Lilly Tech Systems
MPC Best Practices
Deploying MPC for real AI applications requires careful attention to performance, protocol selection, and integration with other privacy technologies. These best practices help you build practical, efficient, and secure systems.
Choosing the Right Protocol
| Scenario | Recommended Protocol | Reason |
|---|---|---|
| Two-party inference | Garbled circuits + secret sharing hybrid | Constant rounds, efficient for neural networks |
| Multi-party training (honest majority) | Shamir-based (e.g., Falcon) | Efficient multiplication with honest majority |
| Multi-party training (dishonest majority) | SPDZ protocol | Malicious security without honest majority |
| Secure aggregation | Additive secret sharing | Simple, efficient for summing updates |
| Private set intersection | ECDH-based PSI or OPRF-based PSI | Sublinear communication for large sets |
Performance Optimization
Minimize Non-Linear Operations
Linear operations (addition, matrix multiplication) are cheap in MPC. Non-linear operations (ReLU, comparisons, division) are expensive. Use ReLU approximations (polynomial activations) or reduce the number of ReLU layers.
Use Offline/Online Separation
Precompute data-independent cryptographic material (Beaver triples, OT correlations) in an offline phase. The online phase then runs much faster.
Batch Operations
Process multiple inference requests or data points simultaneously. The amortized cost per item decreases significantly with batching.
Network-Aware Design
MPC performance is dominated by network latency and bandwidth. Co-locate servers in the same data center when possible. Use protocols with fewer rounds for high-latency networks.
Combining MPC with Other PETs
MPC is most powerful when combined with complementary privacy-enhancing technologies:
- MPC + Differential Privacy: Use MPC to securely compute aggregates, then add DP noise to the output. The MPC protects inputs during computation; DP protects the output from inference attacks.
- MPC + Federated Learning: Use MPC-based secure aggregation to protect individual model updates in FL. This prevents the server from seeing any individual client's gradient.
- MPC + Homomorphic Encryption: Use HE for single-server computations and MPC for multi-party protocols. Some protocols use HE internally (e.g., for the SPDZ offline phase).
- MPC + Trusted Execution Environments: TEEs (Intel SGX, ARM TrustZone) can accelerate MPC protocols by providing a trusted execution environment for parts of the computation.
Security Considerations
- Choosing semi-honest when malicious is needed: If parties have financial incentive to cheat, semi-honest security is insufficient.
- Ignoring side channels: Timing, memory access patterns, and network traffic can leak information even with correct MPC protocols.
- Output leakage: The output itself may reveal information about inputs. Consider whether the output should be protected with DP.
- Implementation bugs: Use well-audited libraries rather than implementing protocols from scratch.
Deployment Checklist
- Define your threat model: who are the parties, what do they trust, what are they trying to protect?
- Choose semi-honest vs malicious security based on actual trust relationships
- Benchmark with realistic data sizes and network conditions
- Implement the offline phase precomputation pipeline
- Set up secure communication channels (TLS) between all parties
- Plan for failure modes: what happens if a party goes offline?
- Audit the MPC implementation with cryptography experts
- Document the security guarantees and their limitations