MPC Software

This page lists various software packages and tools which the research community is using to test and develop MPC systems. We mainly focus on systems using secret sharing, garbled circuits and/or oblivious transfer.  None of the systems listed here should be considered "production ready" as is, without contacting the authors for specific advice.   For another (non-curated) list of MPC software see


ABY is a mixed-protocol secure two-party computation framework that is implemented in C++. It implements semi-honest secure computation protocols based on Arithmetic and Boolean secret-sharing as well as Yao's garbled circuits and allows to freely convert between them.
Batch Dual Execution
A project to implement the batched malicious secure two party secure computation protocol of Rindal,Rosulek 2016 based on garbled circuits and dual execution. This library offers fast, constant round 2PC in the amortized online-offline setting where the same function is to be computed many times. For example, when computing AES 1024 times, this framework has an amortized throughput of 7ms per output. This project is cross platform and verified to compile on Linux and Windows.

Batched Oblivious OPRF 
We implement our Batched Oblivious OPRF (BaRK-OPRF) protocol based on OT extension [IKNP03], and its application to 2-Party Private Set Intersection. Our implementation support two testing functions: (1) unit test that runs on small input database on a single terminal/machine; (2) simulation test that allows two parties perform the protocols on two different terminals/machines. Our code works on both Windows and Linux.

CBMC-GC creates Boolean circuits from ANSI-C code optimized for secure computation. The compiled circuits can then be used in any TPC/MPC framework to perform privacy-preserving computations. CBMC-GC allows to compile circuits either with minimal size (e.g., for their application in Yao's Garbled Circuits style protocols) or with minimal depth (e.g., for their application in GMW style protocols).
A C++14 implementation of the DUPLO protocol for maliciously secure two-party computation. In addition to implementing a very fast 2PC protocol the project also includes a tool for compiling a C-like program into a set of boolean circuits suitable for DUPLO garbling. This tools is based on the Frigate compiler [MGCBT16], but modified to support decomposition of the input program into distinct boolean circuits. Code:

EMP-toolkit stands for Efficient Multi-Party computation toolkit. It consists of libraries for basic primitives, Oblivious Transfer (extension),  semi-honest/malicious protocols, an on-the-fly circuit compiler, etc. It can be used to construct new protocols or develop applications using our existing protocols.
FRESCO is a FRamework for Efficient and Secure COmputation, written in Java and licensed under the open source MIT license. The project aims to ease the development of prototype applications based on secure computation. For the arithmetic setting this is achieved by a maliciously secure, dishonest majority protocol. Currently this is implemented using SPDZ [DSPZ11] for the online phase and MASCOT [KOS16] for preprocessing. For the boolean setting, FRESCO currently supports a semi-honestly secure two-party computation, which is implemented using TinyTables [DNNR16].


A C++/Python implementation of the “Geppetri” [Vee17] system, in which passively secure 3PC is combined with verifiable computation to produce a Pinocchio zero-knowledge proof that computations were performed correctly. Based on VIFF, computations specified in Python can be executed either in the plain or using 3PC, with operations available for integer and fixed-point arithmetic, zero testing, and more. A separate tool then turns the log files from the computation into a zero-knowledge proof. The distributed medical research example from [Vee17] is provided as an example.

The Ivory Runtime is a C++ library that aims to make secure computation easier to use. At a high level, Ivory achieves this by bringing together the protocol and the binary/arithmetic circuit compiler into a single integrated system. A framework to support generic reactive multi-party secure computation with (intended) support for multiple paradigms in the back-end (semi-honest garbled circuit, LEGO, SPDZ, etc.). This project is cross platform and verified to compile on Linux and Windows.

A high quality OT extension library implementing a wide array of OT protocols including semi-honest/malicious 1-out-of-2 [IKNP04,KOS15], 1-out-of-N [KKRT16,OOS17], and several others. In the LAN setting, this project of capable of performing 16 million malicious secure OTs[KOS15] in less than a seconds.  The library is well supported and will be maintained into the future with feature requests being considered. This project is cross platform and verified to compile on Mac, Linux and Windows. Several notable project that build on it are Batch Dual Execution, Batched Oblivious OPRF, DUPLE, Ivory, libPSI, SplitCommit, and others. 

