Sometimes the crypto community crowns a new king of secure transactions, and the last king appears to be multilateral, or MPC. This year saw the emergence of MPC acceptance of custodians and non-custodians, which rapidly gained momentum in the market.
However, this can come at a cost. MPC providers offer regulators a loophole in cryptocurrency transactions. As the industry becomes more and more dependent on MPC for security, this may ultimately jeopardize the principles of decentralization and resistance to censorship.
Hidden MPC Features
To determine where the risks are, let’s briefly summarize MPC and how it can be used. MPC technology, at its most basic level, involves dividing private keys into sectors and distributing them on different ends. Usually the customer has one major segment and the MPC provider has another. The goal is to improve security by ensuring that neither party has complete control over a particular transaction, which can only be achieved if both parties present their main chips.
MPC service providers usually think of their technology as a tool that only helps in securing transactions. It is sold on the following terms: “We have half the key, you have the other half, but you are the owner – only you decide when and where the funds are transferred. You can also withdraw all your money from our account whenever you want.”
But in reality this is not entirely true. MPC Service Providers act as intermediaries whose approval is required to complete the transaction.
In this sense, MPC providers play an almost identical role to banking, and the blockchain plays the role of a SWIFT system. You can replace the sending bank with a third-party MPC service provider and replace the SWIFT system with a blockchain system. The only difference here is the way the sender sends the payment. In the case of a bank, the sender directs the bank to release the funds; With the MPC supplier, the sender and the supplier sign the transaction together. Both ends provide a partial key, which is then passed onto the blockchain by the MPC service provider.
It can be said that there is a huge difference between banks and MPC providers that is not taken into account in this comparison: banks can freeze funds and even forfeit them. The problem, however, is that MPC’s vendors also have such back doors.
There is no argument here that MPC suppliers are just villains who want to take their money away from their customers. As reputable professional companies that do business with organizations, they must fulfill the basic requirements of their clients – the cryptocurrency can be recovered if someone loses the key.
Private key security has always been a constant point for organizations and crypto companies. Thus, being able to recover money in the event of a key loss is absolutely essential for all companies that claim to provide secure crypto storage. Imagine a bank that does not allow you to recover a forgotten password, it is only telling you that if you lose your password, your money will be gone forever.
Here’s the regulator
In light of their third-party liability for client funds, it is clear that MPC’s suppliers provide a loophole for regulatory intervention. Finally, this means that MPC companies can play the same role as banks.
If the legal authority asks the MPC service provider to stop the transaction, it will be forced to do so. Additionally, if MPC providers allow users to recover lost keys, that means the regulator can also file a withdrawal claim. Again, assuming this is a legally binding request, the supplier will have to comply if it wants to continue its business.
This is not just an exaggeration. The organizers are already here. In June 2019, the Financial Action Task Force on Money Laundering (FATF) approved an initiative to regulate virtual assets and virtual property managers. While overall compliance remains low, we can be confident that FATF will continue to expand its network until all virtual asset providers are included.
While the cryptocurrency community focuses on how exchanges manage FATF regulation, MPC providers fit perfectly into the profile of a virtual asset service provider that manages and transfers client funds in the same way as a bank transfer. The same regulations apply to all companies that directly or indirectly own, manage, or control virtual assets.
It follows that these rules create the same MPC expectations as those currently used in the banking system. Finally, this could mean that large transactions must be reported to regulators, and customers are subject to the same bank account requirements.
Conventional banks to launch MPC?
If additional evidence is needed, we just need to look at the large banks who have already realized that MPC technology provides benefits consistent with their existing compliance framework. Citibank A.