Two Approaches to Private Computation
Privacy-preserving computation is not a single technology. It is a family of approaches, each with a different trust model, communication pattern, and performance profile. The two most important members of this family are secure multi-party computation (MPC) and fully homomorphic encryption (FHE).
Both achieve the same high-level goal: compute a function on sensitive data without revealing the data to the computing parties. But the mechanism is fundamentally different. MPC distributes trust across multiple parties. FHE eliminates trust requirements entirely by making computation possible on encrypted data. Understanding when to use each—and when to combine them—determines whether your privacy-preserving system actually works in production.
How MPC Works
Secure multi-party computation allows multiple parties to jointly compute a function on their private inputs without any party learning anything about the other parties' inputs beyond what can be inferred from the output.
The most common MPC paradigm is secret sharing. Each party splits their data into shares and distributes them to the other parties. No individual share reveals anything about the original data—you need a threshold number of shares (typically a majority) to reconstruct the value. The parties then compute on their shares through a series of interactive rounds, exchanging intermediate values that reveal nothing about the underlying data.
Another paradigm is garbled circuits, where one party (the garbler) constructs an encrypted version of the computation circuit and sends it to the other party (the evaluator). The evaluator processes the circuit without learning the garbler's inputs. This requires fewer rounds but more bandwidth.
MPC is mathematically proven secure under the assumption that a threshold number of parties do not collude. If three banks each hold a share of the same fraud dataset and compute a joint fraud score, no bank sees another bank's data—as long as at least two of the three are honest. The security guarantee breaks down if a majority of parties collude.
MPC Characteristics
- Requires multiple parties — minimum 2, typically 3 or more for malicious security
- Interactive protocol — parties must communicate during computation, with multiple rounds of data exchange
- Communication overhead — bandwidth requirements scale with circuit complexity; deep circuits require many rounds
- Non-collusion assumption — security depends on parties not cooperating to reconstruct shares
- Offline/online phases — preprocessing (Beaver triples, correlated randomness) can be done offline; online phase is faster
How FHE Works
Fully homomorphic encryption takes a fundamentally different approach. Instead of distributing data across parties, FHE encrypts data so that mathematical operations on ciphertext produce results identical to operations on plaintext. A single server computes on encrypted data and returns an encrypted result. No interaction with the data owner is needed during computation.
FHE is based on the Ring Learning With Errors (RLWE) problem. Data is encoded into polynomial rings where addition and multiplication on ciphertext correspond to addition and multiplication on the underlying plaintext values. Since any computation can be decomposed into additions and multiplications, FHE supports arbitrary computation on encrypted data.
The trust model is simpler than MPC: the data owner does not need to trust the server at all. The server sees only ciphertext that is computationally indistinguishable from random noise. A complete server compromise—including root access, memory dumps, and disk images—reveals nothing about the encrypted data.
FHE Characteristics
- Single server — no coordination with other parties required
- Non-interactive — data owner encrypts, server computes, data owner decrypts; no rounds
- Zero communication overhead — one request, one response (like a normal API call)
- Zero trust required — server cannot learn anything about the data, even with complete access
- Quantum resistant — RLWE-based FHE is believed resistant to quantum attacks
- Computation overhead — operations on ciphertext are more expensive than plaintext; optimization is critical
Comparison Table
| Dimension | MPC | FHE |
|---|---|---|
| Parties required | 2+ (typically 3+) | 1 (single server) |
| Communication rounds | Multiple per computation | None (1 request, 1 response) |
| Communication overhead | High (scales with circuit depth) | Low (encrypted input/output only) |
| Latency | Network-bound (round-trip per round) | Compute-bound (38.5µs with H33) |
| Offline capability | No (parties must be online simultaneously) | Yes (server computes independently) |
| Trust model | Honest majority / non-collusion | Zero trust (server learns nothing) |
| Quantum resistance | Depends on underlying primitives | Yes (RLWE-based, lattice hard problem) |
| AI inference support | Limited (interactive overhead) | Full (single-server model) |
| Production readiness | Deployed for specific use cases | H33: 2.17M ops/sec sustained |
| Coordination cost | High (legal agreements, infra sync) | Low (standard API integration) |
When to Use Which
Use MPC when:
MPC is the right choice when multiple organizations need to compute on their combined datasets without any organization sharing raw data with the others. The classic examples:
- Cross-bank fraud detection — three banks want to check if the same entity has suspicious patterns across all three institutions. Each bank holds a share of the computation. No bank sees another bank's transaction data.
- Multi-hospital clinical research — hospitals want to train a model on combined patient data without any hospital sending patient records to a central server. MPC allows federated computation where data stays at each institution.
- Private set intersection — two companies want to know which customers they share without revealing their full customer lists to each other.
- Threshold key management — no single party should hold a complete signing key. MPC-based threshold signatures distribute key shares across multiple custodians.
The common thread: the data inherently belongs to multiple organizations and the computation requires combining it. MPC's multi-party architecture matches this naturally.
Use FHE when:
FHE is the right choice when a single organization wants to process sensitive data on infrastructure it does not fully trust—including its own cloud environment:
- Biometric authentication — a user sends their encrypted face embedding to a server. The server matches it against enrolled templates without seeing either the probe or the enrolled data. Single party, single server, no interaction.
- AI inference on sensitive data — a hospital sends encrypted patient data to an AI service. The service runs a diagnostic model on the ciphertext and returns an encrypted prediction. The AI provider never sees patient data.
- Cloud-based computation on private data — an organization needs cloud compute capacity but cannot expose data to the cloud provider. FHE allows the cloud to compute without seeing plaintext.
- Compliance-driven processing — regulations require that data never leave encrypted form during processing (GDPR data protection by design, HIPAA minimum necessary). FHE satisfies this by construction.
The common thread: the data belongs to one party and the computation happens on a single server. FHE's non-interactive, single-server model eliminates the coordination overhead of MPC.
H33: Both FHE and MPC
H33 does not force a choice between MPC and FHE. The platform supports both, optimized for different layers of the security stack:
- FHE (H33-128/256) for core data processing — biometric matching, identity verification, fraud scoring, AI inference. Single API call, 38.5 microseconds per operation, 2.17 million operations per second sustained.
- MPC (H33-MPC) for multi-party threshold operations — distributed key generation, threshold decryption, multi-organization computation. When the use case genuinely requires multiple parties.
- ZK-STARKs for proof of correct computation — every FHE operation produces a verifiable proof that the computation was performed correctly on the ciphertext.
- Dilithium (ML-DSA) for post-quantum signatures — all results are signed with FIPS 204 lattice-based signatures.
For most AI data protection use cases—biometric authentication, medical data inference, financial PII processing—FHE is the right primitive. It is simpler to deploy (one API call vs. multi-party coordination), faster (compute-bound vs. network-bound), and provides stronger guarantees (zero trust vs. honest majority).
For cross-organization computation where data inherently belongs to multiple parties, MPC is the right primitive. H33-MPC provides this as part of the same platform, with the same post-quantum security guarantees.
MPC distributes trust across parties. FHE eliminates the need for trust entirely. Both are valid approaches to private computation—for different architectures. If your data starts on one machine and computes on one server, FHE is simpler and faster. If your data starts across multiple organizations, MPC may be the right coordination layer. H33 supports both.