Waymont

The Risks of MPC and the Shift to Smart Contract Wallets

waymont@newsletter.paragraph.com (Waymont) — Tue, 18 Jul 2023 18:57:59 GMT

Self-custody sucks right now. Default solutions like Ledger, Metamask, and other externally owned accounts (EOAs) leave crypto-natives struggling with real problems.

As a user, you must:

Figure out how to protect your seed phrase. If an attacker gets access to your 24-word seed phrase they can steal all of your assets.
Avoid making mistakes while transacting. Signing malicious transactions or sending assets to the wrong address is too common.
Build custom recovery and inheritance plans. In the case that you or your next of kin can’t access your seed phrase.

Multi-party computation (MPC) and smart contract wallets are both solutions that can help solve these problems. They allow wallet providers to build things on top of EOAs like social recovery, transaction limits, 2FA and more. At Waymont, we started with MPC. On the surface, it seemed flexible and efficient. As we went deeper though, we found some security gaps and attack vectors inherent to MPC that we couldn’t deny.

Ultimately, we decided to shift our infrastructure to Safe's smart contracts, which now secure over $100 billion in assets. This blog post will detail: 1) how MPC wallets work 2) the problems we found with MPC and 3) our shift to smart contracts.

1) How MPC wallets work

At a high-level, a MPC wallet generates a private key that is pre-divided into key shares and distributed among different parties. These key shares can sign a transaction independently and the off-chain signatures from each key share can combine to form a single valid Ethereum signature.

MPC models are typically similar, but vary in terms of who holds your key shares.

Centralized MPC: All key shares are controlled by a single entity (e.g. Coinbase) but processed in isolated & secure cloud environments. This method is often used by institutional custody providers for operational efficiency; but it can leave assets vulnerable to attacks from insiders and single points of failure. It may also require the provider to register as a legal custodian.
Hybrid MPC: Key shares are split between the user, wallet provider, and third-parties. This method is used by providers like Fireblocks and ZenGo so that you don’t have to trust a centralized provider to hold all of the key shares. While this provides more security, a centralized party still needs to distribute, manage, and revoke key shares securely.

2) Challenges with MPC Wallets

Regardless of the model you use, any MPC-based custody setup has three key problems.

Problem 1: You must trust a centralized party to coordinate signing and key generation securely

Any hybrid or centralized MPC setup inherently requires a trusted centralized party to secure one or more key shares (and potentially, backups of these key shares).

Securing these key shares requires complex and trusted cloud infrastructure. The complexity involved with distributed key generation, key rotation, and key revocation opens you up to risk of key share exposure through insider threats and man-in-the-middle attacks. Exposure of enough key shares will allow an attacker to gain full control over your assets.

Problem 2: You must trust that old key shares are properly discarded during key revocation

If you wish to revoke access from an MPC signer, you will need the ability to revoke keys and you will need to trust all parties to discard old key shares. Given the deterministic nature of cryptography, it can be challenging to revoke a key share. If a wallet provider’s key share infrastructure is compromised with a virus, the virus could remain dormant collecting old key shares on each key revocation until they have enough to drain all assets.

https://twitter.com/VitalikButerin/status/1674032447531495426?s=20

Problem 3: You must trust that your MPC algorithms have no vulnerabilities

MPC algorithms involve complex cryptography and algorithms are updated on occasion to unlock performance and capability improvements. Vulnerabilities have been found in industry-standard algorithms and implementation mistakes with MPC can lead to exploits resulting in a complete loss of funds.

For example, two recent vulnerabilities found in the cryptocurrency space include:

The private key information leakage found with GG18 and GG20 (the MPC algorithms used by Fireblocks between 2019-2021)
The recent vulnerability found in BitGo’s MPC implementation that would have allowed a hacker to gain complete access to your funds with only a single signature

3) Smart Contracts > MPC-based Wallets

Switching to a smart contract solution (Safe) allowed us to eliminate each of the problems we were concerned about:

Problem 1: You must trust a centralized party to coordinate signing and key generation securely.

