Your lesson should also include preparing interviews just like you prepare an exam. It sucks but it's a standardized process to evaluate some capabilities that decrease the risk of losing $$$ for the company that hires you.
Yes, I just meant that in practice the risks are the same from a security perspective (and most legit blockchains support multi-sig at this point), especially for the shares so I wouldn't call it 'no private key' :D
So there are lots of papers and work that has been done for MPC over ECDSA, EdDSA and Schnorr (that covers the majority of the crypto-currencies). MPC unfortunately sounds unfair to me at the moment because it's not widely available for retail in a production-grade state afaik.
The only blockchain-native mechanism that's getting more popular but unfortunately not supported everywhere yet is multi-sig. I consider multi-sig equivalent in term of security to MPC in practice. Bitcoin and many blockchains supports multi-sig addresses (ethereum does this through smart contracts but is still very much a native feature).
Multi-sig for retail is great, and I use it myself. But you're held to a completely different standard in term of security and compliance as a financial insitution. And this applies to: software, hardware, operations, ceremonies, business continuity (what if the business goes bankrupt, what if country 'xyz' gets nuked etc..).
I've built a similar product for a well-known company in the space (and competitor to this company & Coinbase) and co-led the development of the crypto custody at Novi (Blockchain subsidary of Facebook). Happy to answer more questions though they do not provide much insight into their technology publicly.
Curv provides MPC-based crypto custody solution wi. I'll be over-simplifying but they allow private keys that protect large sums of cryptocurrencies to be split in encrypted portions called 'shares'. These shares are both created and used in a fully distributed manner (just like threshold signing / or 'multi-sig'). You generally define a threshold 'm' out of 'n' that's mathematically required to get a valid cryptographic signature.
An attacker would need to compromise a sufficient quorum of these keys simultaneously in order to sign blockchain transactions that would extract the funds somewhere else. As you can imagine, the complexity of such attack is highly correlated (and actually tends to grow exponentially due to several factors) to the quorum threshold 'm'.
Curv seems to allow financial institutions and all kind of institutional investors to create the shares, manage them and use them securely to sign transactions.
The argument they provide which makes little sense to me is that there is no 'private key'. They just seem to play with jargon as the shares are pretty much equivalent to individual keys in a multi-sig system, or at least hold the same power and have same results in compromise scenarios.
Please take note that Spotify pays sub-market salaries for these cities. The reason being that they do not offer RSUs but instead public stock options without any discount.
- Typical FAANG compensation: X base pay + Y RSUs + Z signing bonus
- Spotify: X base pay + Y stock options (public, so equivalent to you purchasing stocks really) + no signing bonus