Safeheron Releases World’s First C++ Based MPC Protocol Library


As a transparent and open source digital asset self-custody platform, Safeheron is committed to contributing to the crypto world by providing a secure, transparent, and verifiable self-custody infrastructure.

In line with this principle, Safeheron has prioritized cryptographic research and has made various critical algorithms have been made publicly available.

Today, Safeheron has taken another step forward by releasing three widely adopted MPC-ECDSA protocols, GG18, GG20, and MPC-CMP, used by leading wallet custody technology providers, and has also expanded the cryptographic primitive library.

This open-source effort fills two market gaps:

  1. This is the world's first open-source MPC threshold protocol library in C++ programming language, facilitating low-cost porting to multiple platforms.

  2. This is the world's first MPC threshold protocol library independently designed and open-sourced by an Asian security technology team, which helps better service Asian enterprises and developers in security research and enhances the advantage of Asia-based technology in the global digital asset market.

In a proactive effort to promote the building of an open-source ecosystem within the industry, Safeheron has invited SlowMist, the Amber Group security team, and the PlatON research team to participate in verifying the correctness and safety of open-source codes, advancing the development of open-source libraries and communities. And, Safeheron would like to express our sincere gratitude to them hereof.

Introduction to MPC

Secure Multi-Party Computation (SMPC/MPC) enables multiple participants to collaboratively compute a pre-agreed function without the need for a trusted third party. This concept originated from Professor Andrew Yao's millionaire problem and its solution using cryptography in 1982, and has since evolved into an important branch of modern cryptography.

Deeply engaged in MPC research, Safeheron Lab has co-established a joint laboratory with Turing AI Institute founded by Andrew Yao (MPC introducer), proactively participating in the research on the integration of trusted computing and blockchain technology. Safeheron Lab has open-sourced several MPC research projects.

Since 2018, MPC technology has been introduced to the private key security of digital assets. According to incomplete statistics, in just four years, more than 3 trillion US dollars of digital assets have been transferred through the MPC private key scheme, which has gained widespread adoption, with more than 1,000 banks and leading institutions, such as BNY Mellon.

As MPC continues to develop and improve, since 2010, it has gained significant attention and has been increasingly applied in practice.

Currently, MPC protocols can be divided into two main categories: generic MPC protocols and specialized MPC protocols.

Generic MPC protocols are designed to be versatile and can theoretically support any computing task. They are typically implemented using garbled circuits, which involve compiling the computation logic into a circuit and obfuscating the execution. However, as problems become more complex (which is often the case), the size of the circuit can rapidly expand, leading to a significant reduction in computing efficiency.

Specialized MPC protocols are designed to solve specific problems and are optimized for efficiency, making them more efficient than general frameworks based on garbled circuits. Common examples of specialized MPC algorithms include arithmetic operations, comparison operations, matrix operations, privacy-preserving set intersections, private data queries, and threshold signatures.

In real-world applications, projects often require specialized MPC protocols that are both fast and efficient.

Research on MPC in Blockchain

To enhance the security of digital assets on the blockchain, MPC has been introduced to the multi-signature scenario. This approach eliminates the risk of a single point of failure by using multiple key shards that the private key never exists. This means that at no time or place does the private key corresponding to a public key exist as a single entity. Instead, multiple key shards are used to compute the final signature using MPC protocols during the signing process. This signature can be verified using the corresponding single public key. This technique, known as MPC multi-signature, provides a highly secure and efficient way to protect digital assets on the blockchain.

As research in this area has progressed, several important MPC multi-signature protocols have been developed. In the MPC-ECDSA research direction, typical examples include the two-party signature algorithm proposed by Lin17 and the threshold signature protocol proposed by GG18, which involves multiple participants. Since then, numerous algorithmic protocols have been proposed, such as DKLS18, DKLS19, GG20, MPC-CMP, DMZ-21 and others. The focus of research in these algorithms is on:

  • Reducing communication frequency

  • Lowering computational workload

  • Analyzing and enhancing security

  • Improving the detection of malicious adversaries

  • Reducing the computational power required for generating keys

Ultimately, the aim is to develop MPC protocols that are faster, more efficient, and more secure.

Open Source MPC-ECDSA Protocols

Safeheron will open source a total of three typical MPC-ECDSA protocols:

One noteworthy example in this space is the GG18 protocol, proposed by Rosario Gennaro and Steven Goldfeder, which has gained significant practical traction as the first influential MPC-ECDSA threshold multi-signature protocol. Subsequent protocols in this area are often viewed as optimizations of GG18, taking different perspectives into account. However, it is important to note that earlier versions of GG18 were found to have some security vulnerabilities, which have since been addressed through the implementation of security analysis reports in Safeheron’s open-sourced algorithm.

GG20 is an optimization of GG18 that reduces the number of communication rounds from 9 to 6. It also enhances the detection of malicious adversaries and supports an offline-sign mode.

