Secure Multi-Party Computation


Secure multi-party computation (SMPC or MPC) enables multiple parties to jointly compute a function using private data, enabling accurate “black box” calculations that keep individual inputs confidential.

Secure multi-party computation (SMPC), sometimes referred to as secure computation, multi-party computation (MPC), or privacy-preserving computation, is a transformative cryptographic method. It enables multiple parties to compute a function using private inputs and view a public output—without ever revealing their inputs to the other parties. From medical research to AI to Web3, SMPC is strengthening data privacy and fostering collaboration.

<div class="educational-divider sections-divider"></div>

What Is Secure Multi-Party Computation?

Basic Explanation

SMPC enables “black box” functionality where many people can work on a calculation together using their private information. Even though everyone can see the result, their data is kept secret.

Intermediate Explanation

SMPC enables multiple parties to jointly compute a function using private data, keeping individual inputs confidential while still producing the correct output. It uses encryption and secret sharing to ensure privacy and security during the computation process.

Advanced Explanation

SMPC uses cryptographic primitives like secret sharing (e.g. Shamir), homomorphic encryption (e.g. Paillier, ElGamal), and zero-knowledge proofs (e.g., zk-SNARKs, zk-STARKs) to enable a given number (n) of participants each with private data (d1, d2, …, dn) to compute a public function on that data F(d1, d2, …, dn), without any participants learning information about another’s input.

SMPC protocols must ensure:

  • Privacy: No party can see or deduce private inputs from any other party.  
  • Accuracy: Parties that deviate from the protocol instructions cannot force honest participants to output an incorrect result.

Why Is SMPC Important?

SMPC is important for financial transactions, medical research, distributed voting, private bidding and auctions, and AI/ML learning processes where sensitive information needs to be processed or analyzed. It enables users to protect their private information while still participating in shared systems.

<div class="educational-divider sections-divider"></div>

History of MPC

The development of MPC can be traced back to the late 1970s with the introduction of special-purpose protocols for specific tasks. Then, in 1982, Andrew Yao formally introduced secure two-party computation, later extending it to multi-party computation. Since the late 2000s, the focus has shifted to enhancing the efficiency and practicality of these protocols for voting, signatures, auctions, and more. In the late 2010s, digital asset custodians began using MPC for securing digital assets. To further promote MPC technology, companies specializing in secure multi-party computation established the MPC Alliance in 2020.

<div class="educational-divider sections-divider"></div>

How Does Secure Multi-Party Computation Work?

In a typical SMPC protocol, each party holds a piece of private data and wants to compute a function that requires inputs from all parties. Through the protocol, parties use privacy-preserving techniques to exchange input data, such as encryption or masked shares, and then collectively compute the function.

MPC Example

Example of MPC using additive secret sharing.
Example of MPC for calculating average hourly wages (Source)

Imagine that three coworkers Alice, Bob, and Cynthia, want to know their average hourly wage but don’t want to share their own salary with each other. First, they break their wage into four amounts that add up to their hourly earnings. Next, they keep one of those figures, and share one each with the other coworkers along with a trusted third party. Now, each party calculates the average of the numbers they received. Finally, these averages are then shared and summed to provide the average hourly wage. While they all know the average, they don’t know each other’s individual earnings.

While this example uses a relatively simple additive secret-sharing technique, you can explore a more advanced mathematical example here.

<div class="educational-divider sections-divider"></div>

Two-Party Computation vs. Multi-Party Computation

Two-party computation is a subset of multi-party computation, which is limited to two participants. Andrew Yao introduced two-party computation to solve the famous “Millionaire’s Problem” of two millionaires who want to know who is richer without revealing their actual wealth. Two-party computation was later expanded to a multi-party format thanks to the Goldreich-Micali-Wigderson protocol.

<div class="educational-divider sections-divider"></div>

Benefits of Secure Multi-Party Computation

SMPC provides an array of benefits for individuals, developers, organizations, and research groups:

  • Enhanced Security: Better protection against data breaches by maintaining data confidentiality throughout the computation process.
  • Data privacy: Users can keep their data confidential while allowing third parties to use it in their applications, research, voting mechanisms, and more.
  • Regulatory compliance: Organizations can meet data protection regulations (e.g., GDPR, HIPAA) by processing sensitive data without exposing it, reducing the risk of non-compliance.
  • Collaboration: Researchers and institutions can securely aggregate and analyze data from multiple sources without compromising privacy, fostering cross-institutional collaboration and knowledge sharing.
  • Highly accurate: Results meet accuracy levels needed for high-value use cases.
  • Quantum-safe: Breaking up data and distributing it among participants makes it secure against quantum attacks.
  • Advanced functionality: Applications can provide users with advanced functionality without compromising on security.

<div class="educational-divider sections-divider"></div>

SMPC For Web3

MPC-Based Web3 Wallets

Diagram of how an MPC-based wallet signs transactions.
MPC enables multiple custodians to each use part of a private key to sign a transaction (Source)

In an MPC-compatible blockchain environment, the private keys of a Web3 wallet can be divided (sharded) among multiple parties. To execute any function, a minimum number of participants holding key shards must participate. This enhances the security and control for wallet operations.

For example, custodians use MPC-based Web3 wallets to secure digital assets and sign transactions. These wallets split a private key into multiple parts and then use MPC when they want to sign a transaction.

MPC vs. Multisig Wallets

Diagram of how a multi-sig wallet signs transactions.
Mult-sig wallets require multiple private keys to sign a transaction (Source)

Similar to the multi-signature signing process, MPC can play a key role in enabling multiple entities to jointly secure tokenized assets. While a multisig wallet relies on multiple private keys to sign a transaction, an MPC wallet splits a single key into multiple smaller parts and distributes them to each custodian.

Privacy-Preserving Computation

The open design of public blockchains like Ethereum means smart contracts are public for anyone to read, and their inherently isolated nature can limit functionality. While data could be computed off-chain in centralized servers, this would undermine the security guarantees that blockchains provide. By computing data off-chain in a highly secure and deterministic manner, Web3 protocols can access computation that provides both advanced functionality and confidentiality.

Learn more about blockchain technology

Get the latest Chainlink content straight to your inbox.