Perfectly Secure Matrix Multiplication

Updated 16 January 2026

The paper introduces a PSMM protocol that securely outsources AᵀB multiplication using masked polynomial encoding to achieve perfect secrecy and an optimal recovery threshold.
It employs a partitioning scheme with secret sharing and sparse polynomial interpolation to guarantee correctness through a threshold of honest server responses while resisting collusions.
The learning-augmented extension integrates low-rank decompositions that can reduce per-server computation by up to 70–80%, enhancing scalability in large-scale multiparty computations.

A perfectly secure matrix multiplication (PSMM) protocol is an information-theoretic multiparty computation (MPC) protocol for outsourcing matrix multiplication—specifically, for computing $A^{\top}B$ over a finite field $\mathbb{F}$ —to multiple untrusted servers, such that: (1) correctness is guaranteed from a threshold of honest party responses, (2) any collusion of up to a specified number of servers learns no information about the input matrices, and (3) all resource usage (computation, communication, storage) respects explicit constraints and achieves optimality in recovery threshold. Recent advances also permit the integration of structured or learned low-rank decompositions, further reducing local compute while retaining perfect secrecy and recovery properties (He et al., 14 Jan 2026).

1. Problem Formulation and Security Model

The PSMM setting consists of two secret matrices $A, B \in \mathbb{F}^{m \times m}$ partitioned according to a storage parameter $k$ ( $k \mid m$ ), and $N$ semi-honest servers, each of which may store and process only a $1/k$ fraction of each matrix. Servers are assumed to be semi-honest: they follow the protocol but may collude to compromise privacy. The central goal is to compute $A^{\top}B$ while maintaining:

Correctness: Any $k = N - (t-1)$ server responses suffice to recover $A^{\top}B$ exactly.
Secrecy: Any coalition of up to $t-1$ servers gains no information about $A, B$ , even given all their received data and local computation transcripts.
Optimal recovery threshold: The minimum number of servers $N$ is

$N = \min\{2k^2 + 2t - 3,\, k^2 + k t + t - 2\}$

which is optimal under the $1/k$ storage constraint in the information-theoretic coded computing literature.

This model achieves information-theoretic (statistical) privacy, strictly stronger than any computational security notion (He et al., 14 Jan 2026).

2. Protocol Design: Masked Polynomial Encoding and Computation

The PSMM protocol encodes each input matrix into blocks, which are then hidden inside the coefficients of high-degree, sparsely-populated masking polynomials. The construction is as follows:

Matrix partitioning: Split $A = [A_1~\cdots~A_k]$ and $B = [B_1~\cdots~B_k]$ , with blocks $A_i, B_j \in \mathbb{F}^{m \times (m/k)}.$ Each server will receive only a single block of each.
Masking polynomials: Construct two polynomials

$\begin{aligned} g_A(x) &= \sum_{i=1}^k A_i\,x^{i-1} + \sum_{\ell=1}^{t-1} R^{(A)}_{\ell} x^{k^2+\ell-1} \ g_B(x) &= \sum_{j=1}^k B_j\,x^{k(j-1)} + \sum_{\ell=1}^{t-1} R^{(B)}_{\ell} x^{k^2+\ell-1} \end{aligned}$

where $R^{(A)}_{\ell}$ and $R^{(B)}_{\ell}$ are fresh, independent random matrices ("Beaver triple" blocks) used to achieve perfect masking.

Server assignment: Publicly choose $N$ distinct field elements $\alpha_1, \ldots, \alpha_N$ . Each server $n$ receives $g_A(\alpha_n)$ and $g_B(\alpha_n)$ .
Local compute: Server $n$ computes

$M(\alpha_n) = g_A(\alpha_n)^{\top} g_B(\alpha_n) \in \mathbb{F}^{(m/k) \times (m/k)}$

The polynomial product $g_A(x)^{\top}g_B(x)$ expands as

$M(x) = \sum_{\nu} M_{\nu}x^{\nu}$

The block $A_i^{\top}B_j$ appears as $M_{(i-1)+k(j-1)}$ , while all other coefficients depend on at least one mask $R^{(\cdot)}$ , rendering them statistically indistinguishable from uniform noise.

Client interpolation: The responses $\{M(\alpha_n)\}$ for $n = 1, \ldots, N$ enable the client to perform sparse (block) polynomial interpolation: solving a linear system to recover the $k^2$ desired $A_i^{\top}B_j$ blocks, thereby reconstructing $A^{\top}B$ .

3. Information-Theoretic Secrecy, Optimality, and Thresholds

The PSMM protocol realizes perfect privacy due to the masking polynomials:

Secrecy against $t-1$ colluding servers: Such a coalition sees up to $t-1$ evaluations of each polynomial. By the standard properties of Shamir secret sharing and Lagrange interpolation, these are jointly uniform over the space of all possible evaluations, given the degree of the masking terms, and thus independent of the true secret blocks. This holds by a direct entropy argument.
Threshold optimality: The client must recover all $k^2$ coefficients of $M(x)$ corresponding to $A_i^{\top}B_j$ , and there are a total of $N$ nonzero coefficients (as above). A converse result shows that no protocol (within the coded computing model and selected constraints) can require fewer server responses. Thus PSMM is recovery threshold optimal (He et al., 14 Jan 2026).
Explicit resource bounds:

| Metric | Value | |------------------------------------|--------------------------------------------------------------------------| | Per-server storage | $2 m^2 / k$ elements | | Upload per server | $2 m^2 / k$ elements | | Download per server | $(m/k)^2$ elements | | Total communication | $N \cdot (2m^2 / k + (m/k)^2)$ | | Server compute (naive) | $O((m/k)^3)$ multiplications | | Client decode | $O(N^2\cdot (m/k)^2)$ (Vandermonde, $O(N\log^2 N\cdot (m/k)^2)$ fast) |

