# The Partisia Way

###### – a secure, simple and efficient solution

### Secure

To compute directly on encrypted data and keep the cryptographic key distributed – an easy, efficient and elegant solution

##### Why

To safeguard private data in the cloud and within collaborative solutions. In many situations businesses (or individuals) are generally reluctant to reveal private information. Usually with good reason: such information can be exploited by others in the market, but can also be misused in unforeseen ways in the future. While collecting sensitive data across competing companies or/and end users are instrumental for creating value, there is always a potential danger that private information may leak and be aggregated across time.

An auction is all about coordinating confidential information across competing companies and individuals in order to set prices and match buyers and sellers

Confidential statistics is all about coordinating confidential information across competing companies and individuals to compute statistics that leads to better decisions.

Modern market solutions and data driven decision systems rely on more and more confidential data to facilitate better decision making. Typically, the most confidential data are the best data. Confidential and trustworthy use of such data leads to better services.

##### How

Partisia enhances privacy by fundamentally parting with the idea that one needs to trust in individuals or organizations to coordinate or compute on private information. The confidential information will be encrypted and remain encrypted forever! The required coordination will be performed directly on the encrypted information by a network of servers located at different organizations, where no single server knows the decryption key.

### Simple

The matching, pricing or statistics are computed on encrypted data, hereby the complex security policies you need in traditional solutions, are reduced to safeguarding a cryptographic key.

Simple Security Policy: Traditional administration of private information is expensive due to complex security policies – both in terms of information technology and in terms of addressing the potential problems of collusive behavior. With Partisia Solutions the security policy is reduced to a minimum. All private information is kept encrypted at all times, and the cryptographic decryption key is distributed in such a way that each organization is given a so-called share of it. Thus, the security policy is reduced to safeguarding a single piece of information. That piece of information is not useful in itself, as it only works in conjunction with the other shares. Thus, no valuable knowledge is left at the administrator’s site.

As participant one simply have consider use or misuse of the result produced by the service and not the use/misuse of the submitted raw data that remain encrypted.

### Efficient

The secure and simple central coordination makes it an efficient solution for all parties

##### Secure + Simple = Efficient

No private information is available at any time, for which reason security policies are simplified. This makes it possible not only to reduce administrative costs but also to distribute it. After having found the right matches and prices, the result is made public to the parties involved while the private information remains encrypted forever. Therefore, the surrounding administration involves no confidentiality concerns as such and may be handled by anyone – for instance the market participants themselves.

### Computing without looking

Secure Multiparty Computation (SMC) is a technology that allows you to compute on encrypted numbers. This might sound impossible at first – but in fact, by using the right kind of cryptography, it is not.SMC allows a number of servers to jointly compute any function without learning the inputs to the function. As an example, SMC allows a number of servers to jointly compute the result of an auction without learning the bids submitted to the auction. This is achieved by providing each server with only partial information on each bid. The partial information given to a single server (in some cases even several servers) reveals nothing about the actual bid. Nevertheless, using the right cryptographic tools, the servers can work together and compute the result.

### Secret sharing

One such cryptographic tool is called secret sharing. Suppose that a secret *x*=42 is to be shared among 2 servers. If we choose two random numbers *x*_{1} and *x*_{2} such that *x*=*x*_{1}+*x*_{2} (e.g. *x*_{1}=50 and *x*_{2}= -8) and give *x*_{1} to the first server and *x*_{2} to the second, then neither server will know the secret *x*. Indeed, the first server only learns the number 50, and from its point of view, the other number could be any integer. Of course, 50 + anything can result in anything.Similarly we might secret share another number *y*=23 between the two servers (e.g. *y*_{1}=20 and *y*_{2}=3). The two servers can now compute *x*+*y* and make this, without either server learning *x* nor *y*. The first server simply computes *x*_{1}+*y*_{1} and sends the result to the second server, which can then compute *x*_{1}+*y*_{1}+*x*_{2}+*y*_{2}=*x*+*y* – all of this without any server learning anything about *x* nor *y*, other than the sum.

### Any function

A central result in cryptography is that the ideas behind secret sharing can be extended to allow the computation of any function that a traditional computer can compute. Of course, due to the fact that computation is distributed across a number of servers, performance suffers.The technological building block behind Partisia Market Design is a robust and efficient implementation of these cryptographic ideas. This implementation provides confidentiality of encrypted data to a level that corresponds to modern commercial cryptographic primitives such as RSA and AES.

### Deep confidentiality

Securing input confidentiality in a computation like an auction would traditionally (without SMC) be done in two seperate steps: 1) encrypting the bids in transit from the bidder to the auctioneer (but decrypted when they arrive at the auctioneer), and 2) ensuring that the auctioneer keeps the bids confidential. The latter is normally ensured by enforcing security policies restricting which employees of the auctioneer have access to the bids and when. Unfortunately, this latter step is notoriously hard, and consequently the realized solution only provides shallow confidentiality.Using secure multiparty computation this latter part can be entirely avoided. Bids are never decrypted. No complex security policies are required. We call this deep confidentiality.

This is the essence of secure multiparty computation. It provides a high degree of security, simple administration and consequently efficient deployment of solutions needed for confidential handling of data.

#### Our technology removes the insider threat

In traditional auction solutions, there will always be insiders with access to confidentialinformation such as private bids. Corrupt or negligent insiders pose a serious security threat to auctions through disclosure of otherwise protected information. This can have a devastating effect on the efficiency of an auction.Our innovative software solutions completely remove the insider threat using deep confidentiality. This means that bids are encryptedupon submission and never decrypted. The computation involved in clearing the auction is done entirely on encrypted values, which is made possible by the unique SMC Technology.

#### Preventing corruption across boarders

To give an example, development aid to a third world country will typically results in a procurement process in the receiver country. While sealed bidding may enhance the competition it clearly requires that non of the participants in the procurement process, gain access to the sealed information. However, the persons in control of the administration have full access to this information and may, as such, be subject for bribery. Our solution can effectively avoid this situation while still leaving the administration of the procurement process to the receiver country.

The control of information can be guaranteed simply by requiring nothing but the use of a trading platform based on the unique SMC technology. Hereby, the submitted bids will remain encrypted and the required computations be done directly on the encrypted information. The result of the procurement auction is revealed to all relevant parties simultaneously. Although the receiver country administrates the trading, they cannot compromise the trading system. The country or organization that provides the aid is in full control of the trading system without being involved in the administration.