What is MPC? Multi Party Computation Explained

01 Definition

What is Multi Party Computation?

Multi Party Computation (MPC) is a branch of cryptography that enables multiple parties to jointly compute a function over their private inputs without revealing those inputs to one another. Applied to digital asset security, MPC allows a private key to be generated and used for signing transactions without that key ever existing in one place.

Traditional private key management requires a complete key to be stored somewhere on a hardware wallet, in a HSM, or on a server. This creates a single point of failure. MPC fundamentally eliminates this weakness.

Simple analogy: Think of a safety deposit box that requires three keys except with MPC, the "three keys" are mathematical shares that sign transactions cooperatively, and the original key is never assembled in one place at any point.

MPC originated in academic cryptography research in the 1980s, pioneered by Andrew Yao's work on secure multi party computation. Its practical application to blockchain private key management emerged as the crypto industry scaled.

02 Mechanics

How MPC Works

MPC for key management uses a cryptographic protocol called Distributed Key Generation (DKG). The key is never assembled shares are created across parties simultaneously, and signing happens through collaborative computation.

1

Distributed Key Generation (DKG)

Instead of generating a single private key and splitting it, MPC uses a DKG protocol where multiple parties each generate a random secret share simultaneously. The corresponding private key never exists as a single value anywhere.

2

Secure Share Storage

Each key share is stored in an isolated secure environment typically a Hardware Security Module (HSM) or Trusted Execution Environment (TEE). Shares are held by different parties: the user's device, Finstream's infrastructure, and a backup enclave.

3

Transaction Initiation

When a transaction needs signing, the system initiates an MPC signing session. Transaction details are distributed to each party holding a key share. Policy rules are evaluated at this stage before signing proceeds.

4

Threshold Signing Protocol

Each party uses its share to produce a partial signature. These are combined using cryptographic protocols (GG20, CGGMP21) to produce a single valid signature. At no point does any party see another's share or the reconstructed private key.

5

Broadcast & Settlement

The completed signature is broadcast to the blockchain. From the network's perspective, it looks identical to one signed by a standard private key fully compatible with EVM chains, Bitcoin, Solana, and more.

03 Threshold Schemes

Threshold Signatures: t of n

MPC wallets operate on a threshold signature scheme, expressed as t of n: out of n total key shares, any t shares are sufficient to produce a valid signature. In a 2 of 3 scheme three shares exist, but only two are needed to sign.

Institutional deployments commonly use 2 of 3 for operational wallets and 3 of 5 for cold/vault storage.

Threshold scheme 2 of 3 example

Scenario A

S1

S2

S3 offline

✓ Signs

Scenario B

S1

S2 offline

S3

✓ Signs

Scenario C

S1 offline

S2 stolen

S3

✗ Blocked

Key insight: In Scenario C, even if an attacker steals one share (S2), they cannot sign a transaction. A stolen key share is worthless without the others.

04 Comparison

MPC vs. Traditional Key Management

How MPC compares against hardware wallets, HSMs, and on chain multisig.

Feature	Hardware Wallet	HSM (Single)	On Chain Multisig	MPC (Finstream)
No single point of failure	✗	✗	✓	✓
Key never reconstructed	✗	✗	✓	✓
No on chain footprint	✓	✓	✗ On chain costs	✓
Cross chain compatibility	~ Limited	~ Custom	✗ Chain specific	✓ 50+ chains
Scalable to 1M+ wallets	✗	~ Expensive	~ Gas costs	✓
Key rotation without migration	✗	✗	✗	✓
Insurance available	✗	~ Limited	✗	✓ Specie

05 Advantages

Key Benefits of MPC

🛡️

Eliminates Single Points of Failure

Private key shards are distributed across geographically isolated enclaves. A breach of any single location yields nothing usable.

🔓

Key Never Exists in Full

DKG based MPC ensures the private key is never assembled at any point not during generation, not during signing.

⚙️

Flexible Threshold Policies

Configure t of n schemes to match your risk profile. Hot wallets use 2 of 3 for speed; cold vaults enforce 3 of 5 for security.

🔄

Key Rotation Without Migration

MPC shares can be refreshed cryptographically without changing the public key. No gas costs, no address migration.

🌍

Blockchain Agnostic

MPC supports ECDSA, EdDSA, and Schnorr signatures, giving coverage across 50+ chains from a single infrastructure.

📈

Scales to Any Volume

Software based MPC eliminates hardware bottlenecks. Finstream supports organizations from startup scale to hundreds of millions of wallets.

06 Applications

MPC Use Cases

Where MPC is deployed across the digital asset industry.

🏭

Institutional Custody

Banks, asset managers, and exchanges use MPC to custody client digital assets at scale replacing cold storage hardware with distributed, policy controlled vaults.

📱

Consumer Wallets

Non custodial wallets use MPC to give users self custody without seed phrases. One share lives on device, one with the provider users can recover even if they lose their phone.

🏛️

DeFi Treasury Management

DAOs and DeFi protocols use MPC with policy engines to enforce multi approver workflows on treasury transactions eliminating single admin risk.

💳

Payment Infrastructure

Fintechs processing high volume crypto payments use MPC hot wallets to maintain transaction speed while distributing key risk across independent compute nodes.

🖼️

NFT Platforms & Marketplaces

Platforms securing user NFT collections deploy MPC wallets for seamless signing of marketplace transactions without exposing full private keys.

🏠

Real World Asset Tokenization

Regulated institutions tokenizing securities require custody solutions with audit trails, policy controls, and insurance all native to MPC infrastructure.

07 Our Implementation

MPC at Finstream

Finstream's MPC infrastructure is built on state of the art threshold signature protocols and has been battle tested in production for over five years, securing $4 trillion in transactions across more than 1,800 organizations globally.

Our implementation combines MPC with layered hardware security leveraging HSMs and Trusted Execution Environments (TEEs) achieving CCSS Level III, the highest tier of the Cryptocurrency Security Standard.

🏗️

Geographic Distribution

Key shares stored in isolated data centres across multiple jurisdictions. No single regulatory event can compromise more than one share.

📌

Policy Engine Integration

Every signing session passes through our configurable policy engine spend limits, address whitelists, time locks, and multi approver workflows.

📄

Full Audit Trail

Every key share access and signing request is logged with cryptographic proof ready for SOC 2 and regulatory review.

🔧

Proactive Share Refresh

Our system automatically refreshes key shares on a scheduled basis, ensuring any previously compromised share is rendered invalid.

🏰

HSM Backed Enclaves

All key shares reside in FIPS 140 2 Level 3 certified HSMs, with shares never exposed to the host operating system.

😊

Non Custodial Option

For consumer wallets, users retain one key share on their own device, making the wallet non custodial by design.

Explore Finstream's Wallet Solutions

Direct Custody SolutionBusiness controlled wallets at scale

→

Non Custodial WalletsUser controlled keys via MPC

→

Create a WalletGet started with MPC infrastructure

→

Talk to an ExpertDiscuss your security requirements

→

08 FAQ

Frequently Asked Questions

Is MPC the same as multisig?

No they are different approaches. On chain multisig uses multiple separate private keys and enforces requirements through smart contract logic, leaving a visible on chain footprint with extra gas costs.

MPC performs threshold computation off chain, producing a single standard signature with no on chain logic required and full cross chain compatibility.

Can the private key ever be reconstructed in one place?

No not with a properly implemented MPC system using Distributed Key Generation (DKG). The private key is never assembled at any point. Each party generates its share independently, and signing happens through cooperative computation with no party ever seeing the full key.

What happens if one party in an MPC scheme goes offline?

This is handled by the threshold scheme. In a 2 of 3 setup, you can sign transactions with any two of the three parties so if one goes offline, the remaining two can still operate normally. Finstream maintains geographically distributed backup enclaves to ensure availability.

Does MPC work with all blockchains?

Yes MPC is signature scheme agnostic. It supports ECDSA (Bitcoin, Ethereum), EdDSA (Solana, Cardano), and Schnorr signatures. The output is a standard cryptographic signature, fully compatible with any blockchain using these schemes. Finstream currently supports 50+ blockchains.

How does MPC handle key recovery if I lose access to a share?

MPC supports proactive share refresh using the remaining quorum of shares, the system generates a new set of shares (same public key, same wallet address) that renders any lost share useless. No assets need to be moved. For consumer wallets, Finstream provides social recovery options via identity verification.

What MPC protocols does Finstream use?

Finstream's MPC implementation is built on peer reviewed protocols including GG20 and CGGMP21 (Canetti Gennaro Goldfeder Makriyannis) for threshold ECDSA, and standard EdDSA threshold schemes for Solana and related chains. All protocols have undergone external cryptographic audit by leading security firms.