Binary Multi-Party Computation (BiMPC)

Updated 25 October 2025

Binary Multi-Party Computation (BiMPC) is defined as secure multi-party computation using binary inputs and Boolean circuits with techniques like XOR-based secret sharing and arithmetic-binary compilation.
BiMPC protocols employ quorum-based, load-balanced strategies to optimize computation, reduce communication overhead, and scale effectively in large networks.
Advanced methods such as helper models and formal security proofs in the Universal Composability framework ensure privacy and correctness of bitwise operations.

Binary Multi-Party Computation (BiMPC) refers to the design and execution of secure multi-party computation (MPC) protocols where the functional inputs, operations, and outputs are represented as binary (Boolean) data—typically bits or vectors over $\mathbb{F}_2$ . BiMPC enables a set of mutually distrustful parties to collaboratively compute a Boolean function of their private inputs, revealing only the agreed output and nothing else. The techniques underlying BiMPC encompass secret sharing adapted for binary circuits, optimized communication patterns, composable security proofs, and protocols tailored for the unique efficiency and privacy trade-offs of bitwise computation.

BiMPC protocols require the distribution and manipulation of binary secrets across a network of parties. Traditionally, secret sharing schemes such as Shamir’s (Dani et al., 2012) are designed for arithmetic fields but are readily adapted for bitwise data:

Binary Secret Sharing: To securely evaluate a circuit of AND, XOR, and OR gates, parties can share each bit as elements of $\mathbb{F}_2$ , using XOR-based secret sharing (e.g., $x = x_1 \oplus x_2 \oplus…\oplus x_n$ ).
Arithmetic-Binary Compilation: Many Boolean gates are represented by arithmetic analogs, so one can "compile" the entire binary circuit into an arithmetic circuit and leverage existing MPC protocols, e.g., $x \wedge y$ replaced by $x \cdot y$ , and $x \oplus y$ by $x + y - 2xy$ in characteristic-2 fields (Dani et al., 2012).

The secret sharing phase preserves binary gate functionality through masking strategies such as “one-time pad” style XOR masking: $\# x = x \oplus r$ where $r$ is a random bit shared by the quorum responsible for a gate.

2. Scalability via Quorum-Based and Load-Balanced Protocols

The scalability of BiMPC in large networks is achieved by distributing the workload across quorums, small subsets of parties tasked with evaluating single gates ("gate gadgets") (Dani et al., 2012). Communication and computation per party are load-balanced according to: $\tilde{O}\left( \frac{m}{n} + \sqrt{n} \right)$ where $m$ is the total number of binary gates, and $n$ is the number of parties.

A quorum of $\Theta(\log n)$ parties secret-shares and evaluates gate outputs. Input parties mask their binary inputs via local XOR sharing, and each quorum securely recomputes both AND and XOR operations. Threshold counting protocols ensure that computations only proceed when commitments (flags) from requisite parties are collected, providing robustness to delays and failures in asynchronous networks.

3. Communication Complexity and Helper Models

A central bottleneck in BiMPC is the communication cost of non-linear gates (especially ANDs). The “helper model” (Schneider, 2015) mitigates this. The model splits roles into:

Key Holder (KH)
Encrypted Value Holder (EVH)
Helper (facilitates computation, but avoids learning complete secrets)

AND gates are decomposed via partitioned XORs of encrypted values and keys: $a \wedge b = \bigl( ENC_{K_a}(a) \wedge ENC_{K_b}(b) \bigr) \oplus \bigl( K_a \wedge ENC_{K_b}(b) \bigr) \oplus \bigl( K_b \wedge ENC_{K_a}(a) \bigr) \oplus \bigl( K_a \wedge K_b \bigr)$ with $ENC_K(m) = m \oplus K$ . Asymptotically, with variable reuse and optimal protocol design, communication approaches a theoretical minimum of one bit per AND gate.

4. Synchronous and Asynchronous Protocol Design

BiMPC must operate under both synchronous and asynchronous network assumptions:

Synchronous protocols leverage round-based evaluation, orchestrating the execution of each gate by synchronizing message exchanges.
Asynchronous protocols require more sophisticated input commitment and state management, relying on threshold counting mechanisms (Dani et al., 2012) to minimize latency and ensure correctness when inputs are delayed or maliciously suppressed.

