[nassycheezy]

I've built a similar product for a well-known company in the space (and competitor to this company & Coinbase) and co-led the development of the crypto custody at Novi (Blockchain subsidary of Facebook). Happy to answer more questions though they do not provide much insight into their technology publicly.

Curv provides MPC-based crypto custody solution wi. I'll be over-simplifying but they allow private keys that protect large sums of cryptocurrencies to be split in encrypted portions called 'shares'. These shares are both created and used in a fully distributed manner (just like threshold signing / or 'multi-sig'). You generally define a threshold 'm' out of 'n' that's mathematically required to get a valid cryptographic signature.

An attacker would need to compromise a sufficient quorum of these keys simultaneously in order to sign blockchain transactions that would extract the funds somewhere else. As you can imagine, the complexity of such attack is highly correlated (and actually tends to grow exponentially due to several factors) to the quorum threshold 'm'.

Curv seems to allow financial institutions and all kind of institutional investors to create the shares, manage them and use them securely to sign transactions.

The argument they provide which makes little sense to me is that there is no 'private key'. They just seem to play with jargon as the shares are pretty much equivalent to individual keys in a multi-sig system, or at least hold the same power and have same results in compromise scenarios.

[maayank]

The difference between multi-sig and no private key is that the former is an implementation of the blockchain protocol (e.g. different in Stellar and Ethereum) while the latter is a generic algorithm/service. Different layer.

[nassycheezy]

Yes, I just meant that in practice the risks are the same from a security perspective (and most legit blockchains support multi-sig at this point), especially for the shares so I wouldn't call it 'no private key' :D

[TacticalCoder]

> Happy to answer more questions...

Does these kind of solutions work for every cryptocurrencies? For example does is support Bitcoin? Or is this something that needs some kind of smart contract like those provided by Ethereum?

And another question: what about optionally fully anonymous transaction as in ZCash, does the scheme work to sign tx done using ZK proofs too? Or fully anonymous ones, like David Chaum's upcoming "xx coin"?

[nassycheezy]

So there are lots of papers and work that has been done for MPC over ECDSA, EdDSA and Schnorr (that covers the majority of the crypto-currencies). MPC unfortunately sounds unfair to me at the moment because it's not widely available for retail in a production-grade state afaik.

The only blockchain-native mechanism that's getting more popular but unfortunately not supported everywhere yet is multi-sig. I consider multi-sig equivalent in term of security to MPC in practice. Bitcoin and many blockchains supports multi-sig addresses (ethereum does this through smart contracts but is still very much a native feature).

[thebean11]

Heh, the $150 Trezor Model T supports the "m of n" key thing. Repackaging the tech and selling it to business is really not a bad startup idea.

[nassycheezy]

Multi-sig for retail is great, and I use it myself. But you're held to a completely different standard in term of security and compliance as a financial insitution. And this applies to: software, hardware, operations, ceremonies, business continuity (what if the business goes bankrupt, what if country 'xyz' gets nuked etc..).