Coinbase Logo

Language and region

Digital Asset Management with MPC (Whitepaper)

How MPC and Wallet as a Service overcome today's biggest wallet infrastructure challenges

By Yehuda Lindell

Product

, June 14, 2023

Coinbase Blog

TL;DR: The whitepaper outlines the key management mechanism used in Wallet as a Service (WaaS), which utilizes multiparty computation (MPC) to provide a unique combination of best-in-class usability and security for onchain wallets.

The quest for a seamless and secure wallet service has often been fraught with complexities. Responding to this need, Coinbase has designed Wallet as a Service (WaaS) to leverage secure multiparty computation (MPC), a cutting-edge cryptographic technique that elegantly resolves key management problems in blockchain and cryptocurrency applications. 

The whitepaper was written by Yehuda Lindell, a professor of computer science at Bar-Ilan University (on leave) and the current leader of the cryptography team at Coinbase. With a rich academic and industry background in cryptography, Lindell brings a wealth of experience and expertise to this work​​.

Whitepaper Highlights

MPC enables a web2 experience with web3 infrastructure 

Coinbase WaaS enables organizations to bring cryptocurrencies, blockchain and web3 technology to everyone.  However, this requires everyone to have a wallet, meaning that the private keys for those wallets need to be protected. The CEX model provides great user experience and security, but doesn’t enable users to have full control over their assets. The classic self-custody model where the users themselves hold and protect their private keys is extremely burdensome. Users opt-out quickly when they need to securely store mnemonics, with the threat of losing everything if they don’t do a good job (and they can’t just put them in the cloud since they can be stolen). Secure multiparty computation (MPC) is able to provide the best of both worlds, achieving the usability and security of an exchange without sacrificing on self custody. This opens the door to mass adoption, where users do not need to be crypto savvy, or technically savvy at all, in order to install and operate a self-custody wallet.

How MPC works

MPC enables us to split the key between the user’s wallet and a Coinbase server, and to generate signatures on transactions without ever bringing the key together. As a result, the user's key cannot be stolen if the key share used to sign transactions is taken from their device, since a single share is meaningless without the other, and Coinbase cannot generate a signature without the user since they also only hold one share. This means that Coinbase cannot control the user's keys or funds.  

There are two private key backup types with WaaS

One of the biggest challenges in managing your own wallet is the private key backup. WaaS solves this problem with two backup types. The first is called “Coinbase-aided backup” and works by the user storing their share of the private key (e.g., in their cloud) while the other share is stored by Coinbase. (Unlike a full mnemonic, a single share doesn’t suffice for stealing anything and so can be safely stored in the cloud.) Then, if the user loses their device, they can restore transparently by just re-installing their app, downloading their share (e.g., from their cloud) and authenticating to Coinbase (or the WaaS customer) to restore. This has the user experience of account or password reset, which is what most users want and need. The underlying technical machinery is completely hidden from the user, and they experience a workflow which they are used to in web2 settings.

WaaS also includes a second “self-custody backup” where the user (or WaaS customer) holds both shares of the customer encrypted under a strong key (e.g., in the user’s secure enclave on their phone). These shares were never revealed at any point, and so are not vulnerable like wallets that work with mnemonics, but they enable a user to single handedly obtain their keys, if they desire to.

Explore the whitepaper to understand the intricacies and subtle nuances of deploying an MPC wallet. By shedding light on the cryptographic design of key management in WaaS, we aim to provide a comprehensive understanding of the potential of MPC in unlocking broad wallet deployment and user adoption.

At Coinbase, we are committed to advancing blockchain technology and making it more secure for everyone. With Wallet as a Service, we are taking a significant step in this direction, and we hope that this whitepaper will serve as a valuable resource for those interested in the future of digital asset management.

Building MPC Wallets - Yehuda Lindell at EthCC

Yehuda describes how MPC increases usability and security, how to use it to achieve self custody, & common pitfalls developers need to be aware of.

Video highlight
Play video

Play

Download Whitepaper

Coinbase logo
Yehuda Lindell

About Yehuda Lindell

Yehuda Lindell leads the cryptography team at Coinbase and is a professor of Computer Science at Bar-Ilan University (on leave). At Coinbase, Yehuda is responsible for the company’s cryptography design and its strategy around secure multiparty computation (MPC). Yehuda obtained his PhD from the Weizmann Institute of Science in 2002 and spent two years at the IBM T.J. Watson research lab as a postdoctoral fellow in the cryptography research group. Yehuda has carried out extensive research in cryptography, published over 100 scientific articles, and co-authored one of the most widely used textbooks on modern cryptography. Prior to joining Coinbase, Yehuda was the co-founder and CEO of Unbound Security, a company that provided key management and protection solutions based on MPC. Unbound was acquired by Coinbase at the end of 2021.