For both models, per-party complexity remains

$\tilde{O}\left( \frac{m}{n} + \sqrt{n} \right)$

regardless of the underlying data width, with messages trimmed to binary-size wherever possible.

5. Security: Universal Composability and Formal Methods

Protocols for BiMPC are proven secure within the Universal Composability (UC) framework, ensuring that they maintain privacy even when composed or run concurrently (Dani et al., 2012). For any coalition $I$ , $|I| < t$ , and any two distinct input sets with the same output,

$\Pr\left[ \mathrm{View}_I(x) \approx \mathrm{View}_I(x') \right] \geq 1 - 1/\mathrm{poly}(n)$

provided the gate evaluation and secret sharing primitives are themselves secure under binary operations.

Recent advances formalize these proofs via simulation-based approaches and program equivalence in machine-checked environments. Simulation-based security is established by demonstrating that for every party, a simulator can reproduce its transcript using only input/output, indistinguishable from the protocol execution (Butler et al., 2018). EasyCrypt and other toolchains formalize the security of secret sharing, addition, and multiplication for both honest-but-curious and actively malicious adversaries (Haagh et al., 2018). Notably, non-interference (input independence) definitions streamline proof reductions, facilitating modular security arguments for circuit-level BiMPC.

6. Efficiency Optimizations and Error Correction

The reliability of distributed binary computation requires robust error correction against both random faults and adversarial tampering. BiMPC incorporates:

Reed–Solomon-based secret sharing with Berlekamp–Welch decoding to detect and correct errors in polynomially shared data (Raeini et al., 2019).
Efficient communication schedules and low-degree polynomials to fit resource-constrained environments such as IoT. Adaptations for binary data involve mapping bits into finite fields and redeploying standard error correction over the encoding (Goyal et al., 2022).

Helper-based models further reduce the rounds and bits needed per gate for higher-level non-linear computations (e.g., exponentiation) and enable amortized communication savings in large-scale scenarios (Schneider, 2015).

7. Applications, Protocol Variants, and Practical Impact

BiMPC supports a range of applications requiring privacy-preserving binary function evaluation:

Secure auctions and voting, leveraging quorum-based input aggregation and threshold counting (Dani et al., 2012).
Probability event generation using anonymized random number sharing and oblivious transfer for decentralized gambling and distributed randomness (Kak, 2015).
Federated learning where binary components (split features, decisions) are securely aggregated with minimal bitwise leakage (Dehkordi et al., 18 Oct 2025).
Large-scale analytics, with hybrid MPC–cleartext protocol integration for data-parallel big data processing, scaling MPC to millions of records while preserving bit-level confidentiality (Volgushev et al., 2019).

Formal tools such as HACCLE provide metaprogramming pipelines—from high-level source code through intermediate representations and circuit transformation to protocol backend code—enabling non-experts to generate efficient BiMPC implementations (Bao et al., 2020). Frameworks like CrypTen allow seamless interconversion between arithmetic and binary secret sharing to optimize mixed-circuit machine learning workloads (Knott et al., 2021).

Summary Table: Key Variables in Scalable BiMPC Protocols

Variable	Interpretation	Scaling Context
$n$	Number of parties	All protocols
$m$ or $m'$	Number of gates (arithmetic / binary)	Circuit evaluation costs
$\tilde{O}(\cdot)$	Asymptotic per-party cost (msg, compute)	Both synchronous and asynchronous models
$\tau$	Threshold for counting (e.g., minimum 1's)	Input commitment, fault tolerance

Protocols must ensure $|I| < t$ (corruptions below the quorum threshold) for composable, robust security guarantees.

Concluding Remarks

Binary Multi-Party Computation emerges as an optimized subset of secure MPC, leveraging protocol and architectural primitives to provide efficient, scalable, and cryptographically sound computation of Boolean functions among distrustful parties. Core elements include XOR-based secret sharing, quorum/threshold-based gate assignment, helper-augmented protocols for minimal communication, and rigorous security proofs supported by formal verification. As privacy and collaborative computation move deeper into distributed binary domains, the scalability and robustness results for BiMPC (Dani et al., 2012, Schneider, 2015, Butler et al., 2018, Haagh et al., 2018, Raeini et al., 2019, Bao et al., 2020, Knott et al., 2021, Goyal et al., 2022, Dehkordi et al., 18 Oct 2025) offer a foundation for further innovation and deployment in large networks, federated analytics, and secure machine learning.