There are several thousand farmers in Denmark who grow sugar beet, the white root vegetable that produces sugar equal in quality to that from sugar cane. All of these growers sell to one buyer: Denmark’s only sugar producer, Danisco. When farming subsidies were reduced, Danisco divested its sugar division and cut down on its sugar production (it continues as one of the world's leading producers of food ingredients). At that point, the need arose in January 2008 to reset the prices paid to sugar beet growers.
That’s when a problem came up. The growers were not happy to disclose how much beet sugar they were willing to sell and at what price; information that could be used by the manufacturer against them in the future. The option of hiring a consulting firm to receive bids from both parties, and conduct confidential bidding was too expensive. And so, a decision was made to conduct a computerized sale based on an innovative approach that had never been tried before: a secure Multiparty Computation (MPC) auction. After 30 minutes of bidding, the computer output a result that enabled the purchase of 25,000 tons of sugar beet.
Secure MPC allows two or more parties to calculate a particular function together - with both parties’ data remaining confidential and encrypted - unassisted by a third party intermediary. "For years, the Danish sale was the only practical application in the field, to the point where it became a kind of a joke," says Professor Yehuda Lindell, a researcher with over twenty years of experience in the field. "Every time a lecturer wanted to talk about what MPC could do, they could only talk about sugar beet."
This situation has changed in recent years as huge companies like Google and Facebook launched MPC-based solutions. Google, for example, uses MPC so that users logging in to their different accounts through the browser can cross-check their user identification and passwords against a database of billions of user IDs and passwords that have been exposed in security breaches. The users can’t see the database and Google's servers don’t store the user's personal information, but a result can still be obtained showing whether these details have been leaked in the past and should be changed.
But with all due respect to Google, the world’s most prominent MPC application is cryptocurrency protection, where Israeli start-ups and entrepreneurs hold a virtual monopoly. In the past few months alone, two American fintech giants have acquired several Israeli startups dealing in MPC-based cryptocurrency protection.
Last March, PayPal announced the acquisition of the start-up Curv for about $200 million, and last November, Coinbase, the US’s largest crypto exchange, acquired Unbound Security, founded and managed by Prof. Lindell, for hundreds of millions of dollars. Based on this acquisition, Coinbase is establishing an Israeli development center. In May, another major crypto exchange, Gemini, acquired London-based startup Shard X, whose founding team also includes some Israelis. In addition, Israeli cryptocurrency company Celsius reported last month that it had acquired Israeli startup GK8, which also markets an MPC-based solution.
Israeli unicorn Fireblocks is also based on MPC technology that enables financial entities to operate a standalone infrastructure for storing and transferring digital currencies. According to a story published on "The Information" website last month, Fireblocks is currently raising $400 million at an $8 billion valuation, in a round led by US super-fund Sequoia, making it one of the highest-value start-ups in Israel. "Customers always joke that everyone who talks to them about MPC is Israeli," said Fireblocks CEO Michael Shaulov. But Israel’s success in this field did not come about by chance.
The beginning: 1980s academia
The discipline known as secure multiparty computation arose in academic research in the late 1980s. The basic dilemmas raised by researchers described, for example, three employees at a company, who want to find out their average salary but, for privacy reasons, don't want to share their own salary details with each other or with a third party. How will they be able to do that?
From the very start, Israeli researchers have played a central role in MPC in academic institutions. A groundbreaking article published in 1987 by Oded Goldreich (then at the Technion - Israel Institute of Technology) and Avi Wigderson (then at the Hebrew University of Jerusalem) along with Silvio Micali (of the Massachusetts Institute of Technology), demonstrated how any calculation could be done securely while the various participants, even if they did have malicious intentions, could not gain additional knowledge beyond the end result.
Goldreich, now at the Weizmann Institute of Science, made headlines this year after Minister of Education Yoav Galant refused to approve his nomination for the Israel Prize due to his political statements. Wigderson, now at Princeton, won this year's Abel Prize for achievements in mathematics. Other prominent Israeli researchers who have made significant contributions to MPC are Shafrira "Shafi" Goldwasser of MIT and the Weizmann Institute, and Michael Rabin from Hebrew University, both winners of the A.M. Turing Award in computer sciences.
Lindell himself began his doctoral dissertation on MPC in 1998 at the Weizmann Institute with Goldreich as his advisor. "When I entered the field, it still wasn't at all clear that it would ever be possible to use it for anything because all the calculations were very inefficient," Lindell recalled. "Although in 2004 they presented a computerized MPC system, it took several minutes to compare the ages of two people, which was clearly impractical. Only gradually did the calculations start to become more efficient and a little less impossible."
What motivated Lindell to set up Unbound Security in 2015 was a report about a breach at US computer and network security company RSA Security. Following the theft of RSA's confidential data, the hackers broke into the security networks of weapons and aircraft manufacturer Lockheed Martin, and allegedly copied top secret plans for the F-35 Lightning II joint strike fighter jet.
"For years, people asked me why I hadn't set up a start-up based on my research and I would reply that I wasn't interested and I was happy in academia," Lindell says. "But at that moment, when I heard about this case, I realized that what we were doing could prevent these sorts of hacks, and the right thing to do was to turn it into a commercial application." Unbound Security was born to protect all different types of encryption keys - the secret to every encrypted system - but its activity focuses mainly on security infrastructure for enterprise cryptocurrency protection.
