January 22, 2025 · Read time: 6 min
MPC Wallets Explained: Architecture, Trade-offs, and When to Use Them
Multi-Party Computation wallets are becoming the default for consumer and institutional products. Here's how they actually work.
What is MPC?
Multi-Party Computation is a cryptographic technique where multiple parties jointly compute a function over their private inputs without revealing those inputs to each other. Applied to wallets, the private key is never assembled in one place.
From the blockchain's perspective, an MPC wallet looks identical to a standard EOA. One public address, normal transactions. The difference is entirely in how the private key is managed.
The Standard Architecture: 2-of-2
In a 2-of-2 MPC wallet, one shard is held on the user's device and one shard is held by the wallet provider's server. Signing requires both shards to participate in a threshold signature protocol. Neither shard alone can sign a transaction.
The benefits are better recovery, policy enforcement, and no single point of compromise. The drawback is liveness dependency on the provider.
Recovery Flows
Cloud backup, social recovery and backup phrase recovery are the three common patterns. Arc Wallet used encrypted cloud recovery for most users and a backup phrase fallback for edge cases.
Recovery design is product design. The most cryptographically pure flow is useless if mainstream users lose access during the first device upgrade.
MPC vs Multisig
Multisig uses multiple full private keys and requires m-of-n signatures. MPC uses one key distributed as shards and produces one combined signature. MPC has better UX and lower gas. Multisig has mature tooling and on-chain transparency.
For consumer wallets, MPC usually wins. For DAO treasuries, Safe-style multisig often wins because transparency matters more than invisible signing.