Understanding the security measures in Coinbase’s multiparty computation implementation
In the realm of digital asset management, the challenge of creating a secure and user-friendly wallet service has been a persistent hurdle.
In response to this, Coinbase has developed a wallet as a service (WaaS) solution, which employs the advanced cryptographic method known as multiparty computation (MPC) to address key management issues in blockchain and cryptocurrency applications.
This information is detailed in a whitepaper authored by Yehuda Lindell, a computer science professor at Bar-Ilan University (currently on leave) and the head of the cryptography team at Coinbase. Lindell’s extensive background in cryptography, both in academia and industry, lends significant credibility to this work.
The whitepaper highlights how MPC allows for a web2-like experience within a web3 infrastructure. The Coinbase WaaS aims to make cryptocurrencies, blockchain, and web3 technology accessible to all. This necessitates that everyone has a wallet and that the private keys for these wallets are secure.
While the Centralized Exchange (CEX) model offers a good user experience, it doesn’t allow users to have complete control over their assets. The traditional self-custody model, where users hold and protect their private keys allows for that but can be overly burdensome — especially for new users.
Users often opt out when they have to securely store mnemonics, with the risk of losing everything if they fail to do so properly.
MPC offers a solution that combines the usability and security of an exchange without compromising on self-custody. This paves the way for mass adoption, where users don’t need to be technically or crypto-savvy to install and operate a self-custody wallet.
The system works by dividing the key between the user’s wallet and a Coinbase server, enabling signatures on transactions to be generated without ever consolidating the key. Consequently, if the key share used for signing transactions is stolen from a user’s device, the user’s key cannot be stolen, as a single share is useless without the other.
Similarly, Coinbase cannot generate a signature without the user since they also only hold one share. This ensures that Coinbase cannot control the user’s keys or funds.
WaaS addresses one of the most significant challenges in managing your own wallet: the private key backup. WaaS offers two backup types. The first, known as “Coinbase-aided backup,” involves the user storing their share of the private key (for example, in their cloud) while Coinbase stores the other share.
If the user loses their device, they can easily restore their wallet by reinstalling their app, downloading their share (for example, from their cloud), and authenticating to Coinbase (or the WaaS customer) to restore. This process mirrors the user experience of account or password reset, which most users are familiar with in web2 settings.
The second backup type, “self-custody backup,” allows the user (or WaaS customer) to hold both shares of the customer encrypted under a strong key (for example, in the user’s secure enclave on their phone).
These shares were never revealed at any point, and so are purportedly not vulnerable like wallets that work with mnemonics, but they enable a user to single-handedly control their keys, if they desire to.