Toon Segers (Roseman Labs): Multi-Party Computation for Secure, Private Data Collaboration

Summary

• Fundamentals of Multi-Party Computation (MPC)
  MPC enables multiple parties to perform data analysis without decrypting their data. Toon Segers explains that this technology keeps data encrypted throughout computation, allowing confidential collaboration across organizations.

• Real-world applications across sectors
  MPC is already used in national cybersecurity (e.g., the Dutch NCSC’s SecurNet platform), healthcare (streamlining elderly care supply chains), and banking (secure transaction data sharing). These cases highlight its ability to unlock collaboration without risking data exposure.

• Security and privacy enhancements
  Unlike traditional methods like anonymization or pseudonymization, MPC enables true data minimization and purpose limitation. Data never leaves encrypted form, and only approved computations can be executed, ensuring organizational and legal safeguards.

• Mathematical mechanism behind MPC
  Through examples like voting aggregation using secret sharing, the podcast demystifies MPC’s cryptographic logic. Each participant holds random data fragments; only the aggregate output is revealed, preserving privacy even from computation nodes.

• Use case scalability and performance
  The Roseman Labs platform supports datasets up to ~100 million records using commodity hardware. While not suitable for massive neural networks, it handles regressions and joins efficiently. MPC scales over CPU cores, making it practical via SaaS.

• Engineering challenges and SaaS solutions
  Major technical hurdles include establishing stable, secure multi-party networks. SaaS simplifies deployment, enabling organizations to access MPC’s benefits without complex infrastructure setup or cryptographic expertise.

• Limitations and new vulnerabilities
  MPC requires continuous availability of all compute nodes. A single-node denial-of-service can disrupt computation, requiring redundancy strategies. Trust in the service provider and cryptographic audits is critical to ensure resilience.

• Emerging trends and future outlook
  Research continues to enhance MPC’s capabilities—such as faster pattern recognition in encrypted data. Future data centers with massive CPU resources could enable real-time MPC analytics, expanding its potential in security, healthcare, and machine learning.

• Privacy-by-design architecture
  With built-in consent checks and decentralized computation approval, MPC supports GDPR-compliant data governance. It removes dependency on third-party anonymizers and improves control over what insights are shared and how.

• Call for adoption and mindset shift
  The episode emphasizes educating CISOs and privacy officers. MPC should be seen as a new toolbox asset—an enabler of secure data collaboration and a potential foundation for standard internal data-sharing services.

  Check out the re:invent security article for more insights into Multi-Party Computation