## Secure multi-party computation provides a practical application for cryptography where shared data hosting enables secure possibility to solve computational problems

Secure Multiparty Computation (SMC) [Yao82, GMW87] is a cryptographic technique allowing the owners of data to make it available as inputs of a computation in a manner that in the end of that computation, each party learns only the output assigned to it (and everything deducible from its inputs and outputs), but nothing more. One of the most remarkable results of cryptography states that any multi-

party computation can be secured with a polynomial overhead. The experience of the parties will be no richer than in the ideal case, where there would exist an extra, unconditionally trusted and honest party to whom all parties hand over their inputs, who performs the computation and hands back the results to each party. This holds even if all parties, except the one whose privacy we are trying to protect, collude with each other and are free to diverge from the prescribed protocol. Unfortunately, the overhead introduced by the general transformation put forth in the proof of that result is absolutely prohibitive in practice. More generous security models (there is a majority of honest parties, or the adversarial parties are restricted to snooping, but still must follow the protocol) allow constructions where the overhead is smaller, but still impractical, except for the smallest computations (e.g. computing the conjunction or XOR of the bits input by all parties). For some specific computations, there exist more efficient constructions. Hence the present applications of secure multiparty computation concentrate on special cases, e.g. electronic cash, e-voting, e-auctions, anonymous credentials. Among those applications we also cite the SecureSCM project (FP7-213531) whose goal is to apply SMC for collaborative supply chain management by solving linear planning programs in a privacy-preserving manner. Usually, the SMC algorithms are given ad hoc implementations which (together with their focus on a special computing problem) makes them unsuitable to be adapted for solving a different task.