The SPDZ protocol (pronounced "Speedz") is a maliciously secure multi-party computation framework that operates in the preprocessing model, separating the protocol into an input-independent offline phase and a fast, input-dependent online phase. It uses information-theoretic MACs on secret-shared values, allowing parties to detect any attempt by an adversary to deviate from the protocol with overwhelming probability.
Glossary
SPDZ Protocol

What is SPDZ Protocol?
The SPDZ protocol is a family of secure multi-party computation (MPC) protocols that provides active security against malicious adversaries by using information-theoretic message authentication codes (MACs) to detect cheating during computation.
SPDZ is optimized for arithmetic circuits over finite fields, making it highly efficient for machine learning tasks involving linear algebra. The protocol's security guarantees hold against active adversaries who may corrupt up to n-1 out of n computing parties, ensuring robust privacy and correctness even when a majority of participants are malicious.
Key Features of SPDZ
The SPDZ protocol family achieves malicious security in multi-party computation by combining additive secret sharing with information-theoretic message authentication codes (MACs), enabling efficient arithmetic operations in the preprocessing model.
Malicious Security with MACs
SPDZ provides security against active adversaries who may arbitrarily deviate from the protocol. Each secret-shared value is accompanied by a message authentication code (MAC)—a random linear combination held jointly by the parties. Any attempt to cheat during computation corrupts the MAC relationship, causing the protocol to abort with overwhelming probability. This information-theoretic guarantee eliminates reliance on computational assumptions for integrity.
Preprocessing Model Efficiency
SPDZ separates computation into two phases:
- Preprocessing (offline): Parties generate correlated randomness—Beaver triples, random shared values, and MAC keys—independent of the function inputs
- Online phase: Parties consume preprocessed material to evaluate the circuit using only lightweight operations (addition, scalar multiplication)
This architecture shifts heavy cryptography to the input-independent offline phase, enabling sub-millisecond online multiplication in the arithmetic setting.
Arithmetic Circuit Optimization
SPDZ operates natively over arithmetic circuits modulo a prime p, making it exceptionally efficient for machine learning workloads involving matrix multiplications and dot products. Unlike garbled circuits that require decomposing arithmetic into boolean gates, SPDZ performs additions with zero communication and multiplications with constant-round interaction. This makes it the protocol of choice for secure neural network inference and secure stochastic gradient descent.
Overdrive: Removing the Bottleneck
The original SPDZ offline phase required somewhat homomorphic encryption (SHE) with high computational cost. The Overdrive protocol variant dramatically improves preprocessing throughput by:
- Using oblivious transfer extensions for triple generation
- Batching SHE operations across many triples simultaneously
- Reducing ciphertext expansion through clever packing techniques
These optimizations make maliciously secure MPC practical for production-scale workloads with hundreds of millions of gates.
Information-Theoretic Online Phase
Once preprocessing material is generated, the SPDZ online phase achieves information-theoretic security—security that holds against computationally unbounded adversaries. The only cryptographic assumption resides in the offline phase. This property means:
- Online operations are unconditionally secure given correct preprocessing
- No reliance on hardness assumptions during function evaluation
- Post-quantum security in the online phase
- Extremely low computational overhead per gate
SPDZ vs. Other MPC Protocols
A technical comparison of the SPDZ family against other prominent secure multi-party computation protocols across key architectural and security dimensions.
| Feature | SPDZ Family | BMR | Garbled Circuits (Yao) | BGW/Shamir |
|---|---|---|---|---|
Security Model | Malicious (active) with abort | Malicious (active) | Semi-honest (passive) | Malicious (active) with honest majority |
Corruption Threshold | Dishonest majority (n-1 of n) | Dishonest majority | Dishonest majority | Honest majority (< n/2 malicious) |
Circuit Type | Arithmetic (prime fields, rings) | Boolean | Boolean | Arithmetic (prime fields) |
Preprocessing Model | ||||
Cheating Detection | Information-theoretic MACs | Garbled circuit output verification | Error correction via polynomial shares | |
Online Phase Complexity | Highly efficient (linear ops only) | Heavy (OT per AND gate) | Heavy (OT per AND gate) | Efficient (local computation) |
Round Complexity | Constant rounds for multiplication | Constant rounds | Constant rounds | Logarithmic depth |
Communication Overhead | Low (amortized MAC checking) | High (broadcast per gate) | High (4 ciphertexts per AND gate) | Low (broadcast shares only) |
Enabling Efficiency, Speed & Accuracy
Intelligent Analysis, Decision & Execution
We build AI systems for teams that need search across company data, workflow automation across tools, or AI features inside products and internal software.
Talk to Us
Search across company data
Give teams answers from docs, tickets, runbooks, and product data with sources and permissions.
Useful when people spend too long searching or get different answers from different systems.

Automate internal workflows
Use AI to route work, draft outputs, trigger actions, and keep approvals and logs in place.
Useful when repetitive work moves across multiple tools and teams.