Lindell has no doubt that Israel's academic leadership in MPC theory is what has led to Israeli successes in crypto security technology today. "The researchers who laid the foundations like Goldreich, Wigderson, Goldwasser and Rabin taught students who in turn taught more students. When I look at the companies in the sector, there are Israeli researchers at start-ups Curv, Fireblocks, and ZenGo who did doctorates at Israeli universities. MPC is very specific expertise that one must study and do doctorate in."
The fear of private key theft
In the traditional crypto world, coin transfers and transactions are made using a private key, a set of letters and numbers that allows access to the currency network. In some cases, users hold the private key, while in other cases the key is held on the user’s behalf by a custodial service, like a stock exchange. In both scenarios, the key is not fully protected, and there has been a series of cases in which private keys were hacked and stolen, that led to losses of billions in cryptocurrencies. Over time, hackers have become more sophisticated in capturing and taking over private keys.
To protect against such hacks, the exchanges and other custodians keep some private keys in "cold storage," that is, in offline computers, unconnected to the network, almost like gold stored in a bank basement. While this definitely reduces the chance of hacking, compared with a ‘hot’ wallet, where a private key is stored on a networked computer, it also significantly reduces the ability to quickly execute transactions, and the process can take days.
MPC offers a different approach to crypto protection. Instead of storing the key in one place, the MPC-based algorithm splits it into parts and allocates is among several separate computers. Only a joint calculation operation between all the individual computers, or at least most of them, will produce the private key. Therefore, to steal the private key, hackers must hack into several computers simultaneously, a very complicated task.
ZenGo, which has raised $25 million since it was founded in 2017, was the first company in the world to launch a mobile wallet app, aimed at regular private users, for managing MPC-based cryptocurrencies. ZenGo’s solution is distributed between the user's smartphone on one end, and the company's server on the other. Once a user goes through face recognition and logs into his or her email account, both sides compute the private key together, after which a transaction can be executed. In practice, the private key is not stored in one place and therefore hacking into just the user’s device or just ZenGo’s servers will not help hackers obtain coins.
"I think most people in the world cannot manage private keys on their own, because they don’t understand security and they make mistakes," explained ZenGo CEO Ouriel Ohayon. "At first, we examined another multi-signature technology, [multisig is a crypto wallet that needs two or more users to activate the private key to authorize a transaction - O.D.], but it only worked well with Bitcoin, maybe a little with Ethereum, but not with other currencies. So, we decided to check out MPC, but because the MPC protocol wasn’t good enough for us then, we invested a year in research and development to build a solution. When we went to market, we were the weirdest thing, no one understood what it was, or whether it was safe."
ZenGo together with other Israeli companies founded the MPC Alliance, a forum for information exchange and market education, which today also includes giants like Bosch and Alibaba. "The fact that we are an Israeli company has helped us a lot because people like Prof. Lindell have fostered many students who specialize in MPC," Ohayon says. "In addition to academic institutions, there are also many cryptography experts in Israel who come from intelligence units like 8200."
Veteran banks seek solutions
While ZenGo works with private users, Fireblocks sells to the institutional market. Fireblocks helps traditional financial institutions like Bank of New York Mellon (BNY Mellon), the oldest bank in the US, or 267-year-old private German bank Bankhaus von der Heydt, set up their MPC-based crypto storage and transfer activities. These institutions could rely on their existing custodial services, but that would mean giving up control of their crypto private keys and depositing them with a third party; a risk should the custodial service go bankrupt, for example.
Like ZenGo, Fireblocks was not founded by entrepreneurs with academic backgrounds in MPC research. Early on, sometime in 2018, Fireblocks also examined the option of multi-signature technology. "It worked badly, and there were lots of problems for users," recalled Shaulov. The moment the company shifted to MPC, it wasn’t hard to reach the world’s biggest experts, as most of them are Israeli, like Prof. Ran Canetti of Boston University and Tel Aviv University, and Dan Boneh of Stanford. "Israelis always know how to find one another anywhere in the world and it’s easy for them to conduct a dialogue," laughs Shaulov, adding that this commonality also makes it easier to bring these experts on board as company consultants.
Initially, Fireblocks adopted an existing MPC algorithm called GG18 developed by a researcher and entrepreneur named Steven Goldfeder, now of Cornell University. In 2020, however, Fireblocks completed the development of its own algorithm called MPC-CMP. According to Shaulov, this algorithm accelerates the process of calculating the private key and making transactions, requiring only one round of communication between computers and not nine as in Goldfeder's algorithm. Fireblocks' algorithm is also mathematically proven to be incapable of data leakage, unlike other older algorithms.
Shaulov says that when it comes to enterprise customers, MPC is already the leading technology for securing crypto keys, with over 51% of the market. This process will be accelerated when - on the basis of their Israeli startup acquisitions - PayPal and Coinbase also adopt MPC. "There are still big exchanges like BitGo and Anchorage that haven’t adopted MPC and are waiting for authentication technologies like BLS or Schnorr which could be less complicated than MPC, but that's something that will take a few more years. If a better technology comes along, we'll be happy to use it."
Published by Globes, Israel business news - en.globes.co.il - on January 3, 2022.
© Copyright of Globes Publisher Itonut (1983) Ltd., 2022.