Home/Blockchain/Multi-party Computation/Secure Computation

πŸ›‘οΈ Secure Computation: Garbled Circuits

Learn how MPC enables private function evaluation

Compute on encrypted data without revealing it

Your Progress

0 / 5 completed
1
2
3
4
5

Secure Computation

**Secure computation** is the process of evaluating functions on secret-shared data without revealing the inputs. Once data is split into shares, parties can perform addition and multiplication on shares, with the results remaining in shared form. Only the final output is reconstructed.

Different protocols offer different tradeoffs: GMW uses boolean circuits with oblivious transfer, Yao's protocol pre-encrypts ("garbles") the entire circuit, SPDZ uses arithmetic circuits with MACs for malicious security, and ABY3 combines approaches for optimal 3-party computation.

Interactive: Secure Average Salary Computation

Watch how three parties compute their average salary using MPC without revealing individual salaries.

πŸ‘© Alice's Salary
$50k
Private input (not revealed)
πŸ‘¨ Bob's Salary
$70k
Private input (not revealed)
πŸ‘© Carol's Salary
$60k
Private input (not revealed)

MPC Protocol Comparison

Different protocols offer different tradeoffs for secure computation.

GMW Protocol

Goldreich-Micali-Wigderson (1987)

Classic protocol using boolean circuits and oblivious transfer

Approach
Boolean circuits with secret sharing
Communication Rounds
O(depth) rounds
Communication Cost
O(gates) per round
Security Model
Semi-honest & malicious variants
Best For
General circuits, moderate depth

πŸ” Security Models

πŸ˜‡
Semi-Honest (Honest-but-Curious)
Parties follow protocol but try to learn extra information from transcripts
😈
Malicious (Byzantine)
Parties can deviate arbitrarily from protocol to attack security
βš–οΈ
Honest Majority
Assumes more than 50% of parties are honest (enables better efficiency)

Operations on Secret Shares

βž• Addition (Easy)

To add two secret-shared values, each party simply adds their shares locally. No communication needed!

[a] + [b] = [a + b] // Each party adds their shares

βœ–οΈ Multiplication (Hard)

Multiplication requires interaction: parties must exchange shares to prevent information leakage.

[a] Γ— [b] = [a Γ— b] // Requires Beaver triples or OT

πŸ”„ Comparison (Very Hard)

Comparing encrypted values (a > b?) is expensiveβ€”requires bit decomposition or garbled circuits.

[a] > [b] // Expensive: O(log max_value) rounds
←Previous