The Future of Crypto Wallets: MPC, Multisig or Smart Wallets?
Introduction
Multisig crypto wallets have been around for a long time. Vitalik Buterin wrote an article for the Bitcoin Magazine in 2014 titled “Bitcoin Multisig Wallet: The Future of Bitcoin.” However, in the 10 years since then multisig wallets have failed to become mainstream.
We believe multi-key wallets strike the best balance between security and convenience for normal users for everyday use and have started mapping out a detailed framework which backs up this conclusion. In this article we explore the different technologies that can be used to build a multi-factor crypto wallet.
Multisig Technologies
Traditional Multisig
Multisignature (multisig) addresses were added to Bitcoin in 2011. While standard Bitcoin addresses require one private key to send funds, multisig addresses need multiple keys. The most common formats are "2-of-2" and "2-of-3" multisig. A 2-of-2 setup requires both keys to approve transactions, with each key typically being backed up. In a 2-of-3 setup, any two out of three designated private keys must approve a transaction. This design serves two key purposes: it prevents a single compromised key from leading to lost funds, while also ensuring funds remain accessible if one key is lost.
Advantages:
- Protocol-Level Security: Built-in multisig functionality operates at the protocol level, eliminating smart contract risks and providing battle-tested security that has proven reliable for over a decade. The simple implementation means there are fewer points of failure compared to smart contract or MPC-based solutions.
- Transparent Verification: Users can independently verify their wallet setup on the blockchain, as the multisig address and its requirements are publicly visible. This allows for straightforward auditing and confirmation that the wallet is configured correctly.
Drawbacks:
- High Transaction Costs: Multisig transactions are larger than standard transactions due to multiple signatures, resulting in higher network fees. During periods of network congestion, these increased costs can make routine transactions prohibitively expensive.
- Poor User Experience: Despite their technical elegance, built-in multisig solutions often suffer from limited wallet support and complicated interfaces. Users need specialized software to manage multisig addresses, and coordinating between multiple signers adds friction to every transaction. This drawback can be seen as an issue with the implementations and not necessarily the technology. There are implementations that have made significant user experience improvements, like Blockstream Green.
- Cross-Chain Limitations: Protocol-level multisig implementations are blockchain-specific, with Bitcoin's implementation differing from those on Stellar, Ripple, and other chains. This fragmentation creates significant challenges for wallet providers and developers who need to build and maintain separate codebases and tools for each blockchain's unique multisig implementation.
First Generation Smart Contract Multisig
With Bitcoin, multisignature functionality is built into the protocol, but when Ethereum launched in 2015, multisignature functionality was not built in to the protocol. The reasoning for this is that since Ethereum is turing complete, developers can implement their own multisig functionality using smart contracts. Many newer blockchains like Solana have followed this design philosophy.
Advantages:
- Programmable Security: Smart contract wallets enable sophisticated security features beyond basic multisig, such as spending limits, account recovery mechanisms, and time-locked transactions. This flexibility allows wallet providers to implement user-friendly security features that aren't possible with protocol-level solutions.
- Unified User Experience: Since the wallet logic lives in smart contracts, users can interact with their wallet through standard interfaces like MetaMask or WalletConnect. The wallet address remains constant across different devices and apps, providing a more seamless experience compared to built-in multisig solutions that often require specialized software.
- Transparent Verification: The wallet's smart contract code is publicly visible on the blockchain, allowing users and auditors to verify the security logic and constraints. This transparency enables independent security reviews and helps users confirm that their wallet behaves exactly as intended.
Drawbacks:
- Security Risks: Smart contract wallets have a troubling history of catastrophic failures. The DAO hack in 2016 resulted in a $60 million loss and split Ethereum into two chains. Parity's multisig wallet faced even worse failures in 2017 - a $30 million hack followed by a bug that permanently froze $150 million in user funds. These incidents highlight the inherent risks of complex smart contract code.
- Cost and Complexity: Traditionally, smart wallets have suffered from high operational costs and poor user experience. Every action requires executing on-chain code, resulting in significant gas fees - especially for multisig transactions that need multiple approvals. During network congestion, even basic transfers can cost hundreds of dollars. The onboarding process itself is cumbersome, requiring users to first fund their wallet with ETH and wait for a smart contract deployment transaction to complete before they can even begin using the wallet and usually the address for the multisig wallet is different to the address they see in their main wallet app.
