WaaS MPCKeyService

MPCKeyService APIs let you manage hierarchically determined (HD), multi-party computation (MPC)-based cryptographic keys.

To secure sharded cryptographic materials, the MPCKeyService is meant to be used with the WaaS SDK, a client-side React Native library. For iOS, the SDK uses iPhone Secure Enclave, and for Android, it uses hardware-backed keystore.

The MPCKeyService is the most complex of the WaaS APIs due to its distributed nature, and requires familiarity with a number of cryptographic constructs.

Important Concepts

Hierarchical Determinism (HD)

Hierarchical Determinism refers to an algorithmic approach for generating private/public cryptographic key-pairs. It is codified in Bitcoin Improvement Proposals, BIP-32 and BIP-44, and is widely adopted across a variety of products in the cryptocurrency landscape, most notably crypto wallets.

HD key derivation allows the distributed generation of a large number of child keys from a single source of randomness called the "seed." Child keys are generated in a tree structure, hence the terminology seed/child. Child keys generally provide no information about their parents so that the seed is all you need to store the entire set of keys. This is what is codified in the popular "mnemonic seed phrase", documented in BIP-39.

The keys generated with MPCKeyService are done in an HD manner. This behavior can be seen in the CreateMPCKey API.

Multi-Party Computation (MPC)

Multi-party computation refers to a class of distributed algorithms that allows a set of participants to jointly calculate a function over their inputs while keeping those inputs themselves private. This is a desirable property in the world of cryptocurrencies because the private key is the most critical point of vulnerability from a security perspective. MPC allows for the generation of cryptographic signatures (the input) without the full private key ever materializing (output), thereby drastically reducing the risk of the private key ever winding up in the hands of a malicious attacker.

Conceptually, the private key is "sharded" across N parties. These shards are sufficient to produce a signature for the underlying private key, as long as a threshold M of the N parties participate in the MPC. Such a set-up is known as a threshold signing scheme. WaaS APIs currently provide 2-of-2 threshold signing, wherein the end user holds a shard on their phone, and Coinbase holds a shard on their server. In the future, WaaS will provide arbitrary M-of-N threshold signing.

Long-running Operations (LROs)

Long-running operations are an engineering pattern for asynchronous APIs defined by Google's AIP-151. They provide a standardized API for polling the status of an operation that may take a significant amount of time to complete.

MPCKeyService APIs make heavy use of LROs, as well as its cousin, the MPCOperation. These constructs are required because MPCOperations cannot complete until both parties have participated in the computation, and there is no guarantee when the end user will participate. (Coinbase servers are continuously polling for MPC operations to participate in, and will do so as soon as one is detected.)

It is worth familiarizing oneself with the LRO standard to be able to use the MPCKeyService APIs fluently.

Resources

The table below summarizes the resources managed by MPCKeyService.

Resource	Description	Resource Name
Device	A device holds a seed share to participate in MPC operations	devices/{deviceID}
DeviceGroup	Set of devices with shares to the same seed to participate in MPC ops	pools/{poolID}/deviceGroups/{deviceGroupID}
MPCKey	Private/public cryptographic key pair used to generate signatures	pools/{poolID}/deviceGroups/{deviceGroupID}/mpcKeys/{mpcKeyID}
Signature	Output of digital sig algorithm using a priv/pub key pair and payload	pools/{poolID}/deviceGroups/{deviceGroupID}/mpcKeys/{mpcKeyID}/signatures/{signatureID}

Recommended Set-Up

See Proxy Server for our recommended setup.

Generating Signatures

End-to-end steps required to generate a signature using MPC.

1. Allocate a Pool with CreatePool. You can invoke the API from a server using our client libraries, or from the application using the WaaS SDK.

2. Initialize the device via the WaaS SDK, with the following steps:

   a. initMPCKeyService
   b. bootstrapDevice - a one-time operation to configure the Device for WaaS usage.
   c. getRegistrationData - get the registration data required to register the Device with WaaS servers.

3. RegisterDevice using the registration data from step 2. You can invoke the API from a server using our client libraries, or from the application using the WaaS SDK.

4. CreateDeviceGroup with the Pool (from step 1) as parent and the registered device as the only member of the DeviceGroup. You can invoke the API from a server using our client libraries, or from the application using the WaaS SDK.

5. Use ListMPCOperations to poll for the CreateDeviceGroup operation with the device group as parent. You should be invoke this from the application using the WaaS SDK.

info

There can be a delay between when an MPC operation is created and when it materalizes in polling via ListMPCOperations.

6. Compute the MPC operation in the application using the WaaS SDK. Once this is done, the LRO method GetOperation should return done == true and the DeviceGroup should be ready to use.

7. Create an MPCKey with the above Pool as parent, and DeviceGroup as attributes using CreateMPCKey. This can be invoked from a server using our client libraries.

8. Create a Signature with the above key as parent using CreateSignature. This can be invoked from a server using our client libraries, or from the application using the WaaS SDK.

9. Use ListMPCOperations to poll for the CreateSignature operation with the DeviceGroup as parent. You should be invoke this from the application using the WaaS SDK.

10. Compute the MPC Operation in the application using the WaaS SDK. Once this is done, the LRO method GetOperation should return done == true and GetSignature should return the computed signature.