Multi-Party Computation (MPC)

Privacy is the paramount guarantee of MPC, ensuring that no party learns anything about another party's private input beyond what can be inferred from the output of the computed function. This is formalized using the simulation paradigm: anything a party can learn by participating in the protocol can be simulated using only its own input and the final output. Protocols achieve this through techniques like secret sharing, where an input is split into meaningless shares distributed among participants, and garbled circuits, which encrypt the logic of the computation.

Correctness guarantees that all honest participants in the protocol will compute the accurate output of the agreed-upon function, provided the protocol is followed. This property ensures the computational integrity of the process, meaning the result is equivalent to having a trusted third party perform the computation. Correctness must hold even in the presence of malicious adversaries who may attempt to deviate from the protocol. It is typically enforced through cryptographic commitments and verification steps like zero-knowledge proofs or information-theoretic message authentication codes (MACs).

MPC protocols are classified by their adversarial model and threshold assumption. The two primary models are:

• Honest-Majority: The protocol is secure as long as a strict majority (e.g., >50% or >2/3) of participants are honest and follow the protocol. These protocols are often more efficient.
• Malicious-Majority (or Dishonest Majority): The protocol remains secure even if all but one of the participants are malicious and actively try to cheat. This provides stronger security guarantees but requires more complex cryptographic machinery, such as cut-and-choose for garbled circuits. The threshold (t-out-of-n) defines the maximum number of corrupt parties the protocol can tolerate.

This property ensures that either all honest parties receive the correct output, or no party receives any output. It prevents a malicious party from aborting the protocol after learning the result, thereby withholding it from others. Fairness is challenging to achieve, especially in the malicious-majority setting without a trusted setup. Weaker variants include:

• Security with Abort: A malicious party can cause the protocol to abort without delivering output to anyone, but cannot learn the output unless others do.
• Selective Abort: An adversary can choose which honest parties receive the output.

Input independence ensures that a malicious party must choose its inputs to the computation independently of the honest parties' inputs. Without this, an adversary could wait to see the honest parties' encrypted inputs or commitments before choosing its own, biasing the result. Non-malleability is a related concept ensuring that an adversary cannot transform an honest party's input commitment into a commitment to a related value. These properties are enforced using non-malleable commitments and synchronized input submission phases.

Robustness is a strong guarantee that the protocol will always produce a valid output, regardless of the behavior of malicious parties. It combines correctness and guaranteed output delivery, ensuring that honest parties always compute the correct result and malicious parties cannot prevent this. Robust protocols are typically more expensive in terms of communication and computation. In practice, many protocols opt for the slightly weaker security with abort to gain efficiency, relying on external reputation systems or financial penalties (slashing) to deter aborting behavior.

MPC is the cryptographic backbone for secure aggregation in federated learning. It allows a central server to compute the average of model updates from multiple clients (e.g., hospitals, mobile devices) without ever seeing any individual's private gradient data. This prevents the server from performing model inversion attacks to reconstruct sensitive training data.

• Key Mechanism: Uses secret sharing to distribute client updates as encrypted shares.
• Enterprise Example: A consortium of banks collaboratively trains a fraud detection model on their combined transaction data, with MPC ensuring no bank learns another's customer patterns.

Enterprises use MPC to perform joint business intelligence on their combined datasets while maintaining competitive secrecy. Parties can compute aggregate statistics—like sum, average, or standard deviation—across their collective data without revealing individual records.

• Common Queries: "What is the total market size?" or "What is the average customer lifetime value across our alliance?"
• Technical Foundation: Relies on protocols like Garbled Circuits or Secret Sharing to evaluate a function (the query) on distributed, encrypted inputs.
• Use Case: Competing retailers analyze regional sales trends to optimize shared supply chains without disclosing store-level revenue.

MPC enables encrypted inference, where a client can query a model hosted by another party without revealing their input, and the model owner does not reveal their proprietary model weights. This is critical for using sensitive data with third-party AI services.

• Process: The client's private data and the server's model weights are kept in encrypted form throughout the computation.
• Application: A pharmaceutical company uses a cloud-based, proprietary protein-folding model on its confidential molecular structures. MPC ensures the cloud provider never sees the structures, and the company never accesses the model weights.

MPC protocols can implement sealed-bid auctions where the winner and price are determined without revealing any non-winning bids. This preserves bidder privacy and prevents bid manipulation.

• Function Computed: Finds the maximum bid and the second-highest price (for Vickrey auctions) on encrypted bids.
• Enterprise Relevance: Used in advertising exchanges, spectrum auctions, and supply chain procurement where bid data is highly sensitive strategic information.
• Guarantee: Only the auction outcome is revealed; all other bid values remain secret.

In highly regulated fields, MPC allows multiple hospitals or research institutions to perform genome-wide association studies (GWAS) or train diagnostic models on their pooled patient data. Patient records never leave their source institution, ensuring compliance with HIPAA and GDPR.

• Solves the Data Silos Problem: Enables large-scale research without the legal and ethical risks of centralizing sensitive health data.
• Specific Computation: Statistical tests for correlations between genetic markers and diseases across a distributed population.
• Impact: Accelerates medical discovery while enforcing privacy-by-design.

Banks and financial institutions use MPC to collaboratively detect money laundering networks and synthetic identity fraud without sharing transaction details or customer profiles, which is often legally prohibited.

• Core Task: Securely linking entities and transactions across institutional boundaries to identify suspicious patterns.
• Protocol Choice: Often employs Private Set Intersection (PSI), a specialized MPC protocol, to find common customers or transactions between banks without revealing the full customer lists.
• Benefit: Dramatically increases the detection surface for cross-institutional crime while maintaining strict client confidentiality.

A form of encryption that allows computations to be performed directly on ciphertext. When the ciphertext is decrypted, the result matches the output of the operations as if they had been performed on the plaintext. Unlike MPC, which involves interactive protocols between parties, homomorphic encryption often allows a single party (e.g., a cloud server) to compute on encrypted data without needing the secret key. Fully Homomorphic Encryption (FHE) enables arbitrary computations but is computationally intensive.

A rigorous mathematical framework for quantifying and limiting privacy loss. It guarantees that the inclusion or exclusion of any single individual's data in an analysis has a negligible effect on the output. While MPC hides the raw data during computation, differential privacy adds calibrated noise to the final output to protect individuals in the aggregated result. These techniques are highly complementary and can be combined for layered privacy guarantees.

A property of a distributed system that allows it to reach correct consensus even when some of its components fail or act maliciously (send conflicting information). While MPC protocols are designed to preserve input privacy from other participants, BFT protocols are designed to ensure system reliability and agreement in the presence of faults. Advanced MPC protocols may incorporate BFT principles to remain secure even if some parties deviate from the protocol.

A cryptographic method by which one party (the prover) can prove to another party (the verifier) that a statement is true without revealing any information beyond the validity of the statement itself. ZKPs can be integrated with MPC to allow parties to prove that their private inputs satisfy certain properties (e.g., a value is within a valid range) without revealing the inputs, adding a layer of verifiable correctness to the private computation.