When it comes to managing your crypto assets, the famous mantra “Not Your Key, Not Your Coin” is absolutely correct. If you do not have exclusive access to your keys, the entire value of your crypto assets is at risk. However, as the industry and crypto community grow, it is time to update our mental model and reconsider how we manage the key.
Again, “Not Your Key, Not Your Coin” is correct, but there may be a better way to manage the keys, providing a better user experience for end users and benefiting the community as a whole.
One can say many beautiful things about crypto and blockchain but cannot deny that using them is very challenging for regular users, even those who are self-styled as web3 natives.
As we have learned through countless examples, one wrong user action could result in a wallet getting drained, and not to mention many bad actors are lurking in the dark, ready to swoop in at any misaction and loophole.
- Non-fungible token (NFT) influencer who goes by ‘NFT God’ on Twitter lost all his digital assets
- Over 5,000 ether (ETH) worth about $10.5 million have been stolen from crypto veterans
- Luke Dashjr, one of the original core developers for Bitcoin, claims that someone swiped hundreds of BTC from his accounts late last year
- Fenbushi Founder Bo Shen Loses $42M in Stablecoins, Bitcoin, Ethereum to Hackers
One of the most difficult challenges facing the blockchain industry as it strives for mass adoption is ensuring a seamless, secure, and user-friendly on-chain experience.
Crypto and blockchain are value networks that are decentralized and trustless in nature. However, can we realistically expect widespread adoption of financial activities such as borrowing, lending, investing, and paying through a system that lacks basic security measures and safety nets?
We must now ensure that the first crypto gateway is secure.
Multi-Party Computation (MPC) Background
Multi-Party Computation (MPC) was invented nearly 40 years ago by computer scientist Andrew Yao. It has been in development for several decades and has only recently entered the digital asset space. It has progressed from being an intellectual curiosity to being one of the primary technologies used by wallet providers and custodians to secure crypto assets.
MPC is now used for a variety of practical purposes, including digital auctions and storing digital assets in MPC wallets. In fact, MPC has emerged as the de facto standard for institutions and developers seeking to secure their digital assets while maintaining quick and easy access to them.
Nonetheless, the ability to safely hold and transfer digital assets is only guaranteed if the private key is secure, which makes how to store the private key a better pursuit.
How Multi-Party Computation (MPC) Works, Simplified
Because no single key can sign a transaction and the operator cannot access the key, MPC is resistant to insider attacks against the platform operator or key holder. In addition, the solutions enable the creation and enforcement of policies that govern who must approve transactions and prevent a single malicious insider from stealing assets, such as the workload owner or a workload operator.
In reality, MPC technology is used to sign transactions instead of individual private keys.
A multi-party computation protocol divides the signing process among several computers. Each computer has a piece of private data representing a portion of the private key, and they collaborate to sign transactions in a distributed manner.
Private keys no longer need to be stored in a single location with MPC, reducing the risk of a single point of failure. MPC is also more flexible and efficient than traditional protocol-specific multi-sig technology. Furthermore, MPC is a more secure option for institutional digital asset storage and digital asset transfers. The demand for a security tool that enables fast transfers and advanced business strategies has increased as the digital asset market has developed and grown.
Assuming the MPC is implemented on secure hardware, the need to attack on multiple fronts simultaneously makes MPC significantly more secure than other private key storage methods with a single point of failure, such as hot and cold crypto wallets.
And MPC’s flexible governance reduces the possibility of rogue personnel accessing a crypto wallet and fleeing with the assets.
Introducing Social Recovery / Email
DKIM (DomainKeys Identified Mail) is an email authentication method designed to verify the content and sender of email messages. It uses digital signatures to ensure that email messages are not tampered with during transit and that the claimed sender actually sends them. DKIM works by adding a digital signature to the email message header using a private key stored by the sending domain. When the recipient’s email service receives the message, the public key in the sender’s DNS record is used to authenticate the email message’s signature. If the email message is authentic, it is delivered to the recipient’s inbox; otherwise, it is either blocked or sent to the spam folder. DKIM is a way to prevent email spoofing and to increase the trustworthiness of emails, which can help improve email deliverability and reduce the risk of phishing attacks.
When your MPC local unit is lost, and you forget the password of the cold storage unit, then you can send an email in the specified format to our server through your email. We will determine your identity through the DKIM signature of your email and send the signature to the contract verification to replace the new MPC private key.
Using DKIM as a method for the social recovery of contract accounts has several benefits, including enhanced security and trustworthiness. DKIM can prevent fraud by verifying the sender’s identity and the message content. This means that if someone tries to use a fake account to recover a social account, DKIM can easily detect and block this behavior. Additionally, DKIM can prevent security threats like phishing and malware by detecting and intercepting fraudulent or deceptive emails. In summary, using DKIM as a method for the social recovery of contract accounts can provide enhanced security, reduce risk, and increase user trust.
Enhance Privacy to Enhance Security
Using zero-knowledge proof (ZKP) technology to hide the relationship between email addresses and contract accounts eliminates the possibility of attackers discovering the sender’s true identity. Attackers will not know which email address corresponds to which specific contract account, making it virtually impossible for them to carry out phishing or other fraudulent activities. This increased privacy, and protection ensures that users and their accounts remain secure while still allowing for proper authentication by using DKIM headers.
Combining ZKP technology with DKIM verification ensures that only legitimate emails from verified sources will be accepted by the contract. In addition, because the email address and contract account relationship is hidden through the use of ZKP technology, potential attackers will be unable to determine the sender’s true identity or bypass security measures by using fake email addresses. This enhances the overall security of the authentication process, providing a safe and trustworthy method for the social recovery of contract accounts.
What Does It Mean for Your Privacy and Security?
Ruby Protocol is on a mission to create solution after solution to address the issues of privacy and access control.
In our new chapter, Ruby V2, we are explicitly developing a full suite of cryptographic privacy and access control infrastructure, including a component called Ruby zkWallet, which will help us transition to Account Abstraction. It will be a series of steps, the first of which is to leverage and incorporate Multi-Party Computation (MPC) into our solution deck.
While there are differences between privacy and security, they are inextricably linked. One cannot exist without the other. While they each protect different aspects of data, they both have the same mission: to protect and safeguard.
With our MPC solution in place, we will add an extra layer of protection to user information through functional encryption. This method ensures that only authorized computing nodes will have access to specific pieces of data, limiting the possibility of data breaches and unauthorized access. The functional encryption process is designed to be easy to use, with its simple application reducing the likelihood of user error. This solution will give our users peace of mind regarding the safety and security of their personal and sensitive data.
Ruby Protocol is a programmable privacy & access control middleware framework encrypted with zero-knowledge proofs (zkp) algorithms.
Driven by abstract accounts, it builds an access control gateway across different entities and organizations in DeFi and Web3. The solutions and products include all kinds of private tokenization (zkToken, zkNFT, zkDID, etc), private payment bridge (zkConnect), authentication (zkAuth) and account/sub- account system (zkWallet), etc.