Multipartite computing: the Trojan horse of crypto space regulation

MPC is a regulated, fee-based model that is almost an exact replica of the current banking system.

From time to time, the crypto community crowns a new king for secure transactions, and the latest king appears to be multiparty computing, or MPC. This year, the adoption of MPC by custodial and non-custodial agents has progressed and gained traction in the market at a very fast pace.

However, it could have a price. MPC providers offer regulators a back door for cryptomoney transactions. As the industry becomes more dependent on MPC for security, it could end up compromising longstanding principles of decentralisation and resistance to censorship.

The hidden features of MPC

To identify where risks exist, let’s briefly review CPM and how it is used. At the most basic level, MPC technology involves dividing private keys into segments and distributing them to different parties. Typically, the client has one key segment and the MPC provider has another. The aim is to improve security by ensuring that neither party has total control over a given transaction, which can only be executed if both parties provide their key segments.

MPC service providers often present their technology as simply helping to secure transactions. It is sold on the premise that: „We keep half a key, you keep the other half, but you are the boss, only you decide when and where to transfer your funds. You can also withdraw all your funds from our account whenever you want“.

But in reality, that is not exactly the case. MPC service providers act as intermediaries whose approval is required for a transaction to be executed.

In this respect, MPC providers are playing a role almost identical to that of banks, with blockchains fulfilling the role played by the SWIFT system. It can replace the sender’s bank with an external MPC service provider and replace the SWIFT system with the blockchain. The only difference here is in how the sender sends the payment. With a bank, the sender instructs the bank to release the funds; with an MPC provider, the sender and the provider jointly sign the transaction. Both parties send a partial key which the MPC service provider then transmits to the block chain.

It could be argued that there is a significant difference between banks and MPC providers that is not taken into account in this comparison: banks can freeze funds and even confiscate them. The problem, however, is that these back doors also exist in MPC providers.

There is no argument here that MPC providers are simply bad guys who want to steal their funds from their clients. As professional and reputable companies working with institutions, they need to meet a major demand from their clients: that crypt funds be recoverable if someone loses their key.

Private key security has long been a point of friction for institutions and crypto-currency companies. Therefore, the ability to recover funds in case of loss of a key is absolutely essential for any company claiming to offer secure storage of cryptomonies. Imagine a bank that wouldn’t let you recover a forgotten password, simply telling you that if you lost it, your money was lost forever.

Here comes the regulator

In light of their responsibility for client funds as a third party, it is clear that MPC providers offer a back door for regulatory intervention. Ultimately, this means that MPC firms could play the same role as banks.

If a legal authority requires an MPC service provider to stop a transaction, it will be forced to do so. In addition, if MPC providers allow users to recover lost keys, it means that a regulator could also issue a lawsuit to confiscate funds. Again, assuming this is a legally binding request, the provider would be forced to comply if it wishes to remain in business.

This is not mere hyperbole. The regulators are already here. In June 2019, the Financial Action Task Force, or FATF, approved an initiative to regulate virtual assets and virtual asset servicers. While overall compliance remains low, we can be confident that the FATF will continue to expand the network until all virtual asset service providers are included.

While the focus of the crypto community has been on how exchanges will administer FATF regulation, MPC providers also fit the profile of a virtual asset service provider, which manages and transfers client funds in a similar manner to a bank wire transfer. The same regulatory conditions apply to all companies that directly or indirectly own, manage or control virtual assets.

Hence, this regulation creates the same expectations in the CPMs as those currently applied to the banking system. In the end, this could mean that large transactions are reported back to the regulator, and customers are subject to the same Know Your Customer and Anti-Money Laundering requirements as for a bank account.

Traditional banks to execute MPC?

If further testing is required, we only have to look at the large banks that have already recognised that MPC technology offers benefits that fit within their existing regulatory frameworks. Citibank and Goldman Sachs have already invested in MPC providers and we can expect many more to be announced very soon. With the United States Treasury’s Office of the Comptroller of the Currency already having approved crypto currency custody services for federally authorised banks, MPC offers an easy way to regulate banks to begin entering the crypto space.

The fact that MPC service providers limit the mobility of their clients by creating dependence on their own wallets could also be attractive to banks, creating a kind of forced loyalty far removed from the vision of open finance that many in the world cherish in the crypto space.

It is easy to assume that such a network will manage only „authorised“ currencies and coinage. Uncontrolled“ assets, such as your Bitcoin Lifestyle (BTC), will not generate the kind of fees that could be imposed on authorised transactions and could even be banned over time.

To summarise this

On a technical level, MPC is impressive and could be a perfect fit for players who do not have concerns about regulator involvement in the crypto space. However, for those who do, it is worth being aware that it also provides a backdoor to the regulated and centralised cryptosphere in the same way that they are already experiencing regulated and centralised exchanges. This is reason enough to think twice before promoting or using it.

As a final point, it is worth adding that the technology is still in its infancy. A vision exists for the creation of a decentralised MPC, but such a solution is far from being developed. The road is still long and tortuous, but it would be a step in the right direction for those who advocate the original vision of decentralised open networks that support a valuable Internet. I urge you to ask your MPC service provider what happens if you lose your wallet or your seed.