We live in a world of uncertainties, necessitating the need to prepare ourselves for several “what-if” scenarios. The same is true when trying to secure our IT solutions – we have to think through different possibilities and ensure implementation of effective mechanisms.

Blockchain is a technology that brings in some inherent security features to ensure the integrity of transactions and related data. Each blockchain protocol uses a different consensus mechanism to ensure the sanctity of the shared ledger. Blockchain relies heavily on public-private key infrastructure and cryptography to authenticate and securely handle transactions submitted by different parties. This raises some interesting “what-if” questions:

• What if your private keys get stolen and misused for signing blockchain transactions?
• What if the hacker impersonates your identity and posts transactions to blockchain on your behalf?
• What if you want to participate in a transaction but don’t want to reveal or share confidential information that represents your identity?

Security is a vast field and there can be several solutions, each with its own benefits and trade-offs. We will describe one such technique called “Secured Multi-Party Computation”, which is aligned to the decentralized and distributed model of blockchain.

What is Secured Multi-Party Computation?

In a democratic world, we rely on mechanisms in which all concerned parties are consulted and heard before important decisions are taken. Multi-Party Computation (MPC) imbibes this philosophy in which two or more parties jointly compute an output by combining their individual inputs. The combined computed output could be used for taking important actions such as executing transactions on blockchain. MPC also ensures that the private inputs of each party are kept confidential, thus adding another dimension of Zero Knowledge Proof (ZKP) as described in one of my earlier blogs Establishing Blockchain Privacy through Zero Knowledge Proof.

MPC solutions must adhere to two main principles:

• Input privacy – the private data held by parties collaborating to build a combined output cannot be inferred or deduced
• Correctness – the output obtained is always correct and parties should not be able to influence an incorrect output

MPC works on the assumption that all concerned parties can communicate on a secured and reliable channel. Each party exchanges an encrypted version of their private input, which undergoes computational operations to build the desired output. MPC systems also need to consider that certain parties can be dishonest (adversaries) and the implementation complexity is directly proportional to the type of adversaries (partially or fully dishonest) expected in a particular use case.

How can MPC help secure blockchain solutions?

Some of the key use cases where MPC can help enhance the security and privacy of blockchain-based solutions are:

• Protecting identity wallets – Blockchain transactions are signed by the end users using their private keys, which represent the identity of the person or entity who is submitting the transaction. The loss or theft of the private key can have a huge impact. And that’s where MPC can help - by sharding of keys and reconstructing it dynamically by combining the input of all parties. So, even if one party is compromised, the blockchain transaction can’t be executed using that shard alone. This approach is more secure than using HSM (Hardware Security Module), which is used to store and protect private keys.
• High-value transactions – There are several scenarios that involve high-value transactions in which multiple parties must provide their consent/approval before the transaction is executed. MPC can be used in tandem with this approval workflow to ensure that the output constructed from each participant’s private input will be required to process the transaction on blockchain. This can be further augmented by taking “M of N” approach where at least M participants out of a total of N need to provide their private input. Another alternative of this approach is to use multi-sig (multiple signature addresses), which is available in a few blockchain protocols. However, MPC is entirely a software-based solution and is platform agnostic.
• Transaction privacy & confidentiality – Typically, blockchain protocols rely on broadcasting of transactions to all participating nodes for obtaining consensus and distributing the copy of ledger. In certain scenarios, that involves confidential data and/or computations, where this model can pose challenges. Such transactions can be offloaded from blockchain and processed via MPC and the transaction receipt is captured on blockchain as proof, which can be verified at any point.

When blockchain and MPC come together

MPC provides a model to enable privacy and distributed trust to secure blockchain solutions. Implementing MPC using blockchain can ensure that all MPC transactions are recorded as timestamped source of truth on blockchain. Blockchain also introduces fairness as the output computed by MPC that can be published on the shared ledger to ensure all participants receive it simultaneously.

Let’s consider a real-life use case of reserved or sealed bid auctions in which each bidding party can submit multiple bids till the auction ends. Each bid has confidential information such as the bid amount, which can’t be revealed to other participants during or even after the auction. Over the last few years, MPC has been leveraged for solving this type of use case but blockchain can be introduced to bring in fairness and transparency.

Here is how a system with blockchain and MPC will work:

• All participants and the MPC module will members of a blockchain network, either as individual nodes or interact with blockchain via their dedicated identity wallet applications.
• MPC module will generate a random string for each participant, and encrypt it using each participant’s public key and publish it on blockchain.
• Each participant receives the encrypted string via smart contract events. They will decrypt the string using their private keys and use it to mask their bid amount.
• The masked bid amount will be encrypted using MPC’s public key and will be published on blockchain so that the action of bid submission is timestamped and recorded immutably.
• MPC module receives the masked bids from all participants via smart contract events.
• MPC module performs computations to determine the highest bid by cut-off time.
• MPC module creates an encryption key by combining each participant’s encryption string. This encryption key is used to encode the auction result.
• The encoded result of auction will be received by participants on real-time basis via smart contracts.
• All participants who have the earlier encrypted strings published on blockchain will be able to decode the result of the auction.

The above sequence of actions ensures that all auction related activities are recorded on blockchain for complete transparency. The MPC module ensures that the confidential bid amount is not revealed and only authorized participants of blockchain are able to transact, and malicious usage is prevented.

Toward more secure and transparent transactions

Secured Multi-Party Computation and blockchain are technologies that have inherent capabilities of supporting a distributed, multi-party ecosystem. MPC provides certain security and privacy features which are missing in some of the blockchain protocols, whereas blockchain provides a level playing field in which the MPC transactions themselves have an immutable representation. In recent years, MPC has evolved to support efficient computations and has been cited by Gartner but the awareness of its true potential and large-scale adoption is yet to happen.

There are plenty of ways to enhance security & privacy of blockchain solutions. Looking for more information? Reach out to us @ ask.blockchain@wipro.com

Hitarshi Buch

Chief Architect, Distinguished Member of Technical Staff, CTO Office, Wipro

Hitarshi has 20 years of experience in IT architecture, consulting, design, and implementation using blockchain, API, SOA, BPM and Java/J2EE technologies. He has led several IT transformation and modernization initiatives and has provided enterprise-wide SOA-based solutions to global clients. In his current role, he leads the Center of Excellence initiatives in the Blockchain practice. He can be reached at hitarshi.buch@wipro.com