Blog / Expert's Opinion
Andrew Smith Aug 28, 2025

Secure Multiparty Computation: the new standard for institutional digital asset security

Secure Multiparty Computation (MPC) – a cryptographic breakthrough that's fundamentally transforming how institutions protect, manage, and scale their digital asset operations.
Secure Multiparty Computation: the new standard for institutional digital asset security

Institutions now treat digital assets as an asset class. The infrastructure must match that reality. Secure Multiparty Computation (MPC) gives you a practical path to higher resilience, cleaner operations, and easier compliance - without sacrificing speed.

“Threshold cryptography enables distribution of trust in the operation of cryptographic primitives.”
NIST Computer Security Resource Center

Below is a clear, source-backed guide you can use to brief your security, compliance, and ops teams.

Why MPC now

Institutional participation keeps growing. In January 2025, 86% of surveyed institutional investors either already had exposure or planned to allocate to digital assets in 2025. 59% planned to allocate over 5% of AUM.

Flows confirm the trend. In July 2025, digital-asset ETP assets under management hit a record $220 billion.

Risk also rose. Chainalysis data shows illicit crypto activity concentrated in stablecoins and a 21% year-over-year rise in stolen funds to about $2.2 billion in 2024. In H1 2025, theft exceeded $2.17 billion, already above the 2024 total.

Security must scale with this adoption. MPC does.

MPC in plain terms

MPC lets several independent parties compute a signature without any one party ever holding the full private key. In practice, you split control across devices, users, or regions and set a threshold (for example, 3 of 5). If an endpoint fails or is compromised, the attacker still cannot produce signatures.

“Any subset of t+1 out of n participants can jointly produce a valid ECDSA signature without reconstructing the secret key.”

MPC vs HSMs and multisig

HSMs harden a single enclave but still centralize risk and logistics. They depend on physical deployment, maintenance windows, and on-prem change control.

Smart-contract multisig is transparent and auditable on-chain, but it adds gas and exposes signer structure publicly. MPC operates at the cryptographic layer, producing standard single-sig transactions while keeping signer topology private.

What the market shows

Independent market trackers put MPC on an institutional trajectory. In 2024 the global MPC market stood near $888 million and is projected to reach roughly $2.72 billion by 2034. North America held 38% share in 2024, while BFSI leads enterprise adoption.

Compliance fit: MiCA and NYDFS

MPC maps cleanly to emerging custody rules:

Segregation of duties and access controls. MPC enforces threshold approvals and role separation. MiCA establishes operating conditions for CASPs from December 30, 2024.

Asset segregation and audit trails. NYDFS guidance requires separate accounting, clear audit trails, and customer-benefit constructs—controls you can evidence with MPC-based workflows.

Sub-custody governance. MiCA Q&A highlights restrictions on third-party custody relationships, aligning with MPC-based policy engines that control where and how key shares operate.

Architecture that works in production

Control plane

  • Threshold policies. Set context-aware rules (who, what, where). Escalate thresholds for high-risk actions.
  • Geographic resilience. Place key shares in separate jurisdictions and clouds to survive regional failures.
  • Programmable approvals. Require business metadata (trade ID, counterparty, address risk score) before a signing session starts.

Data plane

Modern TSS protocols. Current ECDSA threshold schemes reduce rounds and latency, enabling mobile or HSM-backed shares to co-sign quickly. Fireblocks’ MPC-CMP shows the performance direction of travel with fewer network rounds.

Observability. Treat MPC nodes like any distributed system: metrics, tracing, and policy audit feeds to SIEM. (Your ops team already runs this for other critical services.)

Performance notes

Latency mainly comes from network round-trips. Choose protocols and placements that minimize inter-share RTT, and pre-compute when possible. Well-tuned deployments deliver sub-second signing for most chains.

Economic impact

Teams typically unlock savings and control in four areas:

  • Insurance and loss expectations. Lower single-key blast radius.
  • Compliance overhead. Automated thresholds and immutable logs reduce manual checks.
  • Operations. Policy-driven approvals compress lead times for withdrawals and settlements.
  • Scale. Cloud-native shares avoid the capex and locality constraints of pure hardware footprints.

Selecting an MPC vendor

Use this checklist when you run RFPs:

  1. Cryptography maturity. Peer-reviewed protocols, public docs, and third-party assessments. Track NIST’s threshold cryptography work for standardization signals.
  2. Policy engine depth. Thresholds by asset, network, amount, destination risk, and time.
  3. Operational resilience. Cross-region key-share placement, disaster recovery, break-glass flows.
  4. Integration. REST APIs, webhooks, SDKS, and off-the-shelf connectors to KMS, SIEM, and case-management.
  5. Compliance evidence. SOC 2, ISO 27001, and ready-made audit exports mapped to MiCA and NYDFS controls.

Future-ready by design

MPC is an implementation strategy, not a signature algorithm. That matters. It lets you upgrade underlying schemes, including post-quantum signatures, without re-architecting custody. NIST’s threshold program explicitly considers PQC-readiness and standardization paths.

Key takeaways

  • MPC removes single-key risk while preserving standard, low-fee transactions.
  • Institutions are allocating and funding the infrastructure. AUM hit $220B for digital-asset ETPs in July 2025.
  • The threat landscape is real. Stolen funds rose in 2024 and accelerated in 2025.
  • Regulatory alignment is stronger with MPC: segregation of duties, auditability, and sub-custody control.

How Scalable Solutions helps

You get a production-grade MPC stack with policy controls, geo-distributed key shares, and audit-ready evidence. We integrate with your existing KMS, SIEM, and approval tooling and align deployments to MiCA and NYDFS custody rules.

See how it fits your stack. Request a demo.

FAQ

Is MPC the same as multisig?

No. Multisig happens on-chain and exposes signer structure. MPC happens off-chain at the cryptographic layer and produces standard single-sig transactions.

Do we still need HSMs?

For many teams, yes—as one of the MPC signers or as a root-of-trust. MPC reduces centralization and geography risk that pure-HSM setups face.

How do we recover a lost key share?

Use quorum-based recovery with fresh shares. No single operator can reconstruct the key.

What about performance?

Modern threshold ECDSA and optimized protocols minimize rounds and network latency. Sub-second signing is achievable in well-placed topologies.

Is MPC future-proof for post-quantum?

MPC can adopt PQ signature schemes as they standardize. NIST’s threshold work includes PQC-ready directions.

Expert's Opinion
Related posts
Custodial vs Non-custodial Wallets: Everything You Need to Know (2025)
Andrew Smith Jul 7, 2025
Custodial vs Non-custodial Wallets: Everything You Need to Know (2025)
Custodial Wallet: Your crypto keys are held by a third party (e.g., Coinbase, Kraken). Convenient, easy to recover, but you don’t fully control your funds. Non-custodial Wallet: You control your private keys (e.g., MetaMask, Ledger). Full ownership, access to DeFi, but responsibility for your own security. Hybrid Approach: Many users combine both for flexibility, trading on exchanges, holding assets securely offline.
Expert's Opinion
Multi-Party Computation vs. Hardware Security Modules: What is better for your custody?
Andrew Smith Jun 27, 2025
Multi-Party Computation vs. Hardware Security Modules: What is better for your custody?
Multi-Party Computation (MPC) vs. Hardware Security Modules (HSM): A Deep Dive into Secure Key Management for Institutional Digital Asset Custody
Expert's Opinion