< / >

Threshold Cryptography with MPC: Collaborative Security in the Digital Age

October 22, 2023

@trizin

Imagine a vault that requires multiple keys to unlock, with each keyholder aware only of their key but oblivious to the complete combination. This isn't the premise of a heist movie, but the fundamental principle of how threshold cryptography with MPC works. Instead of a single point of vulnerability, we introduce a system where multiple parties come together, each holding a piece of the puzzle, ensuring security through collective collaboration.

Threshold Cryptography

Threshold cryptography is a subfield of cryptography that enables distributed systems to perform cryptographic operations without any single entity having full access to the secret key.

In a tt, nn threshold scheme, a secret is divided into nn shards in such way that any tt of them can be combined to reconstruct the secret but no less. This is highly benecifial for scenaros where trust is distributed, line in decentralized systems, multisig wallets or electronic voting systems.

Joint Decryption

This involves multiple participants working together to decrypt a message. If someone sends an encrypted message to a public key, participants can work together to decrypt it. Each participant uses their shard to produce a partial decryption. When combined, these lead to the final plaintext.

Joint Signing

Instead of a single entity signing a message with a private key, each participant produces a partial signature with their shard. When combined, these partial signatures constitute a valid signature for the associated public key.

Protection Against Rogue Participants

In any multi-party setup, there's always the risk of participants acting maliciously. There are some safeguards to prevent that:

  • Byzantine Fault Tolerance: Derived from the Byzantine Generals Problem, this ensures the system can function correctly even if some participants fail or act maliciously. For a threshold scheme, this typically means that as long as the number of malicious actors is below the threshold tt, the system remains secure.

  • Commitments & Challenges: Participants can "commit" to their shards or partial results and then respond to "challenges" from other participants to prove they're following the protocol correctly.

  • Monetary Staking: A financial safeguard can be introduced where participants "stake" a certain amount of funds. If they're found (through cryptographic proof or consensus) to act maliciously or against the protocol, their stake can be forfeited.

  • Trusted Execution Environments (TEEs): TEEs, like Intel's SGX or ARM's TrustZone, offer an isolated execution space where data and code integrity are protected, even from the host system. By forcing participants to use TEEs, computations and key shards can be secured in a protected environment, minimizing the risk of external interference or rogue behavior. TEEs ensure that the code runs precisely as intended (preventing tampering) and can provide cryptographic attestations about the correctness of operations. However, TEEs are not immune to all threats. There have been vulnerabilities in the past.

Multi-party Computation (MPC)

MPC is a powerful tool that makes threshold cryptography possible and practical. It's the solution that enables participants to compute on shared data without revealing their individual inputs.

What is MPC?

At its core, MPC allows multiple parties to jointly compute a function over their inputs while keeping those inputs private. For threshold cryptography, this ensures that the secret (like a private key) is never fully known to any participant but can still be utilized in cryptographic operations.

How MPC Supports Threshold Schemes

Through MPC, a secret can be split into shards, with each participant receiving a shard. When a cryptographic operation, like decryption or signing, is required:

  • Each participant computes on their shard and produces a partial result.
  • These partial results are combined (again, using MPC protocols) to get the final outcome (decrypted message or valid signature).
  • At no point during this process is the full secret revealed or reconstructed.

Secret Initialization

The very essence of MPC is that the secret is never fully known or handled by any single entity from the start. Instead, it's collaboratively constructed. One of the ways to construct this secret is as following:

Each participant generates a random value on their own machine. This value acts as their individual contribution to the final secret. These contributions are then combined to derive the final secret. Let's say the secret is a number. Three participants might generate the numbers 5, 7, and 9, respectively. These numbers are then added up to get the final secret, which is 21 in this case. No participant knows the secret 21 directly; they only know their contribution to it.

Combining Contributions

Once each participant has generated their contribution, they need a method to collaboratively compute the final secret without revealing their individual shards to each other.

  • Homomorphic Encryption: This is a form of encryption that allows computation on encrypted data. The result of the computation is also an encrypted data, which when decrypted, matches the result of the operations as if they had been performed on the plaintext. Participants could encrypt their individual contributions and then jointly compute the final secret in encrypted form, so the plaintext secret is never directly exposed.

Distributing Shards

After collaboratively constructing the secret, it's divided into parts (shards) that are then distributed to the participants:

  • Secret Sharing Schemes: Techniques like Shamir's Secret Sharing are utilized. In this scheme, a polynomial is constructed based on the secret, and then evaluations of this polynomial at different points are distributed to participants. The secret can be reconstructed only when a threshold number of these points are combined.

Validation

Finally, Zero-Knowledge Proofs can be utilized to ensure that everyone has followed the protocol correctly. Participants can prove that they've correctly generated and provided their shards without revealing the shards themselves.

Conclusion

Imagine a group where everyone has just a small piece of a big puzzle. Alone, they can't see the whole picture, but together, it all makes sense. That's how MPC and threshold cryptography work. By having many parts involved, our stuff online is safer because there's no single point of failure. Using the teamwork of MPC and threshold cryptography isn't just about safety; it's like opening a door to a new world of online possibilities. Think of brand-new apps and platforms where no single company is in charge, but everyone gets a say. It paves the way for online spaces that are more open, fair, and user-driven. With these technologies, we're not just securing our present but also shaping a more collaborative and decentralized future.