Multi-Party Computation (MPC)

last updated 2026-05-04

Physics / mechanism

Multi-party computation is a cryptographic protocol family allowing n parties to jointly compute a function over private inputs without any party revealing its data to others. Core mechanism: secret sharing (Shamir, additive) splits each input into shares distributed across parties; computation proceeds on shares via arithmetic or Boolean circuits, with results reconstructed only at output. Variants include garbled circuits (Yao, two-party, constant rounds), GMW protocol (multi-party, linear rounds), and SPDZ (preprocessing model, malicious security). Performance benchmarks: AES evaluation ~0.1–1ms in semi-honest LAN settings; malicious-secure protocols add 5–10× overhead. Homomorphic encryption (FHE) handles single-party computation on encrypted data and is often conflated but distinct. MPC maturity is high for specific applications (threshold signatures, private set intersection); general-purpose MPC remains latency-constrained.

Competitive landscape

ApproachSecurity modelLatencyCompute overhead
MPC (SPDZ/GMW)Multi-party, maliciousMedium–High10–100× vs plaintext
FHE (CKKS/BFV)Single-party computeHigh1000–10000×
TEE (SGX/TrustZone)Hardware attestationLow~1–2×

Companies using

Connected ideas

Sources

Frontier (open questions)

Frontier questions