What Is Multiparty Computation?

With so much of the world’s business being conducted electronically, the amount of data has never been greater. Still, this abundance of data—which is moving faster than ever thanks to advancements in research areas connected to 5G technology—can be used to calculate even more numerical insight. The issue then is how to share and utilize data without sacrificing privacy.

This is where the answer to “what is multiparty computation?” arrives.

At its heart, multiparty computation (MPC) allows for multiple parties to share data for computing tasks without revealing each other’s data. All parties are privy to the output of the computing tasks, but no party learns anything about others.


How Multiparty Computation Works

Multiparty computation builds upon Shamir’s secret sharing scheme. Developed by Adi Shamir in the late 1970s, Shamir secret sharing is a cryptography algorithm where a private key is divided into shares. These shares are distributed to different parties so each party possesses only part of the secret, ensuring no one has the entire secret. The secret is obtainable only through recombination of shares. However, computations can still take place on the shares. More importantly, the output of those computations is still correct, and the data is still a secret.

The point, then, of secure multiparty computation is to allow different parties—or different devices—a protocol that protects data during collaborative computations. While security is often concerned with tacks from an outside source, multiparty computation seeks to protect data from any involved party seeking to act maliciously. Additionally, while multiparty computation seeks to protect data from each of the parties involved, it also allows for correct computations to be calculated.

An Example of What Multiparty Computation Is Used For

To get an idea of how the encryption protocols of multiparty computation work, imagine you wanted to analyze current salaries of various careers in the health care industry. Salaries are usually private information, so it is important that individuals and companies not have to divulge this private information. However, by studying the average salaries of various fields, you are hoping to get a sense of where the health care industry may see a higher rate of growth in the years to come.

For this example, say you are interested in the salaries of registered nurses who work in intensive care units. Nurse A’s salary is $100K. In additive secret sharing, the multiparty computation protocols split this $100K into three randomly generated shares: $40K, $35K, and $25K. Nurse A then keeps one of these secret shares ($40K) for herself and distributes one secret share each to Nurse B ($35K) and Nurse C ($25K).

The salaries of Nurse B and Nurse C follow the same multiparty computation protocol. When the secret sharing is completed, each person holds three secret shares: one from Nurse A’s salary, one from Nurse B’s, and one from Nurse C’s.

At this point, all three nurses have contributed their personal information, yet no nurse is able to determine the exact salary of any other nurse. Therefore, the data remains private.

However, even though these secret shares do not reveal any personal information, they are still beneficial. Once all of the secret shares are added together and then divided by three, we still get an accurate average of all three nurses’ salaries.

Processes for Successful Multiparty Computation

While multiparty computation allows for data providers to keep their data private, there are several processes that must be carried out.

  1. Privacy: No party should obtain any knowledge about any other party. The computed output is the only information any party should obtain.
  2. Correctness: Each party is guaranteed that the calculated output is accurate.
  3. Independence of inputs: Any needed input must be given independently.
  4. Guaranteed output: All parties should receive the generated output. All parties must be willing to respect the calculated output.
  5. Fairness: Each party should receive any calculated output only if every other party receives theirs.

Limitations to Multiparty Computation

Because multiparty computation needs parties to communicate with each other, one limitation to its protocols is the willing collusion between two parties to determine the data of a third party. This is possible if two parties are willing to share their own data with each other. By combining their data, they can deduce the data of a third party.

Going back to our example of the nurses’ salaries: if Nurse A and Nurse C shared their salaries with each other, they could determine Nurse B’s salary. For this reason, multiple privacy zones are necessary.

Privacy zones are created by utilizing two or more domains or servers with each containing their own set of privacy restrictions. These privacy zones therefore allow separate parties, even within the same company or department, to participate in multiparty computation. The data is protected because none of it is located in the same domain or stored on the same server.


How Multiparty Computation Compares with Other Security Methods

Since most cryptographic tasks are concerned with protecting data from an external adversary, protection from participating parties has lagged.

However, multiparty computation protocols have closed that gap. Since all data is encrypted, no one learns anything they did not already know.

Beyond protecting data, a large advantage to secure multiparty computation is that it still allows data analysts to run computations on encrypted data. Even at the speeds attainable thanks to the successful implementation of a 5G roadmap (PDF, 480 KB), the data can remain encrypted. This holds true whether that data is in memory, in process, or at rest. Because the data remains encrypted, it is protected at all times.

Alternative Cryptographic Methods

Aside from multiparty computation, there are other methods of maintaining data security.

