Multisignature vs MPC

Overview

In 2013, BitGo pioneered multisignature signature protocol for bitcoin wallets. Since then, BitGo expanded multisignature support to other UTXO-based assets and even account-based assets, by means of smart-contract wallets. More recently, BitGo enabled support for the multi-party computation (MPC) signature protocol for account-based assets that natively support it. BitGo specifically uses threshold signature schemes (TSS) for all MPC wallets.

The signature protocol that a wallet uses is determined by the blockchain. Generally:

• Account-based assets mostly just use MPC, but some blockchains can use either MPC or multisignature.
• UTXO-based assets mostly just use multisignature (with a notable exception being Cardano, which only uses MPC)

Both signature protocols enable the same level of security by requiring multiple signatures to transact. However, their integrations differ due to differences in their key management and signing mechanisms.

MPC is a cryptographic technique that allows multiple parties to jointly sign without revealing their private key material to each other. The MPC signing process occurs off-chain and must be synchronous between cosigners. During the MPC signing process, no part of the transaction can change, so things like nonces must remain constant. Whereas, the multisignature signing process occurs on-chain and enables cosigners to sign asynchronously. During the multisignature signing process, certain parts of the unsigned transaction can change, with nonces being the most common.

Multisignature

• On-chain cryptography utilizing 3 keys (user, backup, and BitGo), each with a unique public key.
• Transactions require signatures from 2 of 3 keys.
• Signing is asynchronous between cosigners.
• Private keys exists in a complete, usable form (such as a 256-bit string for BTC).
• Keys are independent from each other.
• Each key holder has their own public key.
• Transactions can cost more since each signature needs to broadcast to the blockchain for verification.

MPC

• Off-chain cryptography utilizing 3 keyshares (user, backup, and BitGo), each sharing the same public key.
• You can shard each keyshare up to 99 times.
• Transactions require signatures from 2 of 3 keyshares.
• Transaction signing is synchronous between cosigners.
• Private keys doesn't exist in a complete form - it only exists in pieces called keyshares.
• Key creation is a multi-step process, requiring interactions between key holders.
• All key holders share the same public key.
• MPC cryptography occurs off chain.
• Transactions can cost less since only 1 signature is communicated on the blockchain.
• EdDSA is MPCv1 in BitGo code.
• ECDSA is MPCv2 in BitGo code.

Note: Keyshares, even when combined, never produce a viewable private a key. Keyshares with BitGo are distinctly different from key shards on other platforms. Standalone key sharding, can construct a viewable private key when the shards combine. However, BitGo enables key sharding as an additional layer of security on top of keyshares. Key shards at BitGo combine only to form a whole keyshare.

See Also

• BitGo Blog: Introducing BitGo TSS
• BitGo Wallet Types
• Wallet and Forwarder Versions
• Multi-party computation (MPC) Wallets
• Multisignature Smart-Contract Wallets