4. Learning-Augmented PSMM (LA-PSMM) via Low-Rank Decomposition

A fundamental extension of PSMM, termed "learning-augmented PSMM" (LA-PSMM), integrates any bilinear computation protocol for local block multiplication, including learned decompositions and classical algorithms (e.g., Strassen's algorithm, or neural-network-discovered low-rank schemes).

Bilinear form generalization: If for block inputs $A, B$ , one can express

$\operatorname{vec}(C) = \sum_{r=1}^T \langle u_r, \operatorname{vec}(A) \rangle \cdot \langle v_r, \operatorname{vec}(B) \rangle \cdot w_r$

for vectors $u_r, v_r, w_r$ , then each server computes

$M(\alpha_n) = \sum_{r=1}^T \langle u_r, \operatorname{vec}(g_A(\alpha_n)) \rangle \langle v_r, \operatorname{vec}(g_B(\alpha_n)) \rangle \cdot \operatorname{mat}(w_r)$

instead of a naive matrix multiplication.

Security invariance: The masking and recovery structure is operator-invariant. Thus, regardless of the internal bilinear implementation, information-theoretic privacy and exact recovery are unchanged.
Computational gain: If rank $T \ll (m/k)^3$ , per-server compute drops to $O(T \cdot m^2 / k)$ . Empirically, reductions in server computation of up to $70$-- $80\%$ have been realized in large-scale settings ( $m$ up to $4096$, $k=8$ , $t=4$ , $N=98$ ) using learned decompositions (He et al., 14 Jan 2026).

5. Comparison with Prior PSMM Constructions

The introduced PSMM framework matches or improves upon all known information-theoretic limits for matrix-matrix multiplication under local storage constraints.

Optimality: Threshold and privacy match established lower bounds in the coded computing model (e.g., Akbari-Nodehi & Maddah-Ali, 2021).
Extensibility: The masking and interpolation methods admit incorporation of advanced block multiplication schemes without affecting security.
Practical impact: Drastic compute reductions—particularly as matrix size grows and low-rank or structured approaches scale—address major bottlenecks in large-scale multiparty computations.

A selection of related protocols and their distinguishing features is provided below:

Protocol/Reference	Threshold Optimality	Storage Constraint	Secrecy Model	Block Compute	Notable Techniques
(He et al., 14 Jan 2026)	Yes	$1/k$	Perfect, $t-1$ colluders	LA-PSMM (Arbitrary T)	Sparse masking, coefficient alignment
(Kakar et al., 2018)	Close-to-optimal	Flexible partition	Perfect, $\ell$ colluders	Classical (partition)	Aligned secret sharing
(Hofmeister et al., 2021), SRPM3	Adaptive	Fountain/rate-adapt	Double-sided private/ $z$ malicious	Classical	Fountain coding, Freivalds' algorithm
(Chen et al., 2020)	Batch, strong sec.	Coded	Worker/master/privacy, inter-server	Strassen/batch-aware	Noise alignment, cross-subspace alignment

6. Practical and Theoretical Considerations

The PSMM protocol achieves extremely favorable trade-offs:

Communication: Upload/download per server is minimal for the storage constraint; total communication is proportional to $N$ .
Compute: Complexity per server is tunable by choice of block and decomposition size, with substantial empirical gains observed in large-scale settings.
Resilience: Protocol is maximally robust to collusions below threshold $t$ . The recovery threshold is information-theoretic optimal.

The methodology directly supports further improvements via integration with adaptive rate, batch processing, and locally optimized bilinear forms (including those discovered by ML).

7. Future Directions and Open Problems

Several research directions remain:

Adversarial extensions: While the protocol protects against semi-honest adversaries, malicious robustness (e.g., with codeword consistency checks or advanced verification) is active research (Hofmeister et al., 2021).
Quantum extensions: Information-theoretically secure quantum protocols for matrix multiplication, such as those employing Fourier-entangled states and entanglement-bondage honesty checks, offer unconditional security guarantees in the malicious setting, albeit with larger resource demands (Liu et al., 2023).
General bilinear computation: Extending PSMM to coded convolution, tensor products, and more general multilinear forms is an open avenue.
Communication and complexity minimization: For certain parameter regimes, more efficient schemes (e.g., field-trace-based) can yield lower download/upload ratios for small block sizes or special matrix dimensions (Machado et al., 2021). Quantitative lower bounds in the non-classical, e.g., subfield-trace, model are under investigation.

The learning-augmented PSMM protocol marks a significant advancement by enabling perfect, information-theoretic secrecy in distributed matrix-matrix multiplication while supporting scalable compute efficiency without compromise to privacy or recoverability (He et al., 14 Jan 2026).