- Chain-Specific Development: Smart contract wallets require substantial development effort across different chains. Each blockchain uses different smart contract languages and frameworks, e.g. Ethereum uses Solidity while Solana uses Rust. The development overhead of supporting multiple chains can limit which blockchains a wallet provider can practically support.
Multi-Party Computation (MPC)
MPC has existed as a cryptographic concept since the 1980s, but its practical applications in cryptocurrency custody emerged much later. Unlike traditional multisig that requires multiple distinct signatures, MPC allows multiple parties to jointly compute a single valid signature without any party ever possessing the complete private key. This mathematical breakthrough enables new approaches to wallet security.
ZenGo made waves in 2019 as one of the first consumer crypto wallets to implement MPC technology. Their approach eliminated the concept of a private key entirely, instead using a two-party computation protocol between the user's device and ZenGo's servers to generate signatures. This provided a more user-friendly experience while maintaining strong security guarantees. Fireblocks later brought MPC to institutional custody, using a three-party computation model that distributes key shares across multiple geographic locations and security zones, enabling both security and operational efficiency for large-scale digital asset operations.
Advantages:
- Cross-Chain Compatibility: MPC works uniformly across different blockchains since it operates at the cryptographic level, below blockchain-specific implementations. This allows wallet providers to offer consistent security across multiple chains without dealing with each chain's specific multisig or smart contract implementations.
- Flexible Key Management: MPC enables sophisticated security policies like key rotation, temporary access delegation, and custom approval flows without requiring on-chain transactions or smart contracts.
- Lower Transaction Costs: Since MPC generates a single valid signature, transactions look like standard transfers on the blockchain. This means users don't pay extra fees compared to regular transactions, unlike multisig or smart contract solutions.
- Improved Recovery Options: MPC protocols can be designed to allow secure key rotation and recovery without on-chain transactions. If one key share is compromised, it can be invalidated and replaced without moving funds or paying network fees.
Drawbacks:
- Implementation Complexity: Building secure MPC protocols requires deep cryptographic expertise and careful implementation. While the mathematical foundations are solid, practical implementations need extensive testing and auditing to ensure the cryptographic protocols are correctly implemented. This was highlighted in 2023 when Fireblocks discovered "BitForge" - a series of vulnerabilities in widely-used MPC protocols that could potentially allow attackers to extract private keys. These vulnerabilities affected over 15 wallet providers and demonstrated how even well-established MPC implementations can contain subtle but critical security flaws.
- Limited Transparency: Unlike multisig or smart contract wallets where security parameters are visible on-chain, MPC wallet security relies on off-chain cryptographic protocols. Users must trust that wallet providers have correctly implemented and are honestly executing these protocols, as the security model is not independently verifiable through blockchain data.
- Performance Overhead: The computational requirements of MPC protocols can introduce noticeable delays when approving transactions. Since multiple parties must communicate and perform complex cryptographic calculations, basic operations like sending funds can take several seconds longer than with traditional wallets. This overhead becomes more pronounced on slower devices or with poor network connectivity.
Second Generation Smart Contract Wallets
The evolution of smart contract wallets has been marked by two major developments: Account Abstraction (EIP-4337) and Layer 2 scaling solutions. Account Abstraction, proposed in 2021, allows smart contract wallets to handle their own transaction validation and gas payments, while L2 networks like Base and Optimism have made complex smart contract interactions financially viable for everyday use.
These advances are particularly significant for multisig implementations. Traditional smart contract multisig wallets faced challenges with high gas costs and complex user experiences, but the combination of L2s and Account Abstraction has created new opportunities for secure, usable solutions.
At the same time, the maturity of multisig smart contract security can be seen in projects like Safe (formerly Gnosis Safe), which secures over $100 billion in assets across multiple chains and has maintained a strong security record since 2017. Major players like Coinbase have also entered the space with their audited Smart Wallet implementation.
Advantages:
- Cost-Effective Multisig: Layer 2 networks reduce transaction fees by 10-100x compared to Ethereum mainnet, making multisig operations practical for regular use. Deploying a smart contract wallet on Base typically costs less than $1, versus potentially hundreds on mainnet.
- Enhanced Multisig UX: Since 2019, users can receive funds to their smart contract wallet address before it's deployed, improving the onboarding experience. Additionally, Account Abstraction enables smoother multisig experiences by handling complexity like gas payments and transaction batching internally. Multiple signers can coordinate more efficiently without dealing with individual gas payments.
- Battle-Tested Security: Years of production usage by major protocols and DAOs have validated the security of smart contract multisig implementations. The core multisig logic has proven reliable even as additional features are added.
Drawbacks:
- Increased Complexity: The combination of smart contracts, Account Abstraction, and L2 networks creates a more complex system with multiple components. Each layer introduces potential points of failure that need to be carefully considered.
- L2 Security Assumptions: Using multisig on L2s requires trust in the L2's security model and bridging mechanisms. While major L2s have proven reliable, they introduce additional security considerations compared to L1 multisig.
- Infrastructure Dependencies: Account Abstraction requires specialized infrastructure like bundlers and paymasters. While this enables better user experiences, it creates dependencies on these services for wallet functionality.
The reduced transaction costs and improved user experience enabled by L2s and Account Abstraction have made smart contract multisig increasingly viable for everyday users. Additional benefits like gasless transactions and custom validation logic further enhance the appeal, though they come with added complexity. As the ecosystem matures and best practices emerge, these solutions are becoming an increasingly attractive option for secure and convenient crypto wallets.
Comparison
After analyzing the various approaches to building secure and convenient crypto wallets, and through our own experience building wallet prototypes, we can draw several key insights about the tradeoffs between multisig, MPC, and smart contract solutions.
Metric | Traditional Multisig | First-Gen Smart Contract | MPC | Second-Gen Smart Contract |
---|---|---|---|---|
User Experience | ★★ Increased transaction costs - arguably ok for storing assets like bitcoin. User experience can be made simple. |
★ High costs and friction, very expensive on L1 |
★★ Seamless and familiar, standard transaction fees. Transaction signing process can be slow. |
★★★ Smooth with AA and L2 scaling, low costs on L2 |
Cross-chain Support | ★★ Chain-specific implementations |
★ Chain-specific smart-contract implementations |
★★★ Works across all chains |
★ Chain-specific smart-contract implementations. |
Transparency | ★★★ Fully auditable on-chain |
★★★ Fully auditable on-chain |
★ Relies on off-chain protocols |
★★★ Fully auditable on-chain |
Implementation Complexity | ★★ Requires chain-specific knowledge but straightforward protocol |
★★ Smart contract development expertise needed, but patterns well established |
★ Requires deep cryptographic expertise and complex infrastructure |
★★ More complex with AA and L2, but good tooling available |
Table 1: Comparison of Multisig Technologies Across Key Metrics
While MPC offers compelling advantages like cross-chain compatibility and lower transaction costs, our experience building with MPC technology has revealed important considerations that aren't immediately apparent. The primary challenge isn't the cryptographic protocols themselves - which are often open source and well-audited - but rather the auxiliary infrastructure and tooling needed to build production-ready wallets.
When implementing MPC wallets, teams face a critical choice: either rely on third-party providers who offer key generation and sophisticated signing functionality or undertake the technically complex and resource-intensive task of building these components in-house. While using third-party solutions accelerates development, it creates deep dependencies that are difficult to move away from. Building internal implementations requires significant cryptographic expertise and engineering resources. This creates a practical dilemma around transparency and trust - users must either rely on closed-source components or trust in complex custom implementations that may not be thoroughly battle-tested.
In contrast, both traditional multisig and modern smart contract wallets offer unparalleled transparency. Their security mechanisms operate entirely on-chain, allowing users and auditors to verify exactly how their funds are protected. The emergence of Layer 2 networks and Account Abstraction has largely addressed the historical drawbacks of smart contract wallets, particularly around transaction costs and user experience.
Conclusion
Ultimately, we believe the future of crypto wallets lies in solutions that maximize both security and transparency. While MPC represents an impressive technological achievement, the necessity of either trusting closed-source infrastructure or building complex cryptographic systems creates meaningful tradeoffs. Smart contract wallets running on L2 networks, with their combination of proven security, full transparency, and improving user experience, appear to be the most promising path forward for mainstream adoption.
This isn't to say MPC doesn't have an important role to play - particularly in institutional settings where the benefits of flexible key management and cross-chain compatibility may outweigh transparency concerns. However, for building open, trustless systems that align with crypto's core values, on-chain solutions provide the clear path forward.