Safe’s solution: Transparent + verifiable signing and key generation. Your Waymont Vault is a 2-of-2 Safe multisig. You can verify, on-chain, that Signer 1 is your enrolled mobile device and Signer 2 is your Waymont Policy Guardian. Waymont never holds any key shares that, if exposed, could initiate a transaction and endanger your assets.

Problem 2: You must trust that old key shares are properly discarded during key revocation

Safe’s solution: You can freely rotate, remove, and add signers on-chain. There is no need for key shares to be discarded and no risk of a malicious party accumulating old key shares.

Problem 3: You must trust that your MPC algorithms have no vulnerabilities

Safe’s solution: Safe’s smart contracts secure over $100 billion in assets. Since 2018, the Safe smart contracts have passed the highest possible security standards in the industry including Formal Verification and excelled in 11+ security audits.

Using Safe is not without trade offs though. By optimizing for security, we accept increased gas costs and being locked into EVM chains for the time-being. We think this trade is a no-brainer. Our absolute priority is security. Smart contracts also enable additional capabilities which benefit our users:

On-chain time-locks - Timelocks for recovery and delayed actions which can be canceled by the user
Batched transactions - Users can batch together transactions to save on gas
Sponsored transactions - Other parties can sponsor transactions for the user (also pay gas with any ERC20 token)
Programmable security - On-chain key rotation and programmable key management (e.g. have transactions over $10K require additional or different signing keys)

MPC likely still has a role in the future of self-custody. It may make sense for institutions who want to work with a custodian. Or as noted by Lukas Schor, the founder of Safe, MPC could be used as a solution for improving the security of a smart contract wallet’s signing keys.

https://twitter.com/SchorLukas/status/1674128171988406274?s=20

Ultimately, an MPC setup can be secure with the right implementation. But as noted above, MPC requires inherent trust assumptions and introduces risk vectors that Waymont and most of our crypto-native users would rather avoid. Therefore, Waymont is confidently secured today by the Safe smart contracts alongside with $100B of other assets.

Acknowledgments: Kaito (Utopia Labs), Richard Chen (1confirmation), James Folkestad (Waymont), Jai Bhavnani (Waymont), David Lucid (Waymont), Yao (Waymont)

The information provided in this Post about Waymont Holdings, Inc. (“Waymont” or the “Company”), its crypto-assets, business assets, strategy, and operations, is for general informational purposes only and is not a formal offer to sell or a solicitation of an offer to buy any securities, options, futures, or other derivatives related to securities in any jurisdiction and its content is not prescribed by securities laws. Information contained in this Post should not be relied upon as advice to buy or sell or hold such securities or as an offer to sell such securities. This Post does not consider nor provide any tax, legal, or investment advice or opinion regarding any person's specific investment objectives or financial situation. Waymont and its agents, advisors, directors, officers, employees, and shareholders make no representation or warranties, expressed or implied, regarding the accuracy of such information. Waymont expressly disclaims any liability that may be based on such information or errors or omissions thereof. Waymont reserves the right to amend or replace the information contained herein, in part or entirely, at any time and undertakes no obligation to provide the recipient with access to the amended information or to notify the recipient thereof. The information in this Post supersedes any prior Post or conversation concerning the same, similar, or related information. Any information, representations, or statements not contained herein shall not be relied upon for any purpose. Neither Waymont nor its representatives shall have any liability whatsoever, under contract, tort, trust, or otherwise, to you or any person resulting from using the information in this Post by you or any of your representatives or for omissions from the information in this Post. Additionally, the Company undertakes no obligation to comment on the expectations or statements made by third parties regarding the matters discussed in this Post.

Introducing Waymont Private Custody

waymont@newsletter.paragraph.com (Waymont) — Mon, 24 Apr 2023 20:24:37 GMT

Satoshi Nakamoto sparked a revolution that gave birth to a world of endless possibilities.

