Secure multi-party computation is a method that can help businesses ensure the security of their sensitive data without undermining their ability to gain insights from it.
What is secure multi-party computation?
Secure multi-party computation (also called multi-party computation, SMPC, or MPC) is a cryptographic technique that enables different parties to carry out a computation using their private data without revealing their private data to each other.
How does secure multi-party computation work?
A popular example to illustrate the basic idea behind SMPC is as the following:
Suppose a group of employees wants to learn their average salary in order to find out whether they are underpaid or not. However, they don’t want to disclose their individual salary information. An SMPC method can solve this problem:
- Each employee is numbered from first to last.
- The first employee chooses an arbitrarily large number and adds their salary to the number and tells the second employee the result.
- The second employee adds their number to the value and tells the result to the third employee, and so on until the last employee.
- After adding their salary to the result, the last employee tells the result to the first employee.
- The first employee subtracts the large number they started with and divides the result by the number of employees in the group to obtain the average salary.
In this example, the large number chosen by the first employee hides his/her salary from others. On the other hand, the final result that the first employee receives from the last employee provides no information to the first employee about others’ salaries. As a result, the group, consisting of multiple parties, could securely compute the average salary without disclosing their salaries.
This is of course a simple example to illustrate how SMPC works. In real-world use cases, SMPC enables complex computations such as machine learning models using privately-held data without the need of sharing it.
What are the properties of secure multi-party computation?
SMPC aims to ensure two basic properties against adversarial attacks:
- Input privacy: No party can infer information about private inputs from the output.
- Correctness: An adversarial party must not be able to prevent other parties from receiving their correct outputs.
An adversary in this context refers to the parties that attack the computation process. The attack may be for learning private information of other parties or for causing the output of the computation to be incorrect.
What are secure multi-party computation advantages?
- Promotes privacy and data utility: SMPC can eliminate the tradeoff between data privacy and data utility since private or encrypted data doesn’t need to be shared with third parties or model owners to be utilized. By this means, it also eliminates the risks of data breaches and misuses stemming from data collection.
- Reveals only the final result: SMPC only reveals the final result and doesn’t reveal intermediate information during the computation. Compared with federated learning, a machine learning approach where data is not collected from different parties but model parameters are communicated, SMPC provides a higher security level.
- Less resource-intensive than other methods: Compared with fully homomorphic encryption, another cryptographic method that allows computation on encrypted data, SMPC requires less computing power.
What are secure multi-party computation disadvantages?
- Communication overhead: As illustrated in the example above, the SMPC method requires communication between parties, which can lead to high communication costs.
- Vulnerable to attacks from colluding parties: For instance, the second employee and the fourth employee can collude to learn the third employee’s salary by subtracting the value sent by second to third from the value sent by the third to fourth.
It is important to note that there are techniques to solve these problems, but they usually come with higher computational costs.
What are secure multi-party computation alternatives?
- Homomorphic encryption: HE enables computation on encrypted data without decrypting it first.
- Zero-knowledge proofs: Zero-knowledge proofs are mathematical techniques to verify the truth about information without revealing the information itself.
- Differential privacy: Differential privacy is a technique of adding a controlled amount of randomness to data that prevents malicious parties from obtaining information about individuals.
- Synthetic data: Synthetic data is data that is created artificially while preserving the important characteristics of real data.
- Federated learning: Federated learning is a machine learning approach that uses multiple local datasets without exchanging data.
For more on privacy-enhancing technologies, feel free to read our article on the topic.
If you have other questions about SMPC or privacy-enhancing technologies in general, we can help:
Cem has been the principal analyst at AIMultiple since 2017. AIMultiple informs hundreds of thousands of businesses (as per similarWeb) including 60% of Fortune 500 every month.
Cem's work has been cited by leading global publications including Business Insider, Forbes, Washington Post, global firms like Deloitte, HPE, NGOs like World Economic Forum and supranational organizations like European Commission. You can see more reputable companies and media that referenced AIMultiple.
Throughout his career, Cem served as a tech consultant, tech buyer and tech entrepreneur. He advised businesses on their enterprise software, automation, cloud, AI / ML and other technology related decisions at McKinsey & Company and Altman Solon for more than a decade. He also published a McKinsey report on digitalization.
He led technology strategy and procurement of a telco while reporting to the CEO. He has also led commercial growth of deep tech company Hypatos that reached a 7 digit annual recurring revenue and a 9 digit valuation from 0 within 2 years. Cem's work in Hypatos was covered by leading technology publications like TechCrunch and Business Insider.
Cem regularly speaks at international technology conferences. He graduated from Bogazici University as a computer engineer and holds an MBA from Columbia Business School.
To stay up-to-date on B2B tech & accelerate your enterprise:Follow on
Next to Read
Your email address will not be published. All fields are required.