MPC-CMP, proposed by Fireblocks, is a further optimization of GG18 that reduces the number of communication rounds (including the pre-sign phase) to 4. To simplify the description, the MPC-CMP paper describes the entire algorithm using an n-n signature, and mentions that it can be adapted to a t-n threshold signature, although no detailed explanation is given. To supplement the details on how to modify MPC-CMP into a t-n threshold signature algorithm, please refer to the document Modify MPC-CMP as a Threshold Signature Scheme.

It is worth noting that the aforementioned open-source protocol library not only supports Secp256k1, but also supports multiple elliptic curves, as listed below:

  • Secp256k1

  • P-256 (Secp256r1)

  • STARK Curve

Additionally, we already open-sourced the TSS-RSA protocol last year. Interested parties can click here to learn more.

Support STARK Curve

Safeheron has discovered potential issues caused by authorization mechanisms in some dApps as Signature-derived Key Risk. dApp authorization connections can bypass the security protection of private keys in hardware (cold) wallets, or, the MPC self-custodial platform can have the access to control user assets in the dApp without user authorization.

In our open-source protocol library, we have released the MPC-ECDSA protocol based on the STARK curve, that is to provide the ability to design MPC protocol for the ECDSA algorithm used by StarkEx, facilitating multi-people co-management on the private key. Users of MPC wallet can securely manage their private keys in StarKEx with sufficient multi-party asset management and no need to worry about internal and external malicious acts. Additionally, the community can customize their own solutions based on this open-source protocol.

Advanced Cryptographic Primitives

In addition to open-sourcing MPC application layer protocols, Safeheron has also released a rich library of cryptographic primitives:

Algorithm LibraryFunction

Big Number Calculation

Unified Elliptic Curve Library Calculation

Commit Scheme

Hash Function Calculation

Base64, Base58, and Hex Encoding/Decoding Operations

Paillier Fast Encryption/Decryption Algorithm

Verifiable Secret Sharing Algorithm

Series of Zero-Knowledge Proof Protocols

Implementation of Core Functions in BIP32

Implementation of Core Functions in BIP39

Implementation of Elliptic Curve Public Key Encryption Algorithm and Authentication Encryption Algorithm defined in IEEE 1362a

All of these cryptographic primitives can be installed uniformly through

Multi-Platform Support

From the outset, we considered the need for cross-platform support, and after considering performance, Safeheron's MPC protocols and basic cryptographic primitives were ultimately implemented using the C++ programming language.

Thanks to a well-designed architecture, all algorithms can be easily and efficiently ported to most platforms, including Windows, Mac, Linux, SGX in Linux, SGX in Windows, Android, iOS, WASM, and more.


Safeheron's internal algorithm library, located at, underwent a security audit by the top Swiss security auditing firm, Kudelski Security, in December 2020. This algorithm library includes an implementation of GG18 and a large number of basic cryptographic primitives.

To ensure transparency and efficient maintenance, Safeheron plans to extract different types of cryptographic primitives from the internal library and develop them as standalone project libraries.

GG18 also underwent a security audit by Kudelski Security in December 2020, and in the future, we plan to continue conducting security audits on other MPC protocols.

Future Open-Source Plans

Safeheron, a dedicated player in the security industry, has been consistently working towards integrating knowledge and practice to unite security and decentralization in the crypto world.

In a proactive effort to promote the construction of an open-source ecosystem within the industry, Safeheron is partnering with SlowMist, the Amber Group security team, and the PlatON research team to advance the development of open-source libraries and communities. Together, we participate in verifying the correctness and safety of open-source codes. In doing so, community members can customize various solutions based on these open-source protocols, truly enjoying the benefits of open source.

Open sourcing is a continuous process, and in addition to the recent release of the MPC-ECDSA protocols, Safeheron's open-source plans for this year include:

  • December ➡️ Release the open-source MPC-EdDSA protocols & open-source MPC-BLS protocols

We also plan to release other protocols:

  • MPC-ECDSA family, such as DKLS19

  • MPC-HMAC protocols

  • Other SGX libraries


【1】[Lin17] Fast Secure Two-Party ECDSA Signing

【2】[GG18] Fast Multiparty Threshold ECDSA with Fast Trustless Setup

【3】[DKLS18] Secure Two-party Threshold ECDSA from ECDSA Assumptions

【4】[DKLS19] Threshold ECDSA from ECDSA Assumptions: The Multiparty Case

【5】[GG20] One Round Threshold ECDSA with Identifiable Abort

【6】[MPC-CMP] UC Non-Interactive, Proactive, Threshold ECDSA

【7】[DMZ-21] Promise Σ-protocol: How to Construct Efficient Threshold ECDSA from Encryptions Based on Class Groups

【8】Enhancing Security on MPC Wallet-dYdX Connections

【9】EverPay Collaborates With Safeheron To Increase Security Performance By 47 Times

Last updated