What MPC changes
MPC changes where plaintext exists during computation. A normal application flow often looks like this:The core vocabulary
| Term | Meaning |
|---|---|
| Plaintext value | The original value before it is protected. In a Stoffel application, this should stay at the app/client edge. |
| Share | A protocol value derived from plaintext. A single share does not reveal the full input by itself. |
| MPC party | A node that runs the protocol over shares. Parties hold shares, not complete plaintext inputs. |
| Threshold | The number of shares or parties needed for a protocol action, such as reconstructing or opening a value. |
| Protocol messages | Network messages parties exchange to evaluate operations that cannot be computed locally on one share. |
| Opening | The moment a secret-shared value is intentionally reconstructed or returned as an output. |
| Authorized output | A value the program is designed to reveal, either as an opened result or as output material returned to the client. |
What MPC parties see
An MPC party sees:- its own share of each private input;
- the compiled computation it is supposed to run;
- protocol messages from other parties;
- output shares or opened values that the program authorizes.
What computation over shares means
Some operations over shares are straightforward. For example, adding two shared values can often be represented as each party adding its local shares. Other operations require interaction. Multiplication, comparisons, conditionals over secret values, and many higher-level operations need protocol support. Parties exchange messages that let the computation advance without revealing the underlying plaintext inputs. A useful mental model:Openings: where secrecy intentionally ends
An opening is not a bug. It is the point where the program intentionally turns a shared value into something visible. Good MPC program design is explicit about outputs:- Which result should become visible?
- Who should receive it?
- Is the output an opened value, output shares, or a client-consumable result?
- Does the output itself reveal more than the application intends?
What this means in Stoffel
Stoffel packages this model into a developer workflow:| MPC concept | Stoffel surface |
|---|---|
| Computation | StoffelLang source (.stfl) |
| Build artifact | .stflb bytecode |
| Local development | stoffel check, stoffel build, and local MPC runs |
| Parties | Local or networked Stoffel VM parties |
| Private values | Shares passed through the MPC runtime |
| Outputs | Explicit openings or client outputs defined by the program |
What MPC does not remove
MPC narrows where sensitive plaintext exists during computation. It does not remove every security or product-design responsibility. You still need to design:- which values are private inputs;
- which values are allowed to become outputs;
- how outputs are delivered to the right client or system;
- what metadata, timing, access patterns, logs, and deployment details may reveal;
- which parties, thresholds, and backend assumptions match the application.
Related reading
- Why should I care about Multiparty Computation?: the broader case for MPC as a privacy-first application architecture.
- Introduction to Secret Sharing from First Principles: build intuition for shares, thresholds, and reconstruction.
- Computing with Secret Shares - Introducing Beaver Triples: why private multiplication uses protocol support such as Beaver triples.
Next steps
- Why Stoffel?: how Stoffel turns MPC concepts into a development workflow.
- Quick start: create a project, build bytecode, and run local MPC.
- System architecture: see how app code, bytecode, VM parties, and MPC backends fit together.