SPDZ is an MPC software system developed by the University of Bristol.
- uses BDOZ/SPDZ style MACs;
- uses the n-party variant of the TinyOT protocol to perform the pre-processing (outlined in some of the papers below);
- works over any finite field GF(p) for p bigger than 40 bits, which is needed for statistical security (in practice, to support floating and fixed point operations, p may be 128 bits in size);
- provides actively secure offline and online phases;
- provides a python-based front end to produce byte-code for execution by the system.
Please note that the software is provided 'as is'. We have no ability to provide support or help with your use of it.
Please download the SPDZ software licence (PDF, 127kB) before using SPDZ. This is basically the BSD two clause licence; however, we request that any use of the software for scientific publications or commercial purposes should be reported to the University of Bristol (firstname.lastname@example.org), quoting reference 1914. This is for impact and usage monitoring purposes only, so we can tell the original funders the impact their funding has had both academically and commercially.
The SPDZ system arises out of three papers, called BDOZ, SPDZ and TinyOT in much of the literature.
- BDOZ: Semi-Homomorphic Encryption and Multiparty Computation : Rikke Bendlin and Ivan Damgard and Claudio Orlandi and Sarah Zakarias
- SPDZ: Multiparty Computation from Somewhat Homomorphic Encryption : Ivan Damgard and Valerio Pastro and Nigel P. Smart and Sarah Zakarias
- TinyOT: A New Approach to Practical Active-Secure Two-Party Computation : Jesper Buus Nielsen and Peter Sebastian Nordholt and Claudio Orlandi and Sai Sheshank Burra
The BDOZ paper introduced the idea of using linear homomorphic encryption to perform pre-processing, as well as the idea of ensuring an efficient online protocol using information theoretic MACs. The SPDZ paper outlined a much more efficient online phase using a different form of MAC, and used somewhat homomorphic encryption for the pre-processing. The TinyOT paper is focused on two party computation, uses BDOZ style MACs but uses OT as the pre-processing phase.
It was realised that all three protocols are essentially the same, but with tweaks related to how the MACs are produced, what finite fields are supported and what pre-processing is done. From a high level, they are all the same. Hence, one can select the best from each protocol and combine them. To avoid confusion in naming, or perhaps to add confusion, we call the resulting optimized system SPDZ; and it is this optimized system which we present here.
A large body of research work has gone into the system. As well as the papers detailed above the system builds on the following papers:
- 2016/542 MPC-Friendly Symmetric Key Primitives
Lorenzo Grassi and Christian Rechberger and Dragos Rotaru and Peter Scholl and Nigel P. Smart
- 2016/505 MASCOT: Faster Malicious Arithmetic Secure Computation with Oblivious Transfer
Marcel Keller and Emmanuela Orsini and Peter Scholl
- 2015/901 A Unified Approach to MPC with Preprocessing using OT
Tore Kasper Frederiksen and Marcel Keller and Emmanuela Orsini and Peter Scholl
- 2015/546 Actively Secure OT Extension with Optimal Overhead
Marcel Keller and Emmanuela Orsini and Peter Scholl
- 2015/472 High Performance Multi-Party Computation for Binary Circuits Based on Oblivious Transfer
Sai Sheshank Burra and Enrique Larraia and Jesper Buus Nielsen and Peter Sebastian Nordholt and Claudio Orlandi and Emmanuela Orsini and Peter Scholl and Nigel P. Smart
- 2015/467 The Oblivious Machine, or: How to Put the C into MPC
- 2014/137 Efficient, Oblivious Data Structures for MPC
Marcel Keller and Peter Scholl
- 2014/101 Dishonest Majority Multi-Party Computation for Binary Circuits
Enrique Larraia and Emmanuela Orsini and Nigel P. Smart
- 2013/143 An architecture for practical actively secure MPC with dishonest majority
Marcel Keller and Peter Scholl and Nigel P. Smart
- 2012/642 Practical Covertly Secure MPC for Dishonest Majority â€" or: Breaking the SPDZ Limits
Ivan Damgard and Marcel Keller and Enrique Larraia and Valerio Pastro and Peter Scholl and Nigel P. Smart
- 2012/262 Implementing AES via an Actively/Covertly Secure Dishonest-Majority MPC Protocol
Ivan Damgard and Marcel Keller and Enrique Larraia and Christian Miles and Nigel P. Smart
We have a mailing list for people using the software, which is the Google Group email@example.com. To post to this group you need to sign up and be approved.
Authors, funders and thanks
The following people have contributed to the code base: Marcel Keller, Dragos Rotaru, Peter Scholl, and Nigel P. Smart.
The following people have contributed to the mathematics underlying the code base: Ivan Damgard, Tore Kasper Frederiksen, Marcel Keller, Enrique Larraia, Claudio Orlandi, Emmanuela Orsini, Jesper Buus Nielsen, Christian Miles, Valerio Pastro, Peter Scholl, and Nigel P. Smart.
Thanks need to be extended to all our co-authors, and others in the community who have provided moral support and intellectual ideas. A special thanks goes to the team at Aarhus University (Damgard, Nielsen and Orlandi).
Finally the work on the project has been funded by a number of parties, including DARPA, EPSRC, ERC, and The Royal Society.