  • Homomorphic encryption: This encryption scheme allows for the computation of encrypted data. In fact, multiparty computation is considered a subfield of this method.
  • Zero-knowledge proofs: These mathematical techniques are used to verify the accuracy of information without revealing the information itself.
  • Differential privacy: This method employs a controlled amount of randomness to alter data. By altering data randomly, differential privacy ensures that a malicious party cannot obtain any private information about individuals.
  • Obfuscation: This method seeks to mask sensitive information by adding intentionally misleading or distracting data.
  • Pseudonymization: This method replaces specific information with fictitious data.
  • Data minimization: This is an effort to collect the minimum amount of personal data a business needs to provide a service.
  • Communication anonymizers: The idea here is that anonymizers replace an online identity with a single-use identity. Because the identity is temporary, it’s disposable and untraceable.
  • Synthetic data: This refers to the method of creating false data that preserves the relevant characteristics of the real data.
  • Federated learning: This type of machine learning approach uses multiple sets of local data without ever needing to exchange that data.

The Advantages of Multiparty Computation

While the various cryptographic methods discussed above have their capabilities, secure multiparty computation has its advantages.

One key advantage is that multiparty computation can reduce the trade-off between data privacy and data utility. Whereas an encryption method like obfuscation still utilizes the precise data it is trying to protect, multiparty computation more effectively eliminates the risk that data will be obtained by a malicious party.

Another distinct advantage to multiparty computation is that it reveals only the final result. Since participating parties aren’t part of the computation, the data remains private. Compared to an encryption method like federated learning, multiparty computation is more secure. This is because secure multiparty computation does not collect data from participating parties through a set of communicated parameters that can potentially be ignored.

Finally, compared to a method such as fully homomorphic encryption, multiparty computation uses less computing power. This means it is not as taxing on the computing system.


Multiparty Computation from Somewhat Homomorphic Encryption

Homomorphic encryption enables secure computational operations on encrypted data. The generated result is encrypted. Once the result has been decrypted, testing (PDF, 3 MB) shows this matches the result that would have been generated on unencrypted data.

The idea behind this encryption is that the data can be transferred, analyzed, and returned to its original source without having shared its secret. This is how companies are able to share sensitive data with a third party for analysis purposes without sacrificing data privacy.

The Three Most Common Types of Homomorphic Encryption

Encrypted data can be stored safely or transferred to a third party for analysis. Depending on the type of homomorphic encryption, certain processes are possible.

  • Partial homomorphic encryption: This method of encryption can perform one type of operation on encrypted data. For example, this type of encryption would allow data to be either added or multiplied, not both. The obvious drawback is that only one type of operation is possible.
  • Somewhat homomorphic encryption: This method of encryption can perform more than one type of operation. Data encrypted this way could be added and multiplied, but there is a limit to the number of operations that can be accomplished.
  • Fully homomorphic encryption: With this method of encryption, more than one type of secure computation can be performed. Additionally, there is no limit to the number of operations that can be performed.

Secure Multiparty Computation and Homomorphic Encryption

Ultimately, multiparty computation is a subfield of cryptography. More specifically, multiparty computation is a subfield of homomorphic encryption in that it allows operations to be performed on encrypted data.

The advantage to multiparty computation is that its users can run computations on encrypted data from multiple sources. This means more parties can collaborate and input their data without sacrificing their privacy. Without this capability, we would be unable to harness the power of big data.


Applications for Secure Multiparty Computation

Now that secure multiparty computation has become a viable method of encryption, many industries are increasingly taking advantage of its capabilities. Financial institutions, the health care sector, and a variety of applications for third-party data analytics (PDF, 382 KB) benefit from multiparty computation.

In 2015 the Boston Women’s Workforce Council partnered with Boston University's Hariri Institute for Computing to analyze the city’s gender wage gap. Multiparty computation allowed numerous Boston-area companies to submit their payroll data securely. The results revealed that Boston’s women made considerably less than men.

In the fast-paced and lucrative world of cryptocurrency, companies involved in crypto trading understand what multiparty computation is. They use multiparty computation not only to carry out cryptographic computations but also to protect their private key. If their key were to be obtained, then their sensitive information could be decrypted.

Thus, crypto companies use multiparty computation to divide their private key into shares. These shares are distributed among multiple parties who can use their shares to verify only the information for which they have the key. The point is that both the data and key to decrypting that data never belong solely to any one party.

In the health care industry, where a patient’s privacy is critical, multiparty computation has allowed for data sharing. This has been used to discover trends in various cancers and to track the adverse effects of various drug combinations.

As big data continues to accumulate, there is little reason to believe that the secure protocol of multiparty computation will not be a big reason such advances are possible.


Learning More About Multiparty Computation

Understanding what multiparty computation is is an ongoing process, as its applications are still evolving. While multiparty computation has already advanced from theory to practical usability, computer scientists are still finding ways to utilize its encrypted computing capabilities. There is little doubt that multiparty computation will be an integral part of data protection for the foreseeable future.

Interested in joining IEEE Digital Privacy? IEEE Digital Privacy is an IEEE-wide effort dedicated to champion the digital privacy needs of the individuals. This initiative strives to bring the voice of technologists to the digital privacy discussion and solutions, incorporating a holistic approach to address privacy that also includes economic, legal, and social perspectives. Join the IEEE Digital Privacy Community to stay involved with the initiative program activities and connect with others in the field.