MPC and the Rise of Decentralized Trust

Blockchain initiatives such as VMware Blockchain™ are built on the concept of decentralized trust. Essential to the adoption of these platforms will be security. However, conventional security systems such as key management systems (KMS) operate with a centralized control model, in conflict with the paradigm of decentralized trust. Fortunately, Multiparty Computation (MPC) provides the ability to decentralize control over key operations and in doing so decentralize trust in security operations for complete realization of a decentralized-trust platform as a service.

A simple example is in the area of transaction signing or other forms of smart contract signing. These operations are securely executed using cryptographic keys which generate digital signatures. A classic example is with Bitcoin, where private keys are used to generate an elliptic curve digital signature algorithm (ECDSA) signature to approve the transfer of digital assets from one party to another. The same basic function is required to automate the transfer of assets between parties collaborating with a permissioned blockchain.

However, in a private blockchain used by multiple parties from different companies, who manages the KMS which generates the keys? Will each party bring their own KMS to generate their own keys to approve their own transactions? What about when multiple parties from different companies need to collectively approve a common smart contract or transaction? Who will control the keys used to sign by the different parties?

MPC provides a fundamentally different approach to KMS. Rather than generate entire keys on any device, which are subject to theft and misuse, MPC generates a share of a key on each party’s representative device or compute resource. Each key share is natively generated on each device by MPC, rather than centrally producing a key, breaking it into shares and distributing. No central party, including the system administrator, ever has visibility to or operational control over the shares of a key given to each party. When the required number of parties each approve a particular transaction, their shares are used by MPC to generate an ECDSA signature, without ever exchanging shares or combining the shares into a full key.

MPC’s distributed generation of key shares, with decentralized control uniquely gives each party sole control over their share which distributes control and trust to those parties. These same concepts can be extended to provide decentralized control over decryption services with distributed databases, allowing encrypted data stored on a blockchain, the cloud, or virtually any other system, to only be decrypted for access with the explicit approval by the parties with the required key shares and the MPC algorithms.  

The application of MPC for key management is referred to as Threshold Cryptography. The generation of digital signatures using this approach is referred to as Threshold Signatures. The generation and use of key shares for decryption services is referred to as Threshold Key Management Services (KMS). All of these MPC-based technologies and services have compelling application to blockchain services. Sepior recently announced interoperability of Sepior™ ThresholdSig, for decentralized trust with multiparty approval of smart contracts and transactions with VMware Blockchain. We invite you to consider Sepior’s Threshold Cryptographic solutions to unleash the full potential of your new and evolving services. Visit to learn more. We also invite you to download our white paper An Introduction to MPC which describes the broader concepts and principles of MPC and its application to threshold cryptography.

Frank Wiener