A library containing a variety of malicious secure Private Set Intersection protocols based on OT and public key operations. The most notable of which are the protocols of Rindal,Rosulek 2017 based on Bloom filters and OT. For sets of size 1 million, this implementation can compute the intersection in 128 seconds with an improved protocol requiring 12 seconds to be added mid 2017. This project is cross platform and verified to compile on Linux and Windows. 

This repository contains an implementation of privacy-preserving protocols for computing linear regression models from private distributed datasets. This includes a protocol for securely solving shared systems of linear equations using garbled circuits. In addition to an end-to-end implementation, the repository includes scripts for generating random problems evaluating the performance of our implementation with respect to various parameters.

MPyC supports secure multiparty computation tolerating a dishonest minority of passively corrupt parties. The underlying protocols are based on threshold secret sharing over prime fields.The details of the secure computation protocols are mostly transparent due to the use of Python’s operator overloading combined with asynchronous evaluation of the associated protocols. Finite field arithmetic is supported for fields of prime order,  integer and fixed-point arithmetic is supported for parameterized number ranges. Some operations for container datatypes holding secret-shared data items are provided as well. Asynchronous evaluation proceeds through MPyC coroutines, which are a special type of Python coroutines.

PSI Collection
A collection of Private Set Intersection (PSI) protocols in the semi-honest model that use different underlying cryptographic techniques. The project includes the naive hash comparison algorithm, a PSI protocol based on the Diffie-Hellman key exchange, the server-aided protocol of [KamaraMRS14], and the oblivious transfer-based PSI protocol of [PinkasSZ16].


SCAPI is a general purpose MPC library. Most of the current primitives are in the direction of dishonest majority MPC (OT, ZK, commitments, garbled circuits, GMW, and so on) but we would be happy to branch out and add other protocols as well. SCAPI has both building blocks and higher-level protocols, and so is useful for anyone wanting to use MPC as well as for anyone wanting to implement their own MPC protocol. SCAPI has a Java version, and a newer C++ version.
An update of the SPDZ system below, with a fully integrated online and offline system. Programming interface provided by a modified Python like syntax which compiles down to SPDZ byte-code. Contains various data types such as integers, fixed and floating point numbers.

SMCQL is a system for Secure Multi-Party Computation over sQL. This framework enables users not trained in cryptography to efficiently query the data of mutually distrustful parties. SMCQL automatically translates SQL statements into semi-honest 2PC protocols. Its secure computation is powered by an extension of ObliVM.

An implementation of the SPDZ online system, and an offline system based on MASCOT. Programming interface provided by a modified Python like syntax which compiles down to SPDZ byte-code. Contains various data types such as integers, fixed and floating point numbers.

A portable C++14 implementation of the recent UC-secure additively homomorphic commitment scheme of [FJNT16]. The codebase uses the libOTe library for efficient oblivious transfer extension. Commitments to 128-bit and single bit messages are currently supported. Larger messages can however be handled without modifying the source code, by simply splitting the message in blocks of 128-bits and commit block-wise. The code has been developed with performance in mind and a commitment takes around 0.5 microseconds on a 1 Gbit link. Decommitment is even faster.

This is the C++14 implementation of the modified TinyLEGO [FJNT16] protocol appearing in the paper "Constant Round Maliciously Secure 2PC with Function-independent Preprocessing using LEGO" [NST17]. The code builds on the SplitCommit implementation of the [FJNT16]. This was the first published implementation of the LEGO paradigm for 2PC.
Universal Circuit Compiler
The first implementation of a Universal Circuit with asymptotically optimal complexity, optimized for Private Function Evaluation. It implements the most efficient UC construction to date, originally proposed by Valiant in STOC'76. The compiler outputs the topology of the UC along with its programming bits that correspond to the input circuit, which can be used in any general-purpose 2PC/MPC framework for Private Function Evaluation as described in [Kiss and Schneider, Eurocrypt'16].