2nd/10_Wiki/Topics/AI_and_ML/Secure-Multi-party-Computation.md

---
id: wiki-2026-0508-secure-multi-party-computation
title: Secure Multi-party Computation
category: 10_Wiki/Topics
status: verified
canonical_id: self
aliases: [MPC, SMPC, Secure Computation]
duplicate_of: none
source_trust_level: A
confidence_score: 0.88
verification_status: applied
tags: [cryptography, privacy, mpc, federated, ai-privacy]
raw_sources: []
last_reinforced: 2026-05-10
github_commit: pending
tech_stack:
  language: python
  framework: crypten
---

# Secure Multi-party Computation

## 매 한 줄
> **"매 N parties 가 jointly compute f(x1, ..., xN) without revealing inputs"**. Yao 1982 garbled circuits → BGW 1988 secret sharing → modern SPDZ, ABY3, CrypTen for privacy-preserving ML. 매 2026 production: Apple PCC (Private Cloud Compute), Meta CrypTen, Google federated analytics.

## 매 핵심

### 매 Primitives
- **Secret sharing** (Shamir): 매 split secret into N shares, t+1 reconstruct.
- **Garbled circuits** (Yao): 매 2-party Boolean circuit evaluation.
- **Homomorphic encryption** (FHE/PHE): 매 compute on ciphertext.
- **Oblivious Transfer** (OT): 매 sender sends 1 of 2, receiver picks without revealing.

### 매 Threat models
- **Semi-honest** (passive): 매 follow protocol but try to learn.
- **Malicious** (active): 매 deviate arbitrarily — 매 needs MAC/zero-knowledge.
- **Covert**: 매 cheat detected with high probability.

### 매 Modern frameworks
- **CrypTen** (Meta): PyTorch-style MPC for ML.
- **MP-SPDZ**: 매 wide protocol library.
- **TF-Encrypted**: TensorFlow MPC.
- **Concrete** (Zama): TFHE for ML inference.

### 매 응용
1. Privacy-preserving ML inference (medical, financial).
2. Federated learning aggregation (secure aggregation).
3. Private set intersection (ad measurement).
4. Apple PCC: 매 trusted enclave + attestation for LLM.

## 💻 패턴

### Shamir secret sharing
```python
import random
from sympy import mod_inverse

PRIME = 2**127 - 1

def share(secret, n, t):
    coeffs = [secret] + [random.randrange(PRIME) for _ in range(t-1)]
    shares = []
    for i in range(1, n+1):
        y = sum(c * pow(i, j, PRIME) for j, c in enumerate(coeffs)) % PRIME
        shares.append((i, y))
    return shares

def reconstruct(shares):
    secret = 0
    for i, (xi, yi) in enumerate(shares):
        num, den = 1, 1
        for j, (xj, _) in enumerate(shares):
            if i != j:
                num = (num * -xj) % PRIME
                den = (den * (xi - xj)) % PRIME
        secret = (secret + yi * num * mod_inverse(den, PRIME)) % PRIME
    return secret
```

### CrypTen ML inference
```python
import crypten
import torch

crypten.init()

# Two parties: server has model, client has input
@crypten.mpc.run_multiprocess(world_size=2)
def private_inference():
    model = crypten.nn.from_pytorch(my_model, dummy_input)
    model.encrypt(src=0)  # server holds model

    x_enc = crypten.cryptensor(client_input, src=1)  # client input
    y_enc = model(x_enc)
    y = y_enc.get_plain_text()  # decrypt result
    return y

private_inference()
```

### Secure aggregation (federated learning)
```python
def secure_aggregate(client_updates, threshold):
    # Each client masks update with random pad shared via DH
    n = len(client_updates)
    masks = [generate_pairwise_masks(i, n) for i in range(n)]
    masked = [u + sum(masks[i]) for i, u in enumerate(client_updates)]
    # Server sums — masks 매 cancel out
    return sum(masked)  # 매 individual updates 매 hidden
```

### Garbled circuit (Yao 2PC)
```python
def garble_AND():
    # 매 circuit: z = x AND y
    keys = {(b1, b2): random.randbytes(16) for b1 in [0,1] for b2 in [0,1]}
    output_keys = {0: random.randbytes(16), 1: random.randbytes(16)}
    table = []
    for (b1, b2), k_in in keys.items():
        z = b1 & b2
        ct = aes_encrypt(k_in, output_keys[z])
        table.append(ct)
    random.shuffle(table)
    return table, output_keys
```

### TFHE inference (Zama Concrete)
```python
from concrete import fhe

@fhe.compiler({"x": "encrypted"})
def relu(x):
    return fhe.maxes(x, 0)

circuit = relu.compile([(i,) for i in range(-128, 128)])
encrypted = circuit.encrypt(-5)
result = circuit.run(encrypted)
print(circuit.decrypt(result))  # 0
```

### Private set intersection
```python
def psi_dh(a_set, b_set):
    # Diffie-Hellman based PSI
    a_secret, b_secret = random_scalar(), random_scalar()
    A_blinded = [hash_to_curve(x) ** a_secret for x in a_set]
    B_blinded = [hash_to_curve(y) ** b_secret for y in b_set]
    A_double = [p ** b_secret for p in A_blinded]
    B_double = [p ** a_secret for p in B_blinded]
    return set(A_double) & set(B_double)
```

## 매 결정 기준
| 상황 | Approach |
|---|---|
| 2-party ML inference | 매 Garbled circuits 또는 CrypTen |
| N-party aggregation | 매 Secret sharing (BGW, SPDZ) |
| Single ciphertext compute | 매 FHE (Concrete, Microsoft SEAL) |
| Trusted hardware available | 매 TEE (SGX, Apple PCC) — 매 fastest |
| Production LLM privacy | 매 Apple PCC pattern (TEE + attestation) |

**기본값**: 매 ML inference 면 CrypTen (semi-honest 2PC), 매 production privacy LLM 면 TEE-based (Apple PCC).

## 🔗 Graph
- 부모: [[Practical-Cryptography|Cryptography]] · [[Privacy-Preserving ML]]
- 변형: [[Homomorphic Encryption (HE)]]
- 응용: [[Federated Learning]]
- Adjacent: [[Differential Privacy]]

## 🤖 LLM 활용
**언제**: 매 multi-party data joint analysis, 매 client-side model with private data, 매 medical/financial cross-org compute.
**언제 X**: 매 single-party compute (DP 면 충분), 매 latency-critical (MPC 매 100-1000× slower).

## ❌ 안티패턴
- **Semi-honest in production**: 매 malicious adversary 가능 면 fail.
- **MPC for everything**: 매 100× overhead — TEE 가 better when available.
- **Naive secret sharing**: 매 multiplication 매 expensive (Beaver triples 필요).
- **Ignoring side-channels**: 매 timing/power leak — 매 protocol-only 매 부족.

## 🧪 검증 / 중복
- Verified (Yao 1982, BGW 1988, Damgård SPDZ 2012, CrypTen 2020).
- Apple PCC technical paper 2024.
- 신뢰도 A.

## 🕓 Changelog
| 날짜 | 변경 |
|---|---|
| 2026-05-08 | Phase 1 |
| 2026-05-10 | Manual cleanup — primitives, modern frameworks, Apple PCC 추가 |