Multi-Party Computation (MPC) is a cryptographic technique where multiple parties jointly compute a function — in the wallet context, a private key signature — without any participant needing to know the full private key. The complete key is never assembled in one place at any time.
It’s used in institutional custody, consumer wallets, and exchange infrastructure to eliminate the single point of failure that a raw private key represents.
The Single-Key Problem
In a standard wallet:
- One private key = total control over all funds
- If that key is compromised (theft, malware, phishing), everything is lost
- If lost (hard drive failure, forgotten backup), everything is inaccessible
- Either outcome is irreversible
MPC distributes this risk.
How MPC Wallets Work
The private key is split into key shares using threshold cryptography. For example, a 2-of-3 MPC scheme:
“`
Key Share A → held by User’s phone
Key Share B → held by MPC provider’s server
Key Share C → held by backup device or institution
“`
When a transaction is signed:
- A signing request is initiated
- 2 of 3 shareholders participate in the signing ceremony
- Each contributes their share to compute the signature
- The transaction is signed — the full key is never reconstructed
The blockchain sees a normal signature. There’s no on-chain evidence that MPC was used.
MPC vs. Multisig
| Feature | MPC | Multisig (e.g., Safe) |
|---|---|---|
| Key reconstruction | Never | Not needed (on-chain logic) |
| On-chain visibility | Invisible | Visible multi-sig structure |
| Chain-specific? | Chain-agnostic | Smart contract required |
| Gas overhead | Normal (single sig) | Higher (multiple sig verification) |
| Smart contract risk | None | Yes |
| Recovery complexity | Software-level | On-chain transaction |
MPC is more gasefficient and works on any chain without a smart contract. Multisig is more transparent and auditable on-chain.
Use Cases
Institutional custody:
- Fireblocks, Copper, Coinbase Custody, BitGo all use MPC as a core component
- Assets can be secured without ever exposing a full private key
Consumer wallets:
- ZenGo: MPC wallet with no seed phrase; shares held by user’s device + ZenGo server + biometric backup
- Coinbase WaaS: MPC infrastructure for apps building wallets
- Privy, Magic, Web3Auth: Developer SDKs using MPC for embedded wallets
Exchange infrastructure:
- Hot wallet management with internal MPC to prevent insider key theft
Threshold Signature Schemes (TSS)
MPC wallets typically use TSS (Threshold Signature Schemes) — a mathematical framework that enables the distributed signing ceremony. Common implementations:
- GG18/GG20 (Goldfeder-Gennaro): Early widely used TSS protocols
- DKLS19: An improved version with better security proofs
- FROST: A newer scheme with better efficiency and Schnorr signature support
Risks
| Risk | Notes |
|---|---|
| Provider centralization | If the MPC provider is the majority shareholder, they can coerce or fail |
| Software complexity | MPC is harder to implement correctly than simple key storage |
| Liveness | All required parties must be available to sign |
| Regulatory | Custodial MPC setups may have compliance implications |
MPC is not magic — it shifts risk from “one key” to “distributed system,” which is better but not zero-risk.
Sources
- Fireblocks: MPC-CMP technical overview
- ZenGo: “Keyless wallet” technical blog
- coinbase/kryptology: Open-source TSS implementation