Introducing Coinbase's Open Source MPC Cryptography Library

At Coinbase, security is our foundation, and transparency is key to building trust in the crypto ecosystem. That’s why we are open-sourcing our Multi-Party Computation (MPC) cryptography library—enabling security researchers, developers, and institutional partners to leverage our cryptographic expertise while strengthening industry-wide security standards.

This release reflects years of investment in cryptographic security, and by making it publicly available, we are setting a new benchmark for open, verifiable, and auditable cryptographic security in digital asset key management.

What is MPC?

Multi-Party Computation (MPC) is a powerful cryptographic protocol that allows multiple parties to collectively perform computations on private data without ever exposing the underlying data itself.

One of its most critical applications is threshold signing, where digital signatures can be generated without any single party having access to the full private key. This strengthens security by:

• Protecting private keys from single points of failure—an attacker would need to breach multiple independent parties to gain access.

• Enabling decentralized policy enforcement—all signing parties can apply security controls such as rate limiting and blocklists to prevent unauthorized use.

We use MPC to secure digital assets at scale, and this open-source release allows others to benefit from our security-first approach.

What's Included in the Release?

Coinbase’s MPC engine includes code for two-party and multiparty signing for ECDSA and EdDSA, as well as many tools for securing cryptocurrency asset keys. These tools include secure backup procedures, multiparty key generation, code for hierarchical key derivation in MPC, and more. The open source repository includes the following: 

• Codebase: The MPC engine's full source code, allowing developers to see the exact cryptographic protocols used.

• Documentation: In-depth theoretical foundations and detailed specifications to help understand and utilize the code effectively.

• Examples and Benchmarks: Practical examples and performance benchmarks to demonstrate how the code can be applied in real-world scenarios.

The code in this open source library is derived from the MPC engine used at Coinbase to protect asset keys, with significant changes in order to make it a general-purpose library. In particular, Coinbase applies the MPC protocols in the library with very specific flows as needed in our relevant applications, whereas the open source library is designed to enable general-purpose use and therefore supports arbitrary flows.

Why Open Source?

By open-sourcing our MPC cryptography library, we are reinforcing Coinbase’s commitment to security, transparency, and industry-wide collaboration.

Enhancing Trust through Transparency: Open-sourcing our MPC engine eliminates security through obscurity—allowing independent researchers to review and validate our code. This transparency shows that we are committed to security and have nothing to hide.

Community Contribution: MPC has become very popular in the blockchain/cryptocurrency community as a method for protecting asset keys. However, not every organization has an expert MPC team to develop and deploy it securely. At Coinbase we have invested deeply in MPC, and this open-source library is the product of many person-years of research and development. Furthermore, the library has been rigorously reviewed and audited, both internally and externally. Therefore, organizations who wish to deploy MPC can do so much more quickly and much more securely by using Coinbase’s open source library. Our hope is that this library will serve to both improve the security of our field, as well as help others to deploy new applications securely. At Coinbase, we strongly believe that the ecosystem is better together, and we hope that our new open source library will help anyone interested in using MPC to better protect cryptoassets of all kinds.

Driving Innovation through Collaboration: Open-source projects thrive when security researchers, developers, and cryptographers contribute improvements and enhancements. By making our MPC library accessible, we invite peer review, academic collaboration, and future contributions that push the boundaries of cryptographic security.

How to Report and Update on Vulnerabilities

We take the security of our open-source projects very seriously. We encourage the community to report any vulnerabilities they discover. Here’s how you can do so:

• Bug Bounty Program: Coinbase runs an active bug bounty program where security researchers can report vulnerabilities and earn rewards for their findings. You can find more information and submit your reports through our here.

• Direct Reporting: For those who do not wish to report via the bug bounty program, you can reach out to our security team via our dedicated email cb-mpc@coinbase.com. We appreciate detailed reports which make it easier for us to address the issues promptly.

Coinbase is committed to rapid response and transparency in addressing reported vulnerabilities. Our dedicated cryptography and security teams will continuously monitor and update the repository as needed.

How to Get Involved

We encourage developers, security researchers, and enthusiasts to explore our MPC code, use it, contribute to its development, and join our ongoing efforts in pushing the boundaries of cryptographic security. You can find the repository at our GitHub page.

Conclusion

Our open-source release of the MPC cryptography engine is a significant step towards fostering a more secure, transparent, and collaborative cryptocurrency ecosystem. By opening our code to the world, we hope to set a new standard in transparency and innovation for advanced cryptography.