Secure multi-party computation
Secure multi-party computation (MPC) is a cryptographic technique that lets two or more parties compute an agreed function over their combined inputs without any party revealing its own input to the others. The output is correct, but intermediate values stay hidden. In analytics it underpins privacy-preserving aggregation — for example combining counts from multiple sources without sharing raw rows. This is a PET, not a legal regime; this page is educational.
How it works
MPC protocols (such as secret sharing or garbled circuits) split each party's input into shares or encrypted forms so that no single party holds a usable view of another's data. The parties exchange messages following the protocol, and at the end each learns only the agreed output. A classic illustration is computing an average salary across people without anyone revealing their own figure. Correctness and privacy hold under stated assumptions about how many parties may collude.
Where it fits in analytics
MPC enables joint measurement across organisations — for example aggregate conversion counts spanning a publisher and an advertiser — without either side handing over raw event logs. It powers some privacy-preserving attribution and measurement designs. The caveats: MPC protects the inputs during computation, but if the agreed output is itself revealing (a tiny cohort, say), you still need aggregation thresholds or noise. Performance and coordination overhead are real considerations.
Treat MPC as one PET among several, chosen for cross-party trust gaps.
- Inputs stay private; only the agreed output is learned
- Security holds under stated collusion assumptions
- Pair with thresholds or noise if outputs could re-identify
How it appears in analytics and logs
If a measurement result is produced jointly by parties that never see each other's raw data, MPC may be in use; verify the protocol and trust assumptions.
Diagnostic use case
Understand how multiple parties can jointly compute aggregate statistics without exposing their raw inputs, e.g. cross-party measurement without sharing rows.
What WebmasterID can help detect
WebmasterID favours aggregate, minimised measurement; MPC illustrates how cross-party aggregates can be computed without anyone sharing raw per-user data.
Common mistakes
- Assuming MPC outputs are automatically anonymous.
- Ignoring the collusion assumptions a protocol relies on.
- Overlooking aggregation thresholds for small cohorts.
Privacy and accuracy notes
This page is educational, not legal advice. MPC hides inputs during computation but does not by itself make the output anonymous; aggregation still matters.
Related pages
- Federated analytics
Federated analytics is a measurement pattern derived from federated learning: instead of sending raw events to a server, computation runs locally on each device, and only aggregated or noised results leave the device. The server combines those partial results to estimate population-level statistics without ever holding per-user raw data. It is a data-minimisation technique, not a legal regime. This page is educational; whether any deployment meets a given law depends on its specifics.
- Differential privacy
Differential privacy is a mathematical framework that bounds how much any single person's data can affect a published result, by injecting carefully calibrated random noise. It lets you release useful aggregate statistics while provably limiting what can be learned about any individual. This page explains the core idea and where it appears in analytics.
- Data clean rooms
A data clean room is a controlled environment in which two or more parties can run joint analysis on combined datasets without either side seeing the other's raw, row-level data. Output is typically aggregated and constrained. This page explains the privacy model, the technical controls clean rooms use, and the limitations operators should keep in mind.
- Attribution analytics
Privacy-preserving measurement can avoid sharing raw events.
Sources and verification notes
- NIST — Privacy-Enhancing Cryptography (secure multi-party computation)Primary reference on PEC including MPC. Educational, not legal advice.
Last reviewed 2026-06-24. Facts are checked against primary/official sources where available; uncertain specifics are marked “Data not yet verified” rather than guessed.