloud key shards within Intel® SGX hardware-isolated enclaves hosted by two cloud providers: Microsoft Azure and Alibaba Cloud. These hardware-isolated enclaves create a securely segregated environment where the generation and storage of MPC key shards and transaction signing cannot be manipulated by malicious actors. In summary, key shards are distributed in such a way that no single entity (not Safeheron, the customer, or any cloud providers) can access the entire key.

How does your MPC wallet handle key recovery and backup?

Key recovery and backup are critical features of any MPC wallet. It is essential to have a clear understanding of how your MPC wallet provider addresses these aspects. Does your MPC wallet have a robust mechanism in place for key shard recovery and backup? Do you have the tools or access needed to recover the original private key for your MPC wallet in extreme cases? How do they work?

In the event of device loss, access failure, malicious attacks, etc., you need a reliable way to regain access to your wallets without compromising security. Even in extreme cases where your wallet provider can no longer offer the service, you should be able to transfer your digital assets to another secure location.

For instance, some MPC wallets employ a multi-party approach for key backup. Safeheron's MPC wallet allows customers to assign different team members to back up MPC key shards by storing their respective recovery phrases. Backup members can collectively verify if they have backed up the key shards correctly. This method ensures that no single entity can act unilaterally, adding an extra layer of security. Additionally, as mentioned earlier, cloud key shards are secured in Intel® SGX hardware-isolated enclaves, providing users with peace of mind knowing that their key shards are safe and can be recovered when needed.

Moreover, in extreme cases where users wish to cease using Safeheron's MPC wallet, Safeheron provides an open-source offline key recovery tool. This tool allows users to recover their complete private keys of MPC wallets using the recovery phrases of the MPC key shards. Once the keys are recovered, users can import them into other hardware or software wallets, always maintaining full control over their digital assets.

Can your wallet provider control your digital assets?

One of the fundamental concerns when choosing an MPC wallet is whether the wallet provider can control or access your digital assets. In a truly decentralized and secure environment, control over digital assets should remain solely with the user, not with the provider.

Therefore, it's crucial to ask your wallet provider about the type of decentralized multi-signature scheme they employ. Safeheron uses a 3-of-3 MPC (Secure Multi-Party Computation) multi-signature scheme, significantly enhancing the security of funds. With this distributed approach, customers maintain 100% control over their assets, as any transaction requires all three key shards to sign together. This greatly enhances the security and reliability of fund management because Safeheron, as the wallet provider, can never control the private key. In other words, we can never transfer any assets on behalf of our customers.

Does your MPC wallet stay up-to-date on the latest MPC algorithms?

Multiple MPC algorithms (e.g., GG-18, GG-20, and MPC-CMP) are available today, with new developments and enhancements emerging continuously. Ask if your MPC wallet provider utilizes MPC protocols that are fully audited and up-to-date with these advancements to ensure the highest level of security for their users.

Additionally, open-sourcing can be another advantage. For instance, Safeheron has open-sourced its MPC protocols, enhancing platform transparency and allowing customers to scrutinize the code themselves and verify that it has been audited by third parties. By making its code available to the public, Safeheron's open-source MPC wallets benefit from continuous peer review and collaboration, ensuring that any potential vulnerabilities are quickly identified and addressed.

How does your MPC wallet ensure compliance with regulatory standards?

Compliance with regulatory standards is a critical aspect of any financial service, including MPC wallets. These wallets can be designed to adhere to relevant guidelines and flexibly adapt to regulatory changes, such as Anti-Money Laundering (AML) and Know Your Transaction (KYT) regulations.

For instance, Safeheron integrates industry-leading AML solutions and compliance service providers to protect users from nefarious actors. By incorporating AML and KYT monitoring, its MPC wallet can detect suspicious activities and flag potentially risky or non-compliant activities, ensuring that all transactions are legitimate and secure. Additionally, with a robust Policy Engine, Safeheron allows customers to adjust their internal governance model and transaction policies swiftly, maintaining high-level regulatory compliance and institutional-grade security.

Determine if your wallet provider has implemented the necessary measures or mechanisms to ensure that the wallet operates within the legal framework. This compliance not only protects users from potential legal issues arising from non-compliant transactions but also safeguards their businesses.

Is your MPC wallet audited for security by trusted third parties?

Determine if your MPC wallet has undergone audits conducted by third-party security firms and the scope of these audits. Regular third-party security audits and assessments are essential to maintaining the integrity of an MPC wallet.

These security audits provide an independent evaluation of the wallet's security measures and underlying technology. Trusted third-party auditors can identify potential vulnerabilities and recommend necessary improvements. It’s also important to check if these enhancements have been properly implemented.

In addition to regular audits, security certifications, such as ISO 27001 and SOC 2, can be critical indicators of a wallet's security. For example, Safeheron undergoes regular security audits by renowned security firms such as Kudelski Security, Least Authority, SlowMist, and Cure53. Safeheron has achieved various certifications that attest to its commitment to safeguarding digital asset security, user security, and privacy, always maintaining high-level security for its MPC wallet and building profound trust with its customers.

Examples of third-party audits Safeheron conducted:

Security certifications Safeheron has obtained:

How does your wallet provider manage and ensure supply chain security?

Understand which third-party services your wallet provider has integrated to assess its supply chain security. Another key consideration is how your wallet provider ensures its wallet service is reliable and protected from supply chain attacks.

Safeheron integrates well-known third-party services into its system architecture, such as system software modules, CDNs (Content Delivery Networks), and WAFs (Web Application Firewalls).

While these third-party services have their own security policies, Safeheron implements strict and continuous security audits within our DevSecOps process. This approach ensures that these services remain reliable and are not vulnerable to supply chain attacks. By maintaining a secure supply chain, we can safeguard the overall integrity of its system.

Does your wallet provider have an internal cryptographic security team to identify and respond to potential threats and vulnerabilities?

An in-house cryptographic security team is crucial for maintaining the security of an MPC wallet. This team is responsible for identifying potential threats and vulnerabilities and deploying necessary security updates and patches.

So, it is essential for an MPC wallet provider to have a professional cryptographic security team to continuously monitor its wallet infrastructure, promptly identify and respond to potential risks, and actively communicate with users, ensuring the best practices in cryptography.

Evaluating the security of an MPC wallet involves considering various factors, with the wallet provider's security capabilities being a top priority. The robustness of the MPC wallet you choose can significantly impact your business's ability to operate securely and efficiently. Stay vigilant about your wallet provider's security status.

Safeheron is proactively engaged in the non-custodial MPC wallet field, consistently maintaining the highest security standards within the wallet community. Since its establishment, Safeheron has chosen an open-source and transparent approach, welcoming more market players to join in open dialogue, and together, we can facilitate the security of the Web3 environment for everyone.