Thank you for joining!
April 2022

### Royal Holloway: Secure multiparty computation and its application to digital asset custody

Secure multiparty computation (MPC) is a branch of cryptography that can be used by two or more parties to jointly compute the output of an arbitrary function, without sacrificing the privacy of their respective inputs. MPC has existed since the early 1980s, but interest in the field has increased in recent years, particularly due to its potential to facilitate the secure custody of digital assets such as bitcoin. With the continued adoption of both MPC and digital assets, it is now necessary for security practitioners to be familiar with at least the fundamental concepts underpinning both technologies. As such, this article provides a brief overview of MPC, and further highlights the benefits of MPC-based bitcoin custody over traditional approaches.

• Secure multiparty computation can be achieved using a wide range of mathematical techniques, with early research within the field focusing on the combination of two concepts: oblivious transfer and garbled circuits. Many practical applications today, however, utilise a technique known as secret sharing.
• The most straightforward secret sharing scheme, known as an additive secret sharing, requires a third-party dealer to define the secret value, S, as the sum of randomly chosen shares. These shares are then individually assigned to each participant and kept secret. To recover the secret, all participants must disclose their share to one another and calculate their sum.
• An alternative secret sharing scheme, known as Shamir secret sharing, is also commonly utilised to facilitate secure multiparty computation. The construction of Shamir secret sharing is fundamentally the same as additive secret sharing, as the process is similarly comprised of three steps: share generation, distribution and reconstruction. However, Shamir secret sharing is more flexible, as a secret S can be shared between n parties, such that only a party in possession of t (called a threshold) or more shares is able to recover S.
• A recent use case of secure multiparty computation has arisen within digital signatures, particularly when used to facilitate secure custody of digital assets such as bitcoin.
• Digital signatures schemes are used on the bitcoin network to authorise the transfer of bitcoin under the ownership of one user to another.
• Threshold signature schemes are an extension of a traditional signature scheme that allows multiple users to participate in the signature generation process. This is unlike traditional signature schemes that can only produce a signature on behalf of a single entity.

View All