MPC explained without the cryptography lecture

Multi-party computation (MPC) is a way to sign a transaction without any single party ever holding the full private key. Instead of one key sitting in one place, the key is split into shares held by different parties, and a transaction gets signed by combining those shares mathematically without ever reassembling the key. The wallet on the network sees a normal signature. The internals are anything but normal.

Institutional crypto custody runs on this. Fireblocks, BitGo, Copper, Anchorage, and Komainu all use MPC under the hood for their primary signing flows.

The pitch is simple. No single human, no single server, no single device can move the assets. An attacker who breaches one location gets a key share, which is useless on its own. To produce a signature, the threshold of shares (say, three of five) has to participate in a coordinated computation, and the protocol verifies each share's contribution before producing the output.

How it actually works

The cryptography is dense (we're not doing it here). The mechanics that matter are these.

When an institution sets up MPC custody, the custodian generates a wallet whose private key has never existed in one place. The key generation procedure runs across multiple geographies or hardware modules at the same time, and each participant comes out the other end holding a share. No one, not even the custodian's CEO, can reconstruct the full key.

To sign a transaction, the participating shares run a joint computation. Each share contributes a partial signature without revealing itself to the others. The protocol stitches the partials into a single, valid signature for the destination chain. Ethereum sees an ECDSA signature. Bitcoin sees a Schnorr or ECDSA signature. The chain doesn't know or care that an MPC ceremony produced it.

Two design choices follow from this and shape how institutions use the system.

First, policy lives at the signing layer. Before any share contributes, a policy engine checks the transaction: destination address whitelist, dollar threshold, time of day, multi-human approval, sanctions screening. A transaction that fails policy never gets signed at all. The shares simply don't participate.

Second, the on-chain footprint is small. A multisig wallet broadcasts a list of signers and a quorum threshold publicly on-chain. MPC produces a single signature from a single address, indistinguishable from a normal one-key wallet. That's a privacy feature for institutions whose holdings would move markets if visible.

Why institutions care

A custody operation has to satisfy three masters at once: regulators, auditors, and the institution's own risk team. MPC gives all three something they want.

Regulators want segregation, no commingling, and a clear record of who can move what. Auditors want a procedure they can describe in writing and verify against logs. Risk teams want no single point of failure and no insider with unilateral authority. MPC's policy engine, share distribution across geographies and hardware boundaries, and quorum-based approval workflow check each box for all three.

There's an operational angle too. Multisig was the institutional standard before MPC matured, and it still works, but it has rough edges: every signer is a public on-chain identity, fee costs scale with quorum, and the smart contract holding the funds is itself a target. MPC sands these down. One address, one signature, and the policy logic sits in the custodian's infrastructure rather than in a contract that has to be audited and patched.

The trade-off is concentration of trust in the custodian's MPC implementation, because the math is sound but the surrounding code (key generation, share storage, policy engine, signing orchestration, breach response) is what actually has to be trustworthy in practice. That's why institutional flows concentrate at qualified custodians whose MPC stack has been audited, insured, and operated under regulatory scrutiny long enough to develop a track record.

Where this shows up in institutional crypto-backed lending

When a collateral pledger posts crypto as security in an institutional lending facility, the assets typically don't leave their MPC custodian. The custodian holds the position under a control structure visible to the lender, and a tokenized representation of that pledge enters the on-chain market. The pledger keeps custody. The lender gets verifiable collateral. The chain sees a clean signature with no leak of who's involved.

For how that tokenized representation works without breaking the custody relationship, see Tokenized MPC pledges: bringing off-chain-custodied collateral on-chain.