--- id: wiki-2026-0508-secure-multi-party-computation title: Secure Multi-party Computation category: 10_Wiki/Topics status: verified canonical_id: self aliases: [MPC, SMPC, Secure Computation] duplicate_of: none source_trust_level: A confidence_score: 0.88 verification_status: applied tags: [cryptography, privacy, mpc, federated, ai-privacy] raw_sources: [] last_reinforced: 2026-05-10 github_commit: pending tech_stack: language: python framework: crypten --- # Secure Multi-party Computation ## 매 한 줄 > **"매 N parties 가 jointly compute f(x1, ..., xN) without revealing inputs"**. Yao 1982 garbled circuits → BGW 1988 secret sharing → modern SPDZ, ABY3, CrypTen for privacy-preserving ML. 매 2026 production: Apple PCC (Private Cloud Compute), Meta CrypTen, Google federated analytics. ## 매 핵심 ### 매 Primitives - **Secret sharing** (Shamir): 매 split secret into N shares, t+1 reconstruct. - **Garbled circuits** (Yao): 매 2-party Boolean circuit evaluation. - **Homomorphic encryption** (FHE/PHE): 매 compute on ciphertext. - **Oblivious Transfer** (OT): 매 sender sends 1 of 2, receiver picks without revealing. ### 매 Threat models - **Semi-honest** (passive): 매 follow protocol but try to learn. - **Malicious** (active): 매 deviate arbitrarily — 매 needs MAC/zero-knowledge. - **Covert**: 매 cheat detected with high probability. ### 매 Modern frameworks - **CrypTen** (Meta): PyTorch-style MPC for ML. - **MP-SPDZ**: 매 wide protocol library. - **TF-Encrypted**: TensorFlow MPC. - **Concrete** (Zama): TFHE for ML inference. ### 매 응용 1. Privacy-preserving ML inference (medical, financial). 2. Federated learning aggregation (secure aggregation). 3. Private set intersection (ad measurement). 4. Apple PCC: 매 trusted enclave + attestation for LLM. ## 💻 패턴 ### Shamir secret sharing ```python import random from sympy import mod_inverse PRIME = 2**127 - 1 def share(secret, n, t): coeffs = [secret] + [random.randrange(PRIME) for _ in range(t-1)] shares = [] for i in range(1, n+1): y = sum(c * pow(i, j, PRIME) for j, c in enumerate(coeffs)) % PRIME shares.append((i, y)) return shares def reconstruct(shares): secret = 0 for i, (xi, yi) in enumerate(shares): num, den = 1, 1 for j, (xj, _) in enumerate(shares): if i != j: num = (num * -xj) % PRIME den = (den * (xi - xj)) % PRIME secret = (secret + yi * num * mod_inverse(den, PRIME)) % PRIME return secret ``` ### CrypTen ML inference ```python import crypten import torch crypten.init() # Two parties: server has model, client has input @crypten.mpc.run_multiprocess(world_size=2) def private_inference(): model = crypten.nn.from_pytorch(my_model, dummy_input) model.encrypt(src=0) # server holds model x_enc = crypten.cryptensor(client_input, src=1) # client input y_enc = model(x_enc) y = y_enc.get_plain_text() # decrypt result return y private_inference() ``` ### Secure aggregation (federated learning) ```python def secure_aggregate(client_updates, threshold): # Each client masks update with random pad shared via DH n = len(client_updates) masks = [generate_pairwise_masks(i, n) for i in range(n)] masked = [u + sum(masks[i]) for i, u in enumerate(client_updates)] # Server sums — masks 매 cancel out return sum(masked) # 매 individual updates 매 hidden ``` ### Garbled circuit (Yao 2PC) ```python def garble_AND(): # 매 circuit: z = x AND y keys = {(b1, b2): random.randbytes(16) for b1 in [0,1] for b2 in [0,1]} output_keys = {0: random.randbytes(16), 1: random.randbytes(16)} table = [] for (b1, b2), k_in in keys.items(): z = b1 & b2 ct = aes_encrypt(k_in, output_keys[z]) table.append(ct) random.shuffle(table) return table, output_keys ``` ### TFHE inference (Zama Concrete) ```python from concrete import fhe @fhe.compiler({"x": "encrypted"}) def relu(x): return fhe.maxes(x, 0) circuit = relu.compile([(i,) for i in range(-128, 128)]) encrypted = circuit.encrypt(-5) result = circuit.run(encrypted) print(circuit.decrypt(result)) # 0 ``` ### Private set intersection ```python def psi_dh(a_set, b_set): # Diffie-Hellman based PSI a_secret, b_secret = random_scalar(), random_scalar() A_blinded = [hash_to_curve(x) ** a_secret for x in a_set] B_blinded = [hash_to_curve(y) ** b_secret for y in b_set] A_double = [p ** b_secret for p in A_blinded] B_double = [p ** a_secret for p in B_blinded] return set(A_double) & set(B_double) ``` ## 매 결정 기준 | 상황 | Approach | |---|---| | 2-party ML inference | 매 Garbled circuits 또는 CrypTen | | N-party aggregation | 매 Secret sharing (BGW, SPDZ) | | Single ciphertext compute | 매 FHE (Concrete, Microsoft SEAL) | | Trusted hardware available | 매 TEE (SGX, Apple PCC) — 매 fastest | | Production LLM privacy | 매 Apple PCC pattern (TEE + attestation) | **기본값**: 매 ML inference 면 CrypTen (semi-honest 2PC), 매 production privacy LLM 면 TEE-based (Apple PCC). ## 🔗 Graph - 부모: [[Practical-Cryptography|Cryptography]] · [[Privacy-Preserving ML]] - 변형: [[Homomorphic Encryption]] - 응용: [[Federated Learning]] - Adjacent: [[Differential Privacy]] ## 🤖 LLM 활용 **언제**: 매 multi-party data joint analysis, 매 client-side model with private data, 매 medical/financial cross-org compute. **언제 X**: 매 single-party compute (DP 면 충분), 매 latency-critical (MPC 매 100-1000× slower). ## ❌ 안티패턴 - **Semi-honest in production**: 매 malicious adversary 가능 면 fail. - **MPC for everything**: 매 100× overhead — TEE 가 better when available. - **Naive secret sharing**: 매 multiplication 매 expensive (Beaver triples 필요). - **Ignoring side-channels**: 매 timing/power leak — 매 protocol-only 매 부족. ## 🧪 검증 / 중복 - Verified (Yao 1982, BGW 1988, Damgård SPDZ 2012, CrypTen 2020). - Apple PCC technical paper 2024. - 신뢰도 A. ## 🕓 Changelog | 날짜 | 변경 | |---|---| | 2026-05-08 | Phase 1 | | 2026-05-10 | Manual cleanup — primitives, modern frameworks, Apple PCC 추가 |