Secure multi-party computation (SMPC), sometimes referred to as secure computation, multi-party computation (MPC), or privacy-preserving computation, is a transformative cryptographic method. It enables multiple parties to compute a function using private inputs and view a public output—without ever revealing their inputs to the other parties. From medical research to AI to Web3, SMPC is strengthening data privacy and fostering collaboration.
What Is Secure Multi-Party Computation?
SMPC enables “black box” functionality where many people can work on a calculation together using their private information. Even though everyone can see the result, their data is kept secret.
SMPC enables multiple parties to jointly compute a function using private data, keeping individual inputs confidential while still producing the correct output. It uses encryption and secret sharing to ensure privacy and security during the computation process.
SMPC uses cryptographic primitives like secret sharing (e.g. Shamir), homomorphic encryption (e.g. Paillier, ElGamal), and zero-knowledge proofs (e.g., zk-SNARKs, zk-STARKs) to enable a given number (n) of participants each with private data (d1, d2, …, dn) to compute a public function on that data F(d1, d2, …, dn), without any participants learning information about another’s input.
SMPC protocols must ensure:
- Privacy: No party can see or deduce private inputs from any other party.
- Accuracy: Parties that deviate from the protocol instructions cannot force honest participants to output an incorrect result.
Why Is SMPC Important?
SMPC is important for financial transactions, medical research, distributed voting, private bidding and auctions, and AI/ML learning processes where sensitive information needs to be processed or analyzed. It enables users to protect their private information while still participating in shared systems.
History of MPC
The development of MPC can be traced back to the late 1970s with the introduction of special-purpose protocols for specific tasks. Then, in 1982, Andrew Yao formally introduced secure two-party computation, later extending it to multi-party computation. Since the late 2000s, the focus has shifted to enhancing the efficiency and practicality of these protocols for voting, signatures, auctions, and more. In the late 2010s, digital asset custodians began using MPC for securing digital assets. To further promote MPC technology, companies specializing in secure multi-party computation established the MPC Alliance in 2020.
How Does Secure Multi-Party Computation Work?
In a typical SMPC protocol, each party holds a piece of private data and wants to compute a function that requires inputs from all parties. Through the protocol, parties use privacy-preserving techniques to exchange input data, such as encryption or masked shares, and then collectively compute the function.
Imagine that three coworkers Alice, Bob, and Cynthia, want to know their average hourly wage but don’t want to share their own salary with each other. First, they break their wage into four amounts that add up to their hourly earnings. Next, they keep one of those figures, and share one each with the other coworkers along with a trusted third party. Now, each party calculates the average of the numbers they received. Finally, these averages are then shared and summed to provide the average hourly wage. While they all know the average, they don’t know each other’s individual earnings.
While this example uses a relatively simple additive secret-sharing technique, you can explore a more advanced mathematical example here.
Two-Party Computation vs. Multi-Party Computation
|Feature||Two-Party Computation||Multi-Party Computation|
|Protocol Variations||Fewer variations||More variations|
|Fault Tolerance||Less tolerant to faults||More tolerant to faults|
Two-party computation is a subset of multi-party computation, which is limited to two participants. Andrew Yao introduced two-party computation to solve the famous “Millionaire’s Problem” of two millionaires who want to know who is richer without revealing their actual wealth. Two-party computation was later expanded to a multi-party format thanks to the Goldreich-Micali-Wigderson protocol.
Benefits of Secure Multi-Party Computation
SMPC provides an array of benefits for individuals, developers, organizations, and research groups:
- Enhanced Security: Better protection against data breaches by maintaining data confidentiality throughout the computation process.
- Data privacy: Users can keep their data confidential while allowing third parties to use it in their applications, research, voting mechanisms, and more.
- Regulatory compliance: Organizations can meet data protection regulations (e.g., GDPR, HIPAA) by processing sensitive data without exposing it, reducing the risk of non-compliance.
- Collaboration: Researchers and institutions can securely aggregate and analyze data from multiple sources without compromising privacy, fostering cross-institutional collaboration and knowledge sharing.
- Highly accurate: Results meet accuracy levels needed for high-value use cases.
- Quantum-safe: Breaking up data and distributing it among participants makes it secure against quantum attacks.
- Advanced functionality: Applications can provide users with advanced functionality without compromising on security.
SMPC For Web3
MPC-Based Web3 Wallets
In an MPC-compatible blockchain environment, the private keys of a Web3 wallet can be divided (sharded) among multiple parties. To execute any function, a minimum number of participants holding key shards must participate. This enhances the security and control for wallet operations.
For example, custodians use MPC-based Web3 wallets to secure digital assets and sign transactions. These wallets split a private key into multiple parts and then use MPC when they want to sign a transaction.
MPC vs. Multisig Wallets
Similar to the multi-signature signing process, MPC can play a key role in enabling multiple entities to jointly secure tokenized assets. While a multisig wallet relies on multiple private keys to sign a transaction, an MPC wallet splits a single key into multiple smaller parts and distributes them to each custodian.
The open design of public blockchains like Ethereum means smart contracts are public for anyone to read, and their inherently isolated nature can limit functionality. While data could be computed off-chain in centralized servers, this would undermine the security guarantees that blockchains provide. By computing data off-chain in a highly secure and deterministic manner, Web3 protocols can access computation that provides both advanced functionality and confidentiality.