In this world, fearless pioneers and visionary innovators escape the limitations of traditional systems - and often create wealth along the way.

Waymont is a crypto-native wealth platform built to empower these unique individuals. Today, we proudly reveal our flagship solution: Waymont Private Custody - a complete, transformative self-custody solution built for HNWIs.

Waymont Private Custody offers unprecedented security and flexibility, delivered in one platform that’s powerful yet simple to use.

What is Waymont Private Custody?

The Problem: Self-custody is intimidating and burdensome.

Speed, safety, and self-custody in digital markets aren't just nice to have; they're necessary. Yet current tools are insufficient. In hundreds of conversations with crypto-natives, we heard two things:

Self-custody is intimidating: HNWIs stress about risks like hacks, physical threats, inheritance planning, hardware failure, recovery plans, loss, and accidents–to name a few. Lost keys or recovery phrases are often permanent.

Self-custody is burdensome: Setups are often inefficient and inaccessible. Traveling safely, managing assets across platforms, and hardware connectivity issues are draining.

This detracts from your ability to prioritize what matters and succeed on-chain.

The Solution: Self-custody without drawbacks.

Waymont Private Custody is a self-custody platform without drawbacks. We work with each client to create Vaults secured by transaction policies, biometric authentication, and hassle-free recovery to navigate crypto—simpler, safer, and faster.

Access your Waymont Vaults via Waymont Mobile, Waymont Extension, or Waymont Web.

Waymont Suite: Waymont Extension, Waymont Web & Waymont Mobile

Onboarding: You start your Waymont experience with a comprehensive 1-hour onboarding session. Our team helps you to customize your transaction policies and recovery procedures.

Transaction Policies: As a Waymont client, you can customize your transaction policy easily to include:

Address whitelists
Transaction amount limits
IP address restrictions
Time of day limitations
And much more, limited only by your imagination

When a transaction is signed, it is instantly confirmed against your policies and relayed to the blockchain if compliant. Transaction policies are time-locked and must be approved via biometrics, providing security if a Trusted Device is lost or stolen.

Account Recovery: In addition, you can customize how to quickly recover your account in the event of loss or theft of your account. Waymont supports:

Social recovery: Easily enroll non-technical friends, family, and trusted parties via email, and retrieve your Waymont account via n-of-m social recovery.
Crypto recovery: Enroll your existing crypto addresses as guardians.
Dead man’s switch recovery: Enable specific addresses to recover your account after a predetermined period.

Maximum Security & Usability: You’ll also be able to leverage features such as:

Human-readable transactions for easy verification
Instant biometric authentication via Waymont Mobile
Compatibility with your favorite dApps and wallets, including Zerion, Zapper, and Debank
Built-in fraud-detection and risk alerts
And more coming soon!

All in two simple steps. Transact effortlessly by:

Initiate transaction via Waymont Web or Extension
Approve on a Waymont Trusted Device

All transactions undergo policy and fraud detection checks before being relayed to the blockchain.

A visual preview of the Waymont Private Custody stack

Waymont Club & Concierge

In addition to Waymont Private Custody, our clients benefit from the following.

Waymont Club: Access deals, partners, and a network of exceptional crypto-natives to help you achieve your goals. ‍
Waymont Concierge: High-touch service tailored to your unique needs (ie. sourcing liquidity, physical and digital security, and Private Custody support)

These opportunities are gradually rolling out to clients.

Learn more

Joining Waymont

If you're interested in joining Waymont and experiencing Waymont Private Custody firsthand, please connect with a team member to learn more. View membership requirements here.

Security

Security is our top priority at Waymont. We build simple, transparent, layered security systems for with best-in-class safety. Our experienced team has navigated crypto’s complexities for years and is a venture-backed startup. Waymont Private Custody has been audited by industry-leading Trail of Bits and Least Authority. Additionally, Waymont Private Custody may work with insurance partners to underwrite deposits on behalf of clients.

Thanks for reading; we hope you have a fantastic week!