Inferensys

Glossary

Beaver Triples

Pre-computed, secret-shared multiplication triples used in secure multi-party computation to enable efficient, non-interactive multiplication of secretly shared values.
Developer demonstrating multi-agent tool use, agent tool selection interface on laptop, casual tech demo moment.
CRYPTOGRAPHIC PRIMITIVE

What is Beaver Triples?

Beaver triples are pre-computed, secret-shared multiplication triples used in secure multi-party computation to enable efficient, non-interactive multiplication of secretly shared values.

A Beaver triple is a pre-distributed set of three secret-shared values (a, b, c) where c = a * b. Generated during an offline, input-independent preprocessing phase, these correlated random values are consumed during the online phase to convert a secure multiplication into two local openings and linear operations, eliminating expensive interactive cryptographic steps.

Named after cryptographer Donald Beaver, this technique is foundational to the SPDZ protocol family and other MPC-in-the-preprocessing model frameworks. By shifting heavy cryptographic computation to an offline phase, Beaver triples enable highly efficient, low-latency secure arithmetic in privacy-preserving machine learning tasks like secure matrix multiplication and secure stochastic gradient descent.

CRYPTOGRAPHIC PRIMITIVE

Key Characteristics of Beaver Triples

Beaver triples are the foundational preprocessing element that transforms expensive, interactive secure multiplications into fast, independent local operations. They are the engine of efficient arithmetic in secret-sharing-based MPC.

01

Precomputed Multiplication Triples

A Beaver triple is a set of three secret-shared values ([a], [b], [c]) where c = a * b and a and b are uniformly random and unknown to any party. These triples are generated in a data-independent preprocessing phase, completely decoupled from the actual computation inputs. This separation is the key to performance: the heavy cryptographic lifting is done offline before the real data arrives.

02

The Online Multiplication Trick

To multiply two secretly shared values [x] and [y], parties consume one precomputed triple ([a], [b], [c]):

  • Each party locally computes and broadcasts [x] - [a] and [y] - [b].
  • The differences ε = x - a and δ = y - b are reconstructed openly.
  • The product is computed locally as [x*y] = [c] + ε[b] + δ[a] + εδ. This reduces a complex interactive protocol to one round of communication and simple local arithmetic.
03

Triple Generation Methods

Generating valid triples without revealing a, b, or c to any party is the core challenge. Common generation techniques include:

  • Homomorphic Encryption: One party encrypts a and b, and another computes c under encryption using additive homomorphism.
  • Oblivious Transfer (OT): Using OT extension to generate many triples efficiently from a small base of public-key operations.
  • Trusted Dealer: A third party generates and distributes triples, suitable for the honest-majority setting. The choice of method directly impacts the protocol's security model and throughput.
04

Consumption and Circuit Depth

Each multiplication gate in an arithmetic circuit consumes exactly one Beaver triple. The total number of triples required equals the number of multiplication operations in the computation. Addition and subtraction gates are free, requiring no triples and no communication. This makes the multiplicative depth of a circuit the primary metric for estimating both the preprocessing storage requirements and the online round complexity of an MPC protocol.

05

Security and Authentication

In protocols secure against malicious adversaries (like SPDZ), triples are not just secret-shared but also authenticated using information-theoretic message authentication codes (MACs). Each share comes with a MAC share, allowing parties to verify that an opened value (like ε) was not tampered with. The preprocessing phase must generate these authenticated triples, which are then consumed in the online phase to guarantee correctness with abort.

06

Storage and Throughput Trade-offs

Beaver triples represent a classic storage-for-speed trade-off:

  • A single triple for 64-bit values is roughly 384 bytes of storage.
  • A circuit with 1 million multiplication gates requires ~366 MB of precomputed triples.
  • Modern OT-based generation can produce millions of triples per second on commodity hardware. This makes the approach viable for deep neural network inference, where matrix multiplications dominate the computational graph.
BEAVER TRIPLES

Frequently Asked Questions

Clear, technical answers to the most common questions about Beaver Triples, the foundational preprocessing primitive that enables efficient, non-interactive multiplication in secure multi-party computation.

A Beaver Triple is a pre-computed, secret-shared tuple of the form (a, b, c) where c = a * b and a and b are random values unknown to any single party. In secure multi-party computation (MPC), these triples are generated during an offline, input-independent preprocessing phase. During the online phase, when two secretly shared values [x] and [y] need to be multiplied, the parties reveal the masked values [x] - [a] and [y] - [b]. Because a and b are random, these reveals leak no information about x or y. The parties then locally compute [x*y] = [c] + (x-a)*[b] + (y-b)*[a] + (x-a)*(y-b), using only one round of communication. This technique, introduced by Donald Beaver in 1991, converts an expensive interactive multiplication into a cheap, non-interactive local computation, making it the cornerstone of efficient arithmetic-circuit MPC protocols like SPDZ.

Prasad Kumkar

About the author

Prasad Kumkar

CEO & MD, Inference Systems

Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.

His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.