Add AI to products and internal tools
Build assistants, guided actions, or decision support into the software your team or customers already use.
Useful when AI needs to be part of the product, not a separate tool.
Frequently Asked Questions
Clear, technical answers to the most common questions about the SPDZ family of maliciously secure multi-party computation protocols, covering its mechanisms, performance, and practical deployment.
The SPDZ protocol (pronounced "Speedz") is a family of maliciously secure multi-party computation (MPC) protocols that enables a group of mutually distrusting parties to jointly compute a function over their private inputs while guaranteeing correctness and privacy even if an active adversary corrupts a subset of the parties. It operates in the preprocessing model, separating the protocol into two distinct phases: an input-independent offline phase that generates correlated randomness (primarily Beaver triples for multiplication and authentication values), and a highly efficient online phase where the actual computation occurs using the pre-generated material. The core innovation is its use of information-theoretic message authentication codes (MACs) on secret-shared values. Every secret value x is represented as a share [x] along with a MAC share [m_x] that binds x to a global secret key α. During the online phase, any attempt by a corrupted party to cheat—such as announcing an incorrect share—will be detected with overwhelming probability when the MACs are checked, causing the honest parties to abort. This MAC-based approach is what elevates SPDZ from semi-honest security to active, malicious security without relying on expensive zero-knowledge proofs for every operation.
Related Terms
Core primitives, optimizations, and related protocols that form the foundation of the SPDZ family of maliciously secure multi-party computation frameworks.
Beaver Triples
Pre-computed, secret-shared multiplication triples that are the primary cryptographic fuel for SPDZ's online phase. Each triple consists of random shares [a], [b], [c] where c = a * b.
- Preprocessing Model: Triples are generated offline, independent of the function or inputs
- Online Efficiency: A single multiplication requires only opening two masked values and local operations
- MACed Triples: In SPDZ, triples are authenticated with information-theoretic MACs to detect cheating
- Consumption Rate: One triple is consumed per multiplication gate in the arithmetic circuit
Message Authentication Codes (MACs)
SPDZ uses information-theoretic MACs on secret-shared values to achieve malicious security. Every shared value [x] is accompanied by a MAC share [m_x] where m_x = α * x for a global secret key α.
- Global Key α: A secret-shared random value unknown to any single party
- MAC Check: After computation, parties open a random linear combination of all opened values and verify the corresponding MACs
- Cheating Detection: Any inconsistency between a value and its MAC reveals tampering with overwhelming probability
- Overhead: Adds one extra secret-shared value per wire in the circuit
MASCOT Protocol
Multi-party Arithmetic with Secure Oblivious Transfer — a protocol for generating authenticated Beaver triples using only oblivious transfer as the base primitive, avoiding expensive somewhat homomorphic encryption.
- OT-Based: Uses correlated oblivious transfer extensions for efficient triple generation
- Malicious Security: Achieves active security through MAC authentication on all shares
- Communication Complexity:
O(n²)per multiplication gate in the preprocessing phase - Practical Threshold: Efficient for up to ~100 parties before communication overhead dominates
Overdrive Variants
A family of SPDZ protocols (LowGear, HighGear, TopGear) that use somewhat homomorphic encryption (SHE) for efficient triple generation, dramatically reducing communication at scale.
- LowGear: Optimized for low-latency LAN settings with SHE-based triple production
- HighGear: Balances computation and communication for WAN deployments
- TopGear: Pushes triple generation to a dedicated preprocessing phase for maximum online speed
- SIMD Packing: Encrypts multiple plaintexts in a single ciphertext for amortized efficiency
SPDZ2k
A variant of SPDZ operating over a mod-2^k ring (typically k=64) rather than a prime field, mapping directly to native CPU integer arithmetic for dramatic speed improvements.
- Native Arithmetic: Eliminates modular reduction overhead of prime fields
- Probabilistic MACs: Uses slightly weaker statistical security (e.g., 2^-40 forgery probability) for practical efficiency
- Truncation: Supports efficient fixed-point arithmetic via probabilistic truncation protocols
- Machine Learning: Particularly well-suited for quantized neural network inference

About the author
Prasad Kumkar
CEO & MD, Inference Systems
Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.
His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.
Partnered with leading AI, data, and software stack.
How We Work
Custom AI workflows for your Business
One-fit-all AI don't work for modern businesses. At Inferensys, we aim to understand your business & custom requirements; which we use to define most efficient agentic workflows, the data, and the tools for your business.
01
Review the use case
We understand the task, the users, and where AI can actually help.
Read more02
Pick the right approach
We define what needs search, automation, or product integration.
Read more03
Build the first useful version
We implement the part that proves the value first.
Read more04
Improve from there
We add the checks and visibility needed to keep it useful.
Read moreThe first call is a practical review of your use case and the right next step.
Talk to Us