SMPC for Joint ML Training: Implementation and Protocols

We design and deploy artificial intelligence systems: from prototype to production-ready solutions. Our team combines expertise in machine learning, data engineering and MLOps to make AI work not in the lab, but in real business.
Showing 1 of 1All 1566 services
SMPC for Joint ML Training: Implementation and Protocols
Complex
from 1 week to 3 months
Frequently Asked Questions

AI Development Areas

AI Solution Development Stages

Latest works

  • image_website-b2b-advance_0.webp
    B2B ADVANCE company website development
    1318
  • image_web-applications_feedme_466_0.webp
    Development of a web application for FEEDME
    1226
  • image_websites_belfingroup_462_0.webp
    Website development for BELFINGROUP
    926
  • image_ecommerce_furnoro_435_0.webp
    Development of an online store for the company FURNORO
    1160
  • image_logo-advance_0.webp
    B2B Advance company logo design
    620
  • image_crm_enviok_479_0.webp
    Development of a web application for Enviok
    894

We implement Secure Multi-Party Computation (SMPC) for companies that need to train an ML model on combined data from multiple parties without exposing private information. A typical case: three banks want to build a common anti-fraud detector but cannot share customer transactions. SMPC solves this—each party holds their data, and computations run over encrypted shares. Gradient inversion attacks expose gradients in Federated Learning; SMPC provides cryptographic guarantees that no party learns others' data.

How Is the Math Behind SMPC?

Secret Sharing (Shamir's scheme) is foundational: a number x is split into n shares such that any k shares reconstruct x, while k‑1 shares reveal nothing. In ML, each model parameter becomes a set of shares distributed among participants. All operations (addition, multiplication) are performed on shares without revealing original values.

Beaver's Multiplication Triples are precomputed random triples (a, b, c) where c = a·b. Multiplication is the most expensive operation in SMPC; triples allow executing it in one communication round instead of many.

Garbled Circuits are an alternative: one party “garbles” a logic circuit, another evaluates it without learning the first party's inputs. Suitable for non-linear operations like ReLU or comparisons.

Why Is SMPC More Reliable Than Federated Learning?

They are often confused, but the difference is fundamental:

Aspect Federated Learning SMPC
Transmitted data Gradients/weights Encrypted shares
Vulnerability Gradient inversion attacks Collusion among participants
Performance High Depends on protocol
Guarantees Heuristic Cryptographic (strict)
Applicability Large-scale (many clients) Small-scale (2–10 parties)

SMPC gives cryptographically strong guarantees—1000× more reliable than FL heuristics. Therefore, for tasks with high confidentiality requirements (banks, healthcare), SMPC is chosen.

Which SMPC Protocols Do We Use?

SPDZ (Speedz) is our primary choice for arithmetic circuits. It consists of two phases:

  1. Offline phase: generation of Beaver's triples (can be pre-executed on GPU).
  2. Online phase: actual computations on data.

It supports arbitrary arithmetic operations, including matrix multiplication—critical for neural networks. SPDZ is up to 2x faster than ABY for arithmetic-heavy models.

ABY Framework is a hybrid of three paradigms:

  • Arithmetic sharing for linear operations (matrix multiplication)
  • Boolean sharing for non-linear functions (ReLU, max pooling)
  • Yao's garbled circuits for complex non-linearities.

Implementations: MP-SPDZ, MOTION, ABY3, CrypTen from Facebook—a Python framework integrated with PyTorch.

Example: Training Linear Regression with CrypTen

import crypten
import crypten.mpc as mpc
import torch

crypten.init()

@mpc.run_multiprocess(world_size=3)
def train_private():
    features = crypten.load('features.pt', src=0)
    labels = crypten.load('labels.pt', src=1)

    features_enc = crypten.cryptensor(features)
    labels_enc = crypten.cryptensor(labels)

    model = crypten.nn.from_pytorch(torch_model, features_enc)
    model.train()

    output = model(features_enc)
    loss = crypten.nn.MSELoss()(output, labels_enc)
    loss.backward()
    # Gradients are also encrypted shares

How to Evaluate SMPC Performance?

SMPC is significantly slower than plain training:

  • Overhead: 100–1000× for non-linear operations
  • Bottleneck: non-linearities (ReLU, sigmoid, softmax) require special protocols
  • Network latencies matter: multi-round communication

Optimizations:

  • Approximation of non-linear functions with polynomials (ReLU ≈ x²/4 in range [-2, 2])
  • GPU acceleration of the offline phase
  • Batch processing to amortize overhead
  • Asynchronous precomputation of triples

Realistic expectations: logistic regression on 100k records among three parties—minutes. Medium-complexity neural network—hours. Inference—seconds.

Protocol Operation type Overhead (×) GPU support
SPDZ Arithmetic 10–50 Yes (offline)
ABY Hybrid 50–200 No
Garbled Circuits Non-linear 100–500 No

SMPC provides a formal guarantee of confidentiality—no party learns others' data (Evans et al.). Homomorphic encryption is a related technique but less efficient for joint ML training.

Example of Shamir's scheme for 3 participants: Let x = 5, threshold k=2. Choose a random polynomial f(t)=5+3t. Shares: (1,8), (2,11), (3,14). Any 2 shares reconstruct 5, one share gives only an infinite set of possible x.

Step-by-Step SMPC Implementation Plan

  1. Task audit: determine number of parties, data type, required performance.
  2. Protocol selection: SPDZ for arithmetic, ABY for hybrid schemes.
  3. Scheme design: split computations into linear/non-linear parts.
  4. Implementation on a framework: CrypTen or MP-SPDZ integrated into your pipeline.
  5. Performance testing: measure p99 latency, throughput, bandwidth.
  6. Security audit: check absence of collusion and side-channel leaks.
  7. Pilot launch: on synthetic data, then on real data.

Practical Cases

We implemented SMPC for a consortium of three banks: trained a fraud detection model on a combined dataset (2 million records) without a single disclosure of raw data. Protocol: SPDZ, 3 participants, training time: 12 minutes on a GPU cluster. Result: model accuracy improved by 7% compared to isolated training.

Other applications:

  • Medical research: clinics combine data on rare diseases.
  • Tax control: tax authorities and banks jointly train models without accessing raw data.
  • Competitive analytics: industry companies assess market trends without disclosing internal metrics.

Deliverables

  • Project audit and protocol recommendation document
  • Secure computation architecture design and documentation
  • Implementation on chosen framework (CrypTen, MP-SPDZ) with performance optimization
  • Security audit report and code review
  • Training materials and team onboarding
  • 3-month support during pilot phase

Company Metrics

With over 5 years in confidential computing and 20+ successful projects, we are trusted by top banks and healthcare providers. Typical project cost ranges from $50,000 to $150,000, delivering up to 80% savings compared to potential data breach penalties.

Contact us: we evaluate your project in 2–3 business days. Budget is calculated individually, timelines—6–12 weeks. Our team's expertise: 5+ years in confidential computing, over 20 delivered projects in finance and healthcare sectors.

Request a consultation—we'll tell you how SMPC solves your task without risks to data privacy.