👯
What is MPC?
This guide will go over the basics of multi-party computation cryptography.
Multi-Party Computation (MPC) cryptography allow two parties to use two key shares instead of a single private key to manage access to a crypto wallet.
MPC works by using a pair of key shares to sign a transaction, instead of a single private key. One of the key shares is managed to the user and the other managed by Portal. To sign a transaction both shares are required.
Portal's implementation of MPC uses two sets of key share pairs.
The signing key shares are used for signing transactions and the backup key shares are used for recovery if the device storing a signing key shares is lost.
MPC
The user's signing key share is stored in their mobile device's keychain. The Portal signing key share is stored encrypted-at-rest.
The user's backup key share is encrypted and stored in Google Drive or iCloud. The decryption key for the user's backup share is sent to the custodian to store encrypted-at-rest. The Portal backup key share is also sent to the custodian to store encrypted-at rest.
Portal only stores the signing key share, and so can only sign messages with the key share stored in the device's keychain. Likewise, to perform a recovery using the user's backup share only the backup share stored by the custodian will work.
This separation of concerns provides additional security constraints to ensure that a compromise of any one key share has additional authentication methods to sign an MPC transaction.
MPC backups allow your users to recover their MPC wallets in the event that their device is lost, stolen, or is bricked.
At the time of recovery, these two backups are used together to generate new shares to be stored on-device, allowing the user to migrate their wallet with a new device.
MPC recovery allows your users to recover their MPC wallets in the event that their device is lost, stolen, or bricked.
MPC recovery uses the MPC backup that a user has already configured to create a new set of signing and backup shares.
Recovery is handled in two pieces: user recovery and custodian recovery.
Recovery creates two new pairs, one for signing and one for backup, and deprecates the two old pairs.
Last modified 5mo ago