Your confidential answers stay encrypted at all time
As part of the EU project PRACTICE, Partisia has developed a SMC based secure survey system together with the Estonian R&D company Cybernetica. The secure survey system is based on secure multiparty computation and ensures that all individual answers are kept confidential by encrypting them on submission keeping them encrypted at all times. Only the aggregated statistics are decrypted and revealed.
Survey systems are used intensively to capture stated preferences from customers, employees, companies etc. In general, the revealed/public result from a survey is various statistics pointing at patterns or trends while individual answers are kept confidential. Traditionally, this level of confidentiality is ensured by consultants paid to take the role as trustee. There are also cloud based survey systems such as ”Survey Monkey” that allows users to conduct their own survey, though without any enforcements against leakages of confidential information.
Secure multiparty computation add values in two ways: First, the survey system is a distributed cloud computing system that does not provide the individual cloud services to access confidential information at any time (it is kept encrypted). Second, the control of the individual cloud computing instances (hosted by independent cloud service providers), are distributed among independent ”trustees”, each knowing no more than the individual cloud service provider. In this way we add value to existing cloud based surveys by a secure approach to cloud computing and by a built-in trustee function. For the traditional consultant, we add value by opening up for secure use of cloud computing and by the possibility of outsourcing the trustee role.
The secure survey web service is furthermore designed to run on two different secure multiparty computation engines: Sharemind (offered by Cybernetica) and Fresco/SPDZ (offered by Partisia). The two secure multiparty computation engines differ in terms of number of servers used and security level. Sharemind runs on three servers and Fresco/SPDZ runs on two servers and provides a higher level of security.
The survey system was used for the first time for real-life surveys in the summer 2015. Contact Partisia to hear more and try out the survey system.
The survey module allows for classical surveys. The answers are encrypted when they leave the respondent’s computer and remains strongly encrypted at all time. All computations involved in collecting and analysing the submitted answers are solved without decrypting the data.
The analysis is conducted directly on the encrypted data and only the resulting report is revealed to the predefined recipient. The interactive report includes averages, distribution of answers, conditional averages and distribution as well as statistical correlation between answers.
The security is based on Secure Multiparty Computation and the type of encryption is called secret sharing and has even stronger properties than traditional encryption.
The system is based on several, independent servers computing the results together without sharing data. This architecture prevents leaks of confidential information by any of the servers involved. Unauthorized access to the encrypted data requires hacking multiple servers controlled by independent organisations – there is simply no confidential data on any of the servers and no single point of failure!