SPDZ software

SPDZ is an MPC software system developed by the University of Bristol.

The system:

  • uses BDOZ/SPDZ style MACs;
  • uses the n-party variant of the TinyOT protocol to perform the pre-processing (outlined in some of the papers below);
  • works over any finite field GF(p) for p bigger than 40 bits, which is needed for statistical security (in practice, to support floating and fixed point operations, p may be 128 bits in size);
  • provides actively secure offline and online phases;
  • provides a python-based front end to produce byte-code for execution by the system.

Please note that the software is provided 'as is'. We have no ability to provide support or help with your use of it.


Please download the SPDZ software licence (PDF, 127kB) before using SPDZ.  This is basically the BSD two clause licence; however, we request that any use of the software for scientific publications or commercial purposes should be reported to the University of Bristol (osi-notifications@bristol.ac.uk), quoting reference 1914. This is for impact and usage monitoring purposes only, so we can tell the original funders the impact their funding has had both academically and commercially.

Download SPDZ from our git repository

Historical background

The SPDZ system arises out of three papers, called BDOZ, SPDZ and TinyOT in much of the literature.

  • BDOZ: Semi-Homomorphic Encryption and Multiparty Computation : Rikke Bendlin and Ivan Damgard and Claudio Orlandi and Sarah Zakarias
  • SPDZ: Multiparty Computation from Somewhat Homomorphic Encryption : Ivan Damgard and Valerio Pastro and Nigel P. Smart and Sarah Zakarias
  • TinyOT: A New Approach to Practical Active-Secure Two-Party Computation : Jesper Buus Nielsen and Peter Sebastian Nordholt and Claudio Orlandi and Sai Sheshank Burra

The BDOZ paper introduced the idea of using linear homomorphic encryption to perform pre-processing, as well as the idea of ensuring an efficient online protocol using information theoretic MACs. The SPDZ paper outlined a much more efficient online phase using a different form of MAC, and used somewhat homomorphic encryption for the pre-processing. The TinyOT paper is focused on two party computation, uses BDOZ style MACs but uses OT as the pre-processing phase.

It was realised that all three protocols are essentially the same, but with tweaks related to how the MACs are produced, what finite fields are supported and what pre-processing is done. From a high level, they are all the same. Hence, one can select the best from each protocol and combine them. To avoid confusion in naming, or perhaps to add confusion, we call the resulting optimized system SPDZ; and it is this optimized system which we present here.

A large body of research work has gone into the system. As well as the papers detailed above the system builds on the following papers:

Email list

We have a mailing list for people using the software, which is the Google Group spdz@googlegroups.com. To post to this group you need to sign up and be approved.

Archive/join/leave the SPDZ mailing list

Authors, funders and thanks

The following people have contributed to the code base: Marcel Keller, Dragos Rotaru, Peter Scholl, and Nigel P. Smart.

The following people have contributed to the mathematics underlying the code base: Ivan Damgard, Tore Kasper Frederiksen, Marcel Keller, Enrique Larraia, Claudio Orlandi, Emmanuela Orsini, Jesper Buus Nielsen, Christian Miles, Valerio Pastro, Peter Scholl, and Nigel P. Smart.

Thanks need to be extended to all our co-authors, and others in the community who have provided moral support and intellectual ideas. A special thanks goes to the team at Aarhus University (Damgard, Nielsen and Orlandi).

Finally the work on the project has been funded by a number of parties, including DARPA, EPSRC, ERC, and The Royal Society.

Edit this page