How Confidential Space and multi-party computation can help manage digital assets more securely and efficiently
Managing digital windfall transactions and their often-competing requirements to be secure and timely can be daunting. Human errors can lead to millions in resources stuff instantly lost, expressly when managing your own encryption keys. This is where multi-party computation (MPC) can help reduce risk stemming from single points of compromise and facilitate instant, policy-compliant transactions. MPC has proven valuable to help secure digital windfall transactions considering it can simplify the user experience, and it can create operational efficiencies, while users retain tenancy over their private keys.
Google Cloud customers can implement MPC solutions with our new Confidential Space, which we introduced at Google Cloud Next in October. MPC enabled by Confidential Space can offer many benefits to safely manage and instantly transact digital assets:
Digital resources can be held online without requiring cold storage.
You can use an institutional-grade custody solution without having to requite up tenancy of your private keys.
Distributed parties can participate in a signing process that is both auditable and policy-compliant.
All parties can produce their signatures while not exposing secret material to other parties, including the MPC platform operator.
An individual private key represents a single point of failure in the digital windfall custody and signing process. In an MPC-compliant model, an individual private key is replaced with distributed key shares. Each key shareholder collaborates to sign a transaction, and all deportment performed by all parties are logged for offline auditing. No key holder exposes their key share to flipside key holder or to the platform operator. Unlike multi-signature, a single private key is not assembled or stored anywhere.
An attacker coming from outside the organization would need to compromise multiple parties wideness multiple distributed operating environments in order to get wangle to a key that can sign a transaction. MPC is resistant to insider attacks versus the platform operator or key holder considering no single key can sign a transaction and the operator can not wangle the key. Since multiple parties must come together to legitimatize and sign each transaction, MPC-based digital windfall custody solutions can largest facilitate governance. The solutions provide the worthiness to create and enforce policies that tenancy who must legitimatize transactions. This prevents a single malicious insider from stealing assets, including the party that owns the workload or a workload operator.
Because Confidential Space is built on our Confidential Computing platform, it leverages remote testament and AMD’s Secure Encrypted Virtualization (SEV). This allows us to offer a increasingly secure environment, fast performance, and seamless workload portability. This foundation can enable the MPC operator and co-signer workloads to run in a Trusted Execution Environment (TEE). Co-signers can have tenancy over how their keys are used and which workloads are authorized to act on them. Finally, with the hardened version of Container-Optimized OS (COS), Confidential Space blocks the workload operator from influencing the signing workload.
Deploying MPC on Confidential Space provides the pursuit differentiated benefits:
Isolation: Ensures that external parties cannot interfere with the execution of the transaction signing process.
Confidentiality: Ensures that the MPC platform operator has no worthiness to wangle the key material.
Verifiable attestations: Allows co-signers to verify the identity and integrity of the MPC operator’s workload surpassing providing a signature.
“MPC solutions will wilt increasingly essential as blockchains protract to support increasingly hair-trigger infrastructure within the global financial system,” said Jack Zampolin, CEO of Strangelove Labs.“As a cadre developer towers and hosting hair-trigger infrastructure in the rapidly growing Cosmos ecosystem, MPC-compliant systems are an important focus zone for Strangelove. We are excited to expand our relationship with Google Cloud by towers out key management integrations with our highly misogynist threshold signer, Horcrux.”
In 2022 the Web3 polity prestigious the Ethereum merge, one of several engineering advancements that can encourage applications of MPC. For example, MPC could be used for the efficient management of Ethereum validator keys. To learn increasingly well-nigh MPC and Web3 with Google Cloud, please reach out to your worth team. If you’d like to try Confidential Space, you can take it for a spin today.
We’d like to thank Atul Luykx and Ross Nicoll, software engineers, and Nelly Porter and Rene Kolga, product managers, for their contributions to this post.