It is no secret that a wave of cryptographic applications has emerged from blockchain technology. Some of them have grown into big companies like Fireblocks, StarkWare, zkSync and Immutable, worth hundreds of millions or billions of dollars. The advancement of technology, however, brings with it a variety of acronyms that can be confusing to even seasoned tech enthusiasts. The following are five of the more perplexing acronyms that you may encounter: Multi Party Computation (MPC), Zero Knowledge (ZK), Fully Homomorphic Encryption (FHE), Trusted Execution Environment (TEE) and Hardware Security Module (HSM). Despite their cryptic names, let’s shed light on how they differ in digital security.
Multi Party Computation (MPC)
Imagine a scenario where several individuals need to collaborate on a computation without disclosing their individual inputs. That’s where MPC comes into play. By employing advanced cryptographic techniques, MPC allows multiple parties to jointly perform calculations while keeping their data private. Essentially, it’s like a group of magicians sharing their tricks without revealing how they’re done. This cryptographic technique finds its role in the world of threshold signatures (TSS), which replace the traditional use of a single digital signature.
“MPC allows users to control a crypto wallet without bearing the risks related to a single-factor private key, adding more layers of protection and removing most traditional attacks and accidental loss scenarios from the table,” told me in an interview Ouriel Ohayon, Co-founder and CEO at ZenGo.
Zero Knowledge (ZK)
Ever wished you could prove you know something without revealing what it is? ZK enables just that. It’s like showing a friend you can solve a Rubik’s Cube without revealing the solution. ZK protocols allow one party (the prover) to demonstrate knowledge of a specific piece of information to another party (the verifier) without actually providing the information itself.
“By reducing the data being stored on-chain, ZK protocols free networks from congestion, enabling faster transaction time and the ability to handle a larger user base. ZK proofs (like the STARK proofs used by StarkWare) enable the processing of a vast number of transactions off-chain at a low cost. Subsequently, these transactions’ validity can be verified on the blockchain without the need for re-computation,” told me in an interview Eli Ben-Sasson, Co-founder and President at StarkWare. “ZK protocols also allow for the utmost security for users making transactions since it can verify the legitimacy of a transaction without revealing sensitive information, such as their identity or location,” Ben-Sasson said.
Fully Homomorphic Encryption (FHE)
If encrypted data were an elaborate puzzle, FHE would be the ultimate enigma solver. This encryption scheme allows computations on encrypted data without decryption. It’s like solving a jigsaw puzzle without taking the pieces out of the box. FHE is particularly relevant in scenarios where data privacy is paramount, such as collaborative research involving sensitive information.
“By default, any data added to a public blockchain is transparent for anyone to see and analyze. However, by harnessing the power of FHE, we can introduce for the first time end-to-end encryption for the Ethereum ecosystem, and enable new applications that were not possible until now in the blockchain ecosystem. These include on-chain confidential voting systems, trustless games, decentralized social networks, confidential tokens and even privacy persevering machine learning model training platforms,” told me in an interview Guy Itzhaki, CEO at Fhenix.
Trusted Execution Environment (TEE)
TEE is a safeguarded space within a device’s hardware that ensures critical operations remain shielded from unauthorized access. This secured digital realm is designed to uphold data privacy, integrity, and protection against potential threats, even within an untrusted environment. TEEs have the potential to play a pivotal role in bolstering security for various applications, such as blockchain, secure digital identities, and sensitive financial transactions.
Ittai Abraham, a distributed computing researcher, explained how TEEs can bolster security by providing both integrity (via remote attestation) and confidentiality (via hardware isolation): “TEEs like Software Guard Extensions (SGX) provide very powerful defense in depth, enabling high-performance computation today with both integrity and confidentiality. Just like https is the default for trusted communication, in the future, using a TEE for trusted computation will be the default,” said Abraham.
Hardware Security Module (HSM)
An HSM is a tamper-resistant device that stores cryptographic keys and sensitive data securely. In addition to safeguarding cryptographic operations and ensuring compliance with data security regulations, HSMs find use in industries such as finance, healthcare, government and in the crypto industry obviously. However, blockchain is an interactive protocol that includes information that is constantly updated according to the latest transactions it receives. To create a valid crypto transaction in a wallet, a unique real-time data from the blockchain is required.
Lior Lamesh, Co-founder and CEO at GK8, addressed this connectivity challenge in an interview: “Despite adding a layer of security, HSM does not address the fundamental vulnerability of ‘cold wallets’ that ultimately require internet input in order to interact with a blockchain, creating a single point of failure. GK8 introduced a patented cold vault system that enabled blockchain transactions to be created, signed, and sent without requiring any digital input from the internet”.
Unlocking Web3 Security
According to The Block, almost $3 billion were stolen in different crypto exploits. The famous Ronin hack last year occurred due to hacked private keys, and almost every month another DeFi protocol is being hacked due to poor security standards. A good understanding of the aforementioned acronyms is essential to understanding Web3’s future security tools as a whole. Some Web3 companies have already taken advantage of these technologies, as the applications are diverse and impactful, helping to make the digital world a safer place.