To compute directly on encrypted data and keep the cryptographic key distributed – an easy, efficient and elegant solution
To safeguard private data in the cloud and within collaborative solutions. In many situations businesses (or individuals) are generally reluctant to reveal private information. Usually with good reason: such information can be exploited by others in the market, but can also be misused in unforeseen ways in the future. While collecting sensitive data across competing companies or/and end users are instrumental for creating value, there is always a potential danger that private information may leak and be aggregated across time.
An auction is all about coordinating confidential information across competing companies and individuals in order to set prices and match buyers and sellers
Confidential statistics is all about coordinating confidential information across competing companies and individuals to compute statistics that leads to better decisions.
Modern market solutions and data driven decision systems rely on more and more confidential data to facilitate better decision making. Typically, the most confidential data are the best data. Confidential and trustworthy use of such data leads to better services.
How Partisia enhances privacy by fundamentally parting with the idea that one needs to trust in individuals or organizations to coordinate or compute on private information. The confidential information will be encrypted and remain encrypted forever! The required coordination will be performed directly on the encrypted information by a network of servers located at different organizations, where no single server knows the decryption key.
Secure Multiparty Computation (MPC) is a technology that allows you to compute on encrypted numbers. This might sound impossible at first – but in fact, by using the right kind of cryptography, it is not. MPC allows a number of servers to jointly compute any function without learning the inputs to the function. As an example, MPC allows a number of servers to jointly compute the result of an auction without learning the bids submitted to the auction. This is achieved by providing each server with only partial information on each bid. The partial information given to a single server (in some cases even several servers) reveals nothing about the actual bid. Nevertheless, using the right cryptographic tools, the servers can work together and compute the result.
One such cryptographic tool is called secret sharing. Suppose that a secret x=42 is to be shared among 2 servers. If we choose two random numbers x1 and x2 such that x=x1+x2 (e.g. x1=50 and x2= -8) and give x1 to the first server and x2 to the second, then neither server will know the secret x. Indeed, the first server only learns the number 50, and from its point of view, the other number could be any integer. Of course, 50 + anything can result in anything. Similarly we might secret share another number y=23 between the two servers (e.g. y1=20 and y2=3). The two servers can now compute x+y and make this, without either server learning x nor y. The first server simply computes x1+y1 and sends the result to the second server, which can then compute x1+y1+x2+y2=x+y – all of this without any server learning anything about x nor y, other than the sum.
A central result in cryptography is that the ideas behind secret sharing can be extended to allow the computation of any function that a traditional computer can compute. Of course, due to the fact that computation is distributed across a number of servers, performance suffers. The technological building block behind Partisia is a robust and efficient implementation of these cryptographic ideas. This implementation provides confidentiality of encrypted data to a level that corresponds to modern commercial cryptographic primitives such as RSA and AES.
Securing input confidentiality in a computation like an auction would traditionally (without MPC) be done in two separate steps: 1) encrypting the bids in transit from the bidder to the auctioneer (but decrypted when they arrive at the auctioneer), and 2) ensuring that the auctioneer keeps the bids confidential. The latter is normally ensured by enforcing security policies restricting which employees of the auctioneer have access to the bids and when. Unfortunately, this latter step is notoriously hard, and consequently the realized solution only provides shallow confidentiality.Using secure multiparty computation this latter part can be entirely avoided. Bids are never decrypted. No complex security policies are required. We call this deep confidentiality.
This is the essence of secure multiparty computation. It provides a high degree of security, simple administration and consequently efficient deployment of solutions needed for confidential handling of data.
In traditional market or data solutions, there will always be insiders with access to confidential information such as private bids or personal data. Corrupt or negligent insiders pose a serious security threat to such market and data solutions through disclosure of otherwise protected information. This can have a devastating effect on the efficiency of e.g. an auction.
Our innovative software solutions completely remove the insider threat using deep confidentiality. This means that bids or data are encrypted upon submission and never decrypted. The computation involved in clearing the auction or solving the data problem are done entirely on encrypted values, which is made possible by the unique MPC Technology.
To give an example, development aid to a third world country will typically results in a procurement process in the receiver country. While sealed bidding may enhance the competition it clearly requires that non of the participants in the procurement process, gain access to the sealed information. However, the persons in control of the administration have full access to this information and may, as such, be subject for bribery. Our solution can effectively avoid this situation while still leaving the administration of the procurement process to the receiver country.
The control of information can be guaranteed simply by requiring nothing but the use of a trading platform based on the unique MPC technology. Hereby, the submitted bids will remain encrypted and the required computations be done directly on the encrypted information. The result of the procurement auction is revealed to all relevant parties simultaneously. Although the receiver country administrates the trading, they cannot compromise the trading system. The country or organization that provides the aid is in full control of the trading system without being involved in the administration.