2nd/10_Wiki/Topics/AI_and_ML/Secure-Multi-party-Computation.md

id, title, category, status, canonical_id, aliases, duplicate_of, source_trust_level, confidence_score, verification_status, tags, raw_sources, last_reinforced, github_commit, tech_stack

id	title	category	status	canonical_id	aliases	duplicate_of	source_trust_level	confidence_score	verification_status	tags	raw_sources	last_reinforced	github_commit	tech_stack
wiki-2026-0508-secure-multi-party-computation	Secure Multi-party Computation	10_Wiki/Topics	verified	self	MPC SMPC Secure Computation	none	A	0.88	applied	cryptography privacy mpc federated ai-privacy		2026-05-10	pending	language framework python crypten

Secure Multi-party Computation

매 한 줄

"매 N parties 가 jointly compute f(x1, ..., xN) without revealing inputs". Yao 1982 garbled circuits → BGW 1988 secret sharing → modern SPDZ, ABY3, CrypTen for privacy-preserving ML. 매 2026 production: Apple PCC (Private Cloud Compute), Meta CrypTen, Google federated analytics.

매 핵심

매 Primitives

• Secret sharing (Shamir): 매 split secret into N shares, t+1 reconstruct.
• Garbled circuits (Yao): 매 2-party Boolean circuit evaluation.
• Homomorphic encryption (FHE/PHE): 매 compute on ciphertext.
• Oblivious Transfer (OT): 매 sender sends 1 of 2, receiver picks without revealing.

매 Threat models

• Semi-honest (passive): 매 follow protocol but try to learn.
• Malicious (active): 매 deviate arbitrarily — 매 needs MAC/zero-knowledge.
• Covert: 매 cheat detected with high probability.

매 Modern frameworks

• CrypTen (Meta): PyTorch-style MPC for ML.
• MP-SPDZ: 매 wide protocol library.
• TF-Encrypted: TensorFlow MPC.
• Concrete (Zama): TFHE for ML inference.

매 응용

1. Privacy-preserving ML inference (medical, financial).
2. Federated learning aggregation (secure aggregation).
3. Private set intersection (ad measurement).
4. Apple PCC: 매 trusted enclave + attestation for LLM.

💻 패턴

Shamir secret sharing

import random
from sympy import mod_inverse

PRIME = 2**127 - 1

def share(secret, n, t):
    coeffs = [secret] + [random.randrange(PRIME) for _ in range(t-1)]
    shares = []
    for i in range(1, n+1):
        y = sum(c * pow(i, j, PRIME) for j, c in enumerate(coeffs)) % PRIME
        shares.append((i, y))
    return shares

def reconstruct(shares):
    secret = 0
    for i, (xi, yi) in enumerate(shares):
        num, den = 1, 1
        for j, (xj, _) in enumerate(shares):
            if i != j:
                num = (num * -xj) % PRIME
                den = (den * (xi - xj)) % PRIME
        secret = (secret + yi * num * mod_inverse(den, PRIME)) % PRIME
    return secret

CrypTen ML inference

import crypten
import torch

crypten.init()

# Two parties: server has model, client has input
@crypten.mpc.run_multiprocess(world_size=2)
def private_inference():
    model = crypten.nn.from_pytorch(my_model, dummy_input)
    model.encrypt(src=0)  # server holds model

    x_enc = crypten.cryptensor(client_input, src=1)  # client input
    y_enc = model(x_enc)
    y = y_enc.get_plain_text()  # decrypt result
    return y

private_inference()

Secure aggregation (federated learning)

def secure_aggregate(client_updates, threshold):
    # Each client masks update with random pad shared via DH
    n = len(client_updates)
    masks = [generate_pairwise_masks(i, n) for i in range(n)]
    masked = [u + sum(masks[i]) for i, u in enumerate(client_updates)]
    # Server sums — masks 매 cancel out
    return sum(masked)  # 매 individual updates 매 hidden

Garbled circuit (Yao 2PC)

def garble_AND():
    # 매 circuit: z = x AND y
    keys = {(b1, b2): random.randbytes(16) for b1 in [0,1] for b2 in [0,1]}
    output_keys = {0: random.randbytes(16), 1: random.randbytes(16)}
    table = []
    for (b1, b2), k_in in keys.items():
        z = b1 & b2
        ct = aes_encrypt(k_in, output_keys[z])
        table.append(ct)
    random.shuffle(table)
    return table, output_keys

TFHE inference (Zama Concrete)

from concrete import fhe

@fhe.compiler({"x": "encrypted"})
def relu(x):
    return fhe.maxes(x, 0)

circuit = relu.compile([(i,) for i in range(-128, 128)])
encrypted = circuit.encrypt(-5)
result = circuit.run(encrypted)
print(circuit.decrypt(result))  # 0

Private set intersection

def psi_dh(a_set, b_set):
    # Diffie-Hellman based PSI
    a_secret, b_secret = random_scalar(), random_scalar()
    A_blinded = [hash_to_curve(x) ** a_secret for x in a_set]
    B_blinded = [hash_to_curve(y) ** b_secret for y in b_set]
    A_double = [p ** b_secret for p in A_blinded]
    B_double = [p ** a_secret for p in B_blinded]
    return set(A_double) & set(B_double)

매 결정 기준

상황	Approach
2-party ML inference	매 Garbled circuits 또는 CrypTen
N-party aggregation	매 Secret sharing (BGW, SPDZ)
Single ciphertext compute	매 FHE (Concrete, Microsoft SEAL)
Trusted hardware available	매 TEE (SGX, Apple PCC) — 매 fastest
Production LLM privacy	매 Apple PCC pattern (TEE + attestation)

기본값: 매 ML inference 면 CrypTen (semi-honest 2PC), 매 production privacy LLM 면 TEE-based (Apple PCC).

🔗 Graph

• 부모: Practical-Cryptography · Privacy-Preserving ML
• 변형: Homomorphic Encryption (HE)
• 응용: Federated Learning
• Adjacent: Differential Privacy

🤖 LLM 활용

언제: 매 multi-party data joint analysis, 매 client-side model with private data, 매 medical/financial cross-org compute. 언제 X: 매 single-party compute (DP 면 충분), 매 latency-critical (MPC 매 100-1000× slower).

❌ 안티패턴

• Semi-honest in production: 매 malicious adversary 가능 면 fail.
• MPC for everything: 매 100× overhead — TEE 가 better when available.
• Naive secret sharing: 매 multiplication 매 expensive (Beaver triples 필요).
• Ignoring side-channels: 매 timing/power leak — 매 protocol-only 매 부족.

🧪 검증 / 중복

• Verified (Yao 1982, BGW 1988, Damgård SPDZ 2012, CrypTen 2020).
• Apple PCC technical paper 2024.
• 신뢰도 A.

🕓 Changelog

날짜	변경
2026-05-08	Phase 1
2026-05-10	Manual cleanup — primitives, modern frameworks, Apple PCC 추가