The gap Stoffel closes
Raw MPC development usually combines several hard problems at once:- designing the private computation;
- choosing and integrating a protocol backend;
- representing secret-shared values correctly;
- coordinating parties and thresholds;
- deciding where values are allowed to open;
- connecting the private computation back to application code.
| Concern | Stoffel surface |
|---|---|
| Private computation | StoffelLang source (.stfl) |
| Build artifact | .stflb bytecode |
| Local feedback | stoffel check, stoffel build, and local MPC runs |
| Runtime execution | Stoffel VM parties and MPC backends |
| Application integration | Rust SDK and generated bindings |
| Output boundary | explicit openings or client outputs |
What Stoffel gives you
Stoffel packages the MPC workflow into a toolchain rather than a collection of protocol fragments.A language boundary for private computation
You write the private workflow in StoffelLang instead of embedding protocol logic directly into the host application. That keeps the sensitive computation easier to review: inputs, share operations, and outputs live in a program designed for the MPC runtime.A compiled artifact
The compiler produces.stflb bytecode. That artifact becomes the contract between the private computation and the surrounding application: what the program expects, what it can run, and where outputs are defined.
A local development loop
The CLI gives you an ordinary loop before deployment work begins:An application integration path
The Rust SDK connects application code to Stoffel programs. The application still owns product logic, authentication, authorization, storage, client behavior, and output delivery. Stoffel owns the private-computation surface: bytecode, VM execution, party configuration, and secret-shared runtime values.What remains explicit
Stoffel is not “MPC without MPC concepts.” It is a developer workflow for MPC concepts. You still make explicit decisions about:- which inputs are private;
- which values become shares;
- how many parties run the computation;
- what threshold assumptions the deployment uses;
- which backend fits the computation;
- which values open;
- who receives the output;
- what metadata, logs, timing, and access patterns may reveal outside the MPC protocol.
When Stoffel is a good fit
Stoffel is a good fit when the application needs to compute over sensitive values and you do not want those values to become ordinary plaintext backend state. Good early use cases usually have:- a clear private computation boundary;
- inputs that can be modeled as private values or shares;
- outputs that can be named and reviewed explicitly;
- a team that wants local iteration before deployment planning;
- Rust application code that needs to call into the private workflow.
When Stoffel may not be the right fit
Stoffel may be the wrong starting point if:- the application only needs encryption at rest or in transit;
- the sensitive data never needs to be computed on;
- the required output would reveal the private input anyway;
- the team cannot define who should learn the result;
- the problem is mainly access control, logging, or data retention rather than compute-time plaintext exposure;
- the deployment cannot support multiple MPC parties or the needed coordination model.
Try the workflow
If the boundary fits your application, the next useful step is hands-on:- Install the
stoffelCLI. - Create a project.
- Check and build a
.stflprogram. - Run local MPC.
- Connect the program from Rust.
Related reading
- Data in Use Protection: How MPC Keeps Inputs Hidden from the Cloud: how MPC changes the usual backend trust boundary.
- Is Your Analytics Platform a Security Liability? What MXP 2026 Taught Me: a product-focused look at why analytics systems create exposure when they